5/6/2016 2016 Firebrand
CISM
Certified Information
Security Manager
Firebrand Custom Designed Courseware
5/6/2016 2016 Firebrand
Logistics
Start Time
Breaks
End Time
Fire escapes
Instructor
Introductions
5/6/2016 2016 Firebrand
Introduction to Information Security
Management
5/6/2016 2016 Firebrand
Course Mission
Educational Value
Both theoretical and practical
Up-to-date
Relevant
5/6/2016 2016 Firebrand
CISM
Certified Information Security Manager
Designed for personnel that have (or want to
have) responsibility for managing an
Information Security program
Tough but very good quality examination
Requires understanding of the concepts
behind a security program not just the
definitions
5/6/2016 2016 Firebrand
CISM Exam Review Course Overview
The CISM Exam is based on the
CISM job practice.
The ISACA CISM Certification
Committee oversees the
development of the exam and
ensures the currency of its
content.
There are four content areas
that the CISM candidate is
expected to know.
5/6/2016 2016 Firebrand
Job Practice Areas
5/6/2016 2016 Firebrand
Domain Structure
Information Security
Governance
Information Security
Incident
Management
Information
Risk
Management and Compliance
Information Security Program
Development and Management
Mandates
Requires
Deploys
Reports To
Influences
5/6/2016 2016 Firebrand
CISM Qualifications
To earn the CISM designation, information security
professionals are required to:
Successfully pass the CISM exam
Adhere to the ISACA Code of Professional Ethics
Agree to comply with the CISM continuing education
policy
Submit verified evidence of five (5) years of work
experience in the field of information security.
5/6/2016 2016 Firebrand
The Examination
The exam consists of 200 multiple choice
questions that cover the CISM job practice
areas.
Four hours are allotted for completing the
exam
See the Job Practice Areas including task
Statements and Knowledge Statements listed
on the ISACA website
5/6/2016 2016 Firebrand
Examination Day
Be on time!!
The doors are locked when the instructions start
approximately 30 minutes before examination start
time.
Bring the admission ticket (sent out prior to the
examination from ISACA) and an acceptable form of
original photo identification (passport, photo id or
drivers license).
5/6/2016 2016 Firebrand
Completing the Examination Items
Bring several #2 pencils and an eraser
Read each question carefully
Read ALL answers prior to selecting the BEST answer
Mark the appropriate answer on the test answer
sheet.
When correcting an answer be sure to thoroughly
erase the wrong answer before filling in a new one.
There is no penalty for guessing. Answer every
question.
5/6/2016 2016 Firebrand
Grading the Exam
Candidate scores are reported as a scaled score
based on the conversion of a candidates raw score
on an exam to a common scale.
ISACA uses and reports scores on a common scale
from 200 to 800. A candidate must receive a score
of 450 or higher to pass.
Exam results will be mailed (and emailed) out
approximately 6-8 weeks after the exam date.
Good Luck!
5/6/2016 2016 Firebrand
End of Introduction
Welcome to the CISM course!!
5/6/2016 2016 Firebrand
2016 CISM Review Course
Chapter 1
Information Security Governance
5/6/2016 2016 Firebrand
Information Security Management
The responsible protection of the information assets
of the organization
Supporting Security Governance and risk
management
Adoption of a security framework and standards
16ISACA CISM Review Manual Page 14
5/6/2016 2016 Firebrand
Governance
Governance:
Ensures that stakeholders needs, conditions and
options are evaluated to determine balanced,
agreed-on enterprise objectives to be achieved:
Setting direction through prioritization and
decision-making:
Monitoring performance and compliance against
agreed-on directions and objectives
ISACA CISM Review Manual Page 14
5/6/2016 2016 Firebrand
Examination Content
The CISM Candidate understands:
Effective security governance framework
Building and deploying a security strategy aligned with
organizational goals
Manage risk appropriately
Responsible management of program resources
The content area in this chapter will represent
approximately 24% of the CISM examination
(approximately 48 questions).
ISACA CISM Review Manual Page 14
5/6/2016 2016 Firebrand
Learning Objectives
Align the organizations Information security strategy with
business goals and objectives
Obtain Senior Management commitment
Provide support for:
Governance
Business cases to justify security
Compliance with legal and regulatory mandates
ISACA CISM Review Manual Page 14
5/6/2016 2016 Firebrand
Learning Objectives cont.
Provide support for:
Organizational priorities and strategy
Identify drivers affecting the organization
Define roles and responsibilities
Establish metrics to report on effectiveness of the
security strategy
ISACA CISM Review Manual Page 14
5/6/2016 2016 Firebrand
CISM Priorities
The CISM must understand:
Requirements for effective information security
governance
Elements and actions required to:
Develop an information security strategy
Plan of action to implement it
ISACA CISM Review Manual Page 14
5/6/2016 2016 Firebrand
Information Security Governance
Information is indispensable to conduct business
effectively today
Information must be:
Available
Have Integrity of data and process
Be kept confidential as needed
Protection of information is a responsibility of the
Board of Directors
ISACA CISM Review Manual Page 31
5/6/2016 2016 Firebrand
Information Security
Information Protection includes:
Accountability
Oversight
Prioritization
Risk Management
Compliance (Regulations and Legislation)
ISACA CISM Review Manual Page 31
5/6/2016 2016 Firebrand
Information Security Governance
Overview
Information security is much more than just IT
security (more than technology)
Information must be protected at all levels of the
organization and in all forms
Information security is a responsibility of everyone
In all forms paper, fax, audio, video, microfiche,
networks, storage media, computer systems
ISACA CISM Review Manual Page 31
5/6/2016 2016 Firebrand
Security Program Priorities
Achieve high standards of corporate
governance
Treat information security as a critical
business issue
Create a security positive environment
Have declared responsibilities
5/6/2016 2016 Firebrand
Security versus Business
Security must be aligned with business needs
and direction
Security is woven into the business functions
Provides
Strength
Resilience
Protection
Stability
Consistency
5/6/2016 2016 Firebrand
Security Program Objectives
Ensure the availability of systems and data
Allow access to the correct people in a
timely manner
Protect the integrity of data and business
processes
Ensure no improper modifications
Protect confidentiality of information
Unauthorized disclosure of information
Privacy, trade secrets,
5/6/2016 2016 Firebrand
Selling the Importance of Information
Security
Benefits of effective information security governance
include:
Improved trust in customer relationships
Protecting the organizations reputation
Better accountability for safeguarding information
during critical business activities
Reduction in loss through better incident handling
and disaster recovery
ISACA CISM Review Manual Page 31
5/6/2016 2016 Firebrand
The First Priority for the CISM
Remember that Information Security is a business-
driven activity.
Security is here to support the interests and needs
of the organization not just the desires of security
Security is always a balance between cost and
benefit; security and productivity
ISACA CISM Review Manual Page 31
5/6/2016 2016 Firebrand
Corporate Governance
5/6/2016 2016 Firebrand
Business Goals and Objectives
Corporate governance is the set of
responsibilities and practices exercised by
the board and executive management
Goals include:
Providing strategic direction
Reaching security and business objecti
