CISM: Certified Information Security Manager

Get ready for your exam by enrolling in our comprehensive training course. This course includes a full set of instructional videos designed to equip you with in-depth knowledge essential for passing the certification exam with flying colors.

$14.99 / $24.99

Course Introduction

1. Course Introduction
1m 2s

Domain 01 - Information Security Governance

1. Lesson 1: Information Security Governance Overview
53s
2. Information Security Governance Overview Part1
1m 12s
3. Information Security Governance Overview Part2
2m
4. Information Security Governance Overview Part3
1m 22s
5. Information Security Governance Overview Part4
1m 32s
6. Information Security Governance Overview Part5
30s
7. Importance of Information Security Governance Part1
6m 21s
8. Importance of Information Security Governance Part2
1m 19s
9. Outcomes of Information Security Governance Part1
33s
10. Outcomes of Information Security Governance Part2
1m 26s
11. Outcomes of Information Security Governance Part3
2m 45s
12. Outcomes of Information Security Governance Part4
1m 27s
13. Outcomes of Information Security Governance Part5
1m 54s
14. Outcomes of Information Security Governance Part6
1m 28s
15. Lesson 2: Effective Information Security Governance
31s
16. Business Goals and Objectives Part1
1m 31s
17. Business Goals and Objectives Part2
2m
18. Roles and Responsibilities of Senior Management Part1
1m 2s
19. Roles and Responsibilities of Senior Management Part2
43s
20. Domain Tasks Part1
1m 21s
21. Domain Tasks Part2
3m 16s
22. Business Model for Information Security Part1
45s
23. Business Model for Information Security Part2
1m 9s
24. Business Model for Information Security Part3
3m 16s
25. Business Model for Information Security Part4
1m 37s
26. Dynamic Interconnections Part1
34s
27. Dynamic Interconnections Part2
2m 55s
28. Dynamic Interconnections Part3
1m 55s
29. Dynamic Interconnections Part4
51s
30. Lesson 3: Information Security Concepts and Technologies
3m 27s
31. Information Security Concepts and Technologies Part1
2m 58s
32. Information Security Concepts and Technologies Part2
3m 25s
33. Information Security Concepts and Technologies Part3
1m 50s
34. Technologies Part1
1m 41s
35. Technologies Part2
6m 12s
36. Lesson 4: Information Security Manager
33s
37. Responsibilities
1m 48s
38. Senior Management Commitment Part1
48s
39. Senior Management Commitment Part2
2m 27s
40. Obtaining Senior Management Commitment Part1
24s
41. Obtaining Senior Management Commitment Part2
53s
42. Establishing Reporting and Communication Channels Part1
1m 13s
43. Establishing Reporting and Communication Channels Part2
1m 7s
44. Lesson 5: Scope and Charter of Information Security Governance
1m 55s
45. Assurance Process Integration and Convergence
2m 24s
46. Convergence
2m 32s
47. Governance and Third-Party Relationships
2m 38s
48. Lesson 6: Information Security Governance Metrics
56s
49. Metrics
1m 39s
50. Effective Security Metrics Part1
1m 46s
51. Effective Security Metrics Part2
1m 1s
52. Effective Security Metrics Part3
1m 51s
53. Effective Security Metrics Part4
39s
54. Security Implementation Metrics
1m 17s
55. Strategic Alignment Part1
2m 56s
56. Strategic Alignment Part2
1m 11s
57. Risk Management
1m 14s
58. Value Delivery
1m 2s
59. Resource Management Part1
47s
60. Resource Management Part2
41s
61. Performance Measurement
3m 6s
62. Assurance Process Integration/Convergence
2m 54s
63. Lesson 7: Information Security Strategy Overview
53s
64. Another View of Strategy
41s
65. Lesson 8: Creating Information Security Strategy
16s
66. Information Security Strategy
1m 22s
67. Common Pitfalls Part1
4m 38s
68. Common Pitfalls Part2
2m 19s
69. Objectives of the Information Security Strategy
1m 33s
70. What is the Goal?
1m 40s
71. Defining Objectives
1m 23s
72. Business Linkages
1m 48s
73. Business Case Development Part1
1m 44s
74. Business Case Development Part2
2m 36s
75. Business Case Development Part3
45s
76. Business Case Objectives
57s
77. The Desired State
1m 48s
78. COBIT
1m 8s
79. COBIT Controls
1m 9s
80. COBIT Framework
48s
81. Capability Maturity Model
1m 38s
82. Balanced Scorecard
1m 22s
83. Architectural Approaches
1m 3s
84. ISO/IEC 27001 and 27002
1m
85. Risk Objectives Part1
1m 39s
86. Risk Objectives Part2
3m 11s
87. Lesson 9: Determining Current State Of Security
45s
88. Current Risk Part1
2m 37s
89. Current Risk Part2
1m 11s
90. BIA
1m 11s
91. Lesson 10: Information Security Strategy Development
1m 52s
92. The Roadmap
1m 1s
93. Elements of a Strategy
3m 27s
94. Strategy Resources and Constraints
2m 46s
95. Lesson 11: Strategy Resources
32s
96. Policies and Standards
1m 1s
97. Definitions
5m 48s
98. Enterprise Information Security Architectures
1m 30s
99. Controls
3m
100. Countermeasures
55s
101. Technologies
1m 50s
102. Personnel
1m 54s
103. Organizational Structure
3m 47s
104. Employee Roles and Responsibilities
28s
105. Skills
1m 17s
106. Audits
1m 41s
107. Compliance Enforcement
2m 24s
108. Threat Assessment
1m 41s
109. Vulnerability Assessment
2m 21s
110. Risk Assessment
2m 19s
111. Insurance
2m 4s
112. Business Impact Assessment
2m 32s
113. Outsourced Security Providers
2m 57s
114. Lesson 12: Strategy Constraints
23s
115. Legal and Regulatory Requirements
1m 43s
116. Physical Constraints
2m 56s
117. The Security Strategy
1m 36s
118. Lesson 13: Action Plan to Implement Strategy
1m 13s
119. Gap Analysis Part1
1m 35s
120. Gap Analysis Part2
52s
121. Gap Analysis Part3
3m 1s
122. Policy Development Part1
1m 42s
123. Policy Development Part2
1m
124. Standards Development
2m 45s
125. Training and Awareness
35s
126. Action Plan Metrics
1m 23s
127. General Metric Considerations Part1
23s
128. General Metric Considerations Part2
35s
129. General Metric Considerations Part3
43s
130. General Metric Considerations Part4
23s
131. CMM4 Statements
2m
132. Objectives for CMM4
47s
133. Domain 01 Review
44s

