Click here to load reader

CISM - Firebrand · PDF fileTo earn the CISM designation, information security professionals are required to: •Successfully pass the CISM exam •Adhere to the ISACA Code of Professional

  • View
    220

  • Download
    0

Embed Size (px)

Text of CISM - Firebrand · PDF fileTo earn the CISM designation, information security professionals...

  • 5/6/2016 2016 Firebrand

    CISM

    Certified Information

    Security Manager

    Firebrand Custom Designed Courseware

  • 5/6/2016 2016 Firebrand

    Logistics

    Start Time

    Breaks

    End Time

    Fire escapes

    Instructor

    Introductions

  • 5/6/2016 2016 Firebrand

    Introduction to Information Security

    Management

  • 5/6/2016 2016 Firebrand

    Course Mission

    Educational Value

    Both theoretical and practical

    Up-to-date

    Relevant

  • 5/6/2016 2016 Firebrand

    CISM

    Certified Information Security Manager

    Designed for personnel that have (or want to

    have) responsibility for managing an

    Information Security program

    Tough but very good quality examination

    Requires understanding of the concepts

    behind a security program not just the

    definitions

  • 5/6/2016 2016 Firebrand

    CISM Exam Review Course Overview

    The CISM Exam is based on the

    CISM job practice.

    The ISACA CISM Certification

    Committee oversees the

    development of the exam and

    ensures the currency of its

    content.

    There are four content areas

    that the CISM candidate is

    expected to know.

  • 5/6/2016 2016 Firebrand

    Job Practice Areas

  • 5/6/2016 2016 Firebrand

    Domain Structure

    Information Security

    Governance

    Information Security

    Incident

    Management

    Information

    Risk

    Management and Compliance

    Information Security Program

    Development and Management

    Mandates

    Requires

    Deploys

    Reports To

    Influences

  • 5/6/2016 2016 Firebrand

    CISM Qualifications

    To earn the CISM designation, information security

    professionals are required to:

    Successfully pass the CISM exam

    Adhere to the ISACA Code of Professional Ethics

    Agree to comply with the CISM continuing education

    policy

    Submit verified evidence of five (5) years of work

    experience in the field of information security.

  • 5/6/2016 2016 Firebrand

    The Examination

    The exam consists of 200 multiple choice

    questions that cover the CISM job practice

    areas.

    Four hours are allotted for completing the

    exam

    See the Job Practice Areas including task

    Statements and Knowledge Statements listed

    on the ISACA website

  • 5/6/2016 2016 Firebrand

    Examination Day

    Be on time!!

    The doors are locked when the instructions start

    approximately 30 minutes before examination start

    time.

    Bring the admission ticket (sent out prior to the

    examination from ISACA) and an acceptable form of

    original photo identification (passport, photo id or

    drivers license).

  • 5/6/2016 2016 Firebrand

    Completing the Examination Items

    Bring several #2 pencils and an eraser

    Read each question carefully

    Read ALL answers prior to selecting the BEST answer

    Mark the appropriate answer on the test answer

    sheet.

    When correcting an answer be sure to thoroughly

    erase the wrong answer before filling in a new one.

    There is no penalty for guessing. Answer every

    question.

  • 5/6/2016 2016 Firebrand

    Grading the Exam

    Candidate scores are reported as a scaled score

    based on the conversion of a candidates raw score

    on an exam to a common scale.

    ISACA uses and reports scores on a common scale

    from 200 to 800. A candidate must receive a score

    of 450 or higher to pass.

    Exam results will be mailed (and emailed) out

    approximately 6-8 weeks after the exam date.

    Good Luck!

  • 5/6/2016 2016 Firebrand

    End of Introduction

    Welcome to the CISM course!!

