Prepare to pass the Certified Information Security Manager (CISM) exam. Explore the detailed information you need to prepare for the Information Risk Management exam domain.
Certified Information Security Manager (CISM) Cert Prep: 2 Information Security Risk Management
Overview
Syllabus
Introduction
- Information security risk management
- What you need to know
- Study resources
- Risk assessment
- Quantitative risk assessment
- Information classification
- Risk treatment options
- Security control selection and implementation
- Ongoing risk management
- Risk management frameworks
- Risk visibility and reporting
- Comparing viruses, worms, and Trojans
- Malware payloads
- Understanding backdoors and logic bombs
- Botnets
- Advanced persistent threats
- Cybersecurity adversaries
- Preventing insider threats
- Threat intelligence
- Denial of service attacks
- Eavesdropping attacks
- DNS attacks
- Layer 2 attacks
- Network address spoofing
- Password attacks
- Password spraying and credential stuffing
- Watering hole attacks
- Social engineering
- Impersonation attacks
- Physical social engineering
- What is vulnerability management?
- Identify scan targets
- Scan configuration
- Scan perspective
- Security Content Automation Protocol (SCAP)
- Common Vulnerability Scoring System (CVSS)
- Analyzing scan reports
- Correlating scan results
- Security awareness training
- Compliance training
- User habits
- Measuring compliance and security posture
- Awareness program reviews
- Business continuity planning
- Business continuity controls
- High availability and fault tolerance
- Disaster recovery planning
- Backups
- Restoring backups
- Disaster recovery sites
- Testing BC/DR plans
- Managing vendor relationships
- Vendor agreements
- Vendor information management
- Audits and assessments
- Cloud audits
- Legal and compliance risks
- Privacy compliance
- Data breaches
- Intellectual property
- Continuing your studies
Taught by
Mike Chapple