Domain 02 - Information Risk Management

1. Lesson 1: Risk Management Overview
59s
2. Risk Management Overview
1m 51s
3. Types of Risk Analysis
7m 8s
4. The Importance of Risk Management
2m 14s
5. Risk Management Outcomes
1m 35s
6. Risk Management Strategy
1m 49s
7. Lesson 2: Good Information Security Risk Management
4m 14s
8. Context and Purpose
3m 8s
9. Scope and Charter
39s
10. Assets
2m 31s
11. Other Risk Management Goals
2m 2s
12. Roles and Responsibilities
2m 52s
13. Lesson 3: Information Security Risk Management Concepts
6m 6s
14. Technologies
6m 39s
15. Lesson 4: Implementing Risk Management
2m 8s
16. The Risk Management Framework
2m
17. The External Environment
1m 48s
18. The Internal Environment
2m 7s
19. The Risk Management Context
47s
20. Gap Analysis
2m 21s
21. Other Organizational Support
4m 9s
22. Risk Analysis
1m 22s
23. Lesson 5: Risk Assessment
1m 19s
24. NIST Risk Assessment Methodology
3m 49s
25. Aggregated or Cascading Risk
2m 54s
26. Other Risk Assessment Approaches
1m 18s
27. Identification of Risks
1m 49s
28. Threats
1m 8s
29. Vulnerabilities Part1
2m 11s
30. Vulnerabilities Part2
4m 10s
31. Risks
1m 36s
32. Analysis of Relevant Risks
1m 48s
34. Semi -Quantitative Analysis
1m 52s
35. Quantitative Analysis Example
4m 14s
36. Evaluation of Risks
46s
37. Risk Treatment Options
4m 39s
38. Impact
2m 59s
39. Lesson 6: Controls Countermeasures
25s
40. Controls
4m 43s
41. Residual Risk
3m 38s
42. Information Resource Valuation
1m 33s
43. Methods of Valuing Assets
1m 36s
44. Information Asset Classification
3m 32s
45. Determining Classification
2m 5s
46. Impact Part1
3m 53s
47. Impact Part2
1m 3s
48. Lesson 7: Recovery Time Objectives
49s
49. Recovery Point Objectives
4m 18s
50. Service Delivery Objectives
1m 58s
51. Third-Party Service Providers
1m 44s
52. Working with Lifecycle Processes
2m 8s
53. IT System Development
2m 12s
54. Project Management Part1
47s
55. Project Management Part2
2m 10s
56. Lesson 8: Risk Monitoring and Communication
1m 17s
57. Risk Monitoring and Communication
38s
58. Other Communications
1m 25s
59. Domain 02 Review
1m 1s