  • 5/6/2016 2016 Firebrand

    2016 CISM Review Course

    Chapter 1

    Information Security Governance

  • 5/6/2016 2016 Firebrand

    Information Security Management

    The responsible protection of the information assets

    of the organization

    Supporting Security Governance and risk

    management

    Adoption of a security framework and standards

    16ISACA CISM Review Manual Page 14

  • 5/6/2016 2016 Firebrand

    Governance

    Governance:

    Ensures that stakeholders needs, conditions and

    options are evaluated to determine balanced,

    agreed-on enterprise objectives to be achieved:

    Setting direction through prioritization and

    decision-making:

    Monitoring performance and compliance against

    agreed-on directions and objectives

    ISACA CISM Review Manual Page 14

  • 5/6/2016 2016 Firebrand

    Examination Content

    The CISM Candidate understands:

    Effective security governance framework

    Building and deploying a security strategy aligned with

    organizational goals

    Manage risk appropriately

    Responsible management of program resources

    The content area in this chapter will represent

    approximately 24% of the CISM examination

    (approximately 48 questions).

    ISACA CISM Review Manual Page 14

  • 5/6/2016 2016 Firebrand

    Learning Objectives

    Align the organizations Information security strategy with

    business goals and objectives

    Obtain Senior Management commitment

    Provide support for:

    Governance

    Business cases to justify security

    Compliance with legal and regulatory mandates

    ISACA CISM Review Manual Page 14

  • 5/6/2016 2016 Firebrand

    Learning Objectives cont.

    Provide support for:

    Organizational priorities and strategy

    Identify drivers affecting the organization

    Define roles and responsibilities

    Establish metrics to report on effectiveness of the

    security strategy

    ISACA CISM Review Manual Page 14

  • 5/6/2016 2016 Firebrand

    CISM Priorities

    The CISM must understand:

    Requirements for effective information security

    governance

    Elements and actions required to:

    Develop an information security strategy

    Plan of action to implement it

    ISACA CISM Review Manual Page 14

  • 5/6/2016 2016 Firebrand

    Information Security Governance

    Information is indispensable to conduct business

    effectively today

    Information must be:

    Available

    Have Integrity of data and process

    Be kept confidential as needed

    Protection of information is a responsibility of the

    Board of Directors

    ISACA CISM Review Manual Page 31

  • 5/6/2016 2016 Firebrand

    Information Security

    Information Protection includes:

    Accountability

    Oversight

    Prioritization

    Risk Management

    Compliance (Regulations and Legislation)

    ISACA CISM Review Manual Page 31

  • 5/6/2016 2016 Firebrand

    Information Security Governance

    Overview

    Information security is much more than just IT

    security (more than technology)

    Information must be protected at all levels of the

    organization and in all forms

    Information security is a responsibility of everyone

    In all forms paper, fax, audio, video, microfiche,

    networks, storage media, computer systems

    ISACA CISM Review Manual Page 31

  • 5/6/2016 2016 Firebrand

    Security Program Priorities

    Achieve high standards of corporate

    governance

    Treat information security as a critical

    business issue

    Create a security positive environment

    Have declared responsibilities

  • 5/6/2016 2016 Firebrand

    Security versus Business

    Security must be aligned with business needs

    and direction

    Security is woven into the business functions

    Provides

    Strength

    Resilience

    Protection

    Stability

    Consistency

  • 5/6/2016 2016 Firebrand

    Security Program Objectives

    Ensure the availability of systems and data

    Allow access to the correct people in a

    timely manner

    Protect the integrity of data and business

    processes

    Ensure no improper modifications

    Protect confidentiality of information

    Unauthorized disclosure of information

    Privacy, trade secrets,

  • 5/6/2016 2016 Firebrand

    Selling the Importance of Information

    Security

    Benefits of effective information security governance

    include:

    Improved trust in customer relationships

    Protecting the organizations reputation

    Better accountability for safeguarding information

    during critical business activities

    Reduction in loss through better incident handling

    and disaster recovery

    ISACA CISM Review Manual Page 31

  • 5/6/2016 2016 Firebrand

    The First Priority for the CISM

    Remember that Information Security is a business-

    driven activity.

    Security is here to support the interests and needs

    of the organization not just the desires of security

    Security is always a balance between cost and

    benefit; security and productivity

    ISACA CISM Review Manual Page 31

  • 5/6/2016 2016 Firebrand

    Corporate Governance

  • 5/6/2016 2016 Firebrand

    Business Goals and Objectives

    Corporate governance is the set of

    responsibilities and practices exercised by

    the board and executive management

    Goals include:

    Providing strategic direction

    Reaching security and business objecti