Domain 03 - Information Security Program Development

1. Introduction
31s
2. Lesson 1: Development of Information Security Program
2m 50s
3. Importance of the Program
52s
4. Outcomes of Security Program Development
1m 47s
5. Effective Information Security Program Development
4m 59s
6. Lesson 2: Information Security Program Objectives
10s
7. Cross Organizational Responsibilities
1m 55s
8. Program Objectives Part1
2m 23s
9. Program Objectives Part2
1m 18s
10. Defining Objectives Part1
2m 11s
11. Defining Objectives Part2
1m 8s
12. Lesson 3: Information Security Program Development Concepts Part1
4m 2s
13. Information Security Program Development Concepts Part2
5m 39s
14. Technology Resources
2m 44s
15. Information Security Manager
1m 25s
16. Lesson 4: Scope and Charter of Information Security Program Development
30s
17. Assurance Function Integration
1m 35s
18. Challenges in Developing Information Security Program
1m 54s
19. Pitfalls
2m 48s
20. Objectives of the Security Program
2m 6s
21. Program Goals
2m 52s
22. The Steps of the Security Program
1m 46s
23. Defining the Roadmap Part1
1m 38s
24. Defining the Roadmap Part2
58s
25. Elements of the Roadmap Part1
1m 18s
26. Elements of the Roadmap Part2
34s
27. Elements of the Roadmap Part3
1m 57s
28. Elements of the Roadmap Part4
1m 17s
29. Elements of the Roadmap Part5
18s
30. Gap Analysis
44s
31. Lesson 5: Information Security Management Framework
15s
32. Security Management Framework
4m 55s
33. COBIT 5
5m 59s
34. ISO/IEC 27001
4m 30s
35. Lesson 6: Information Security Framework Components
13s
36. Operational Components Part1
1m 56s
37. Operational Components Part2
3m 11s
38. Management Components
1m 31s
39. Administrative Components
3m 30s
40. Educational and Informational Components
1m 26s
41. Lesson 7: Information Security Program Resources
1m 32s
42. Resources
3m 27s
43. Documentation
54s
44. Enterprise Architecture Part1
4m 29s
45. Enterprise Architecture Part2
1m 54s
46. Enterprise Architecture Part3
1m 11s
47. Controls as Strategy Implementation Resources Part1
3m 42s
48. Controls as Strategy Implementation Resources Part2
2m 20s
49. Controls as Strategy Implementation Resources Part3
4m 35s
50. Controls as Strategy Implementation Resources Part4
2m 19s
51. Common Control Practices
1m 41s
52. Countermeasures
37s
53. Technologies Part1
1m 13s
54. Technologies Part2
1m 52s
55. Technologies Part3
1m 39s
56. Technologies Part4
5m 38s
57. Personnel Part1
2m
58. Personnel Part2
2m 56s
59. Security Awareness
1m 28s
60. Awareness Topics
5m 18s
61. Formal Audits
1m 16s
62. Compliance Enforcement
1m 3s
63. Project Risk Analysis
3m 9s
64. Other Actions
2m 58s
65. Other Organizational Support
1m 21s
66. Program Budgeting Part1
1m 3s
67. Program Budgeting Part2
2m 19s
68. Lesson 8: Implementing an Information Security Program
13s
69. Policy Compliance
2m 38s
70. Standards Compliance
2m 44s
71. Training and Education
1m 43s
72. ISACA Control Objectives
3m 52s
73. Third-party Service Providers Part1
1m 8s
74. Third-party Service Providers Part2
4m 22s
75. Integration into Lifecycle Processes
2m 14s
76. Monitoring and Communication
3m 33s
78. The Plan of Action Part1
1m 17s
79. The Plan of Action Part2
1m 36s
80. Lesson 9: Information Infrastructure and Architecture
53s
81. Managing Complexity Part1
4m 42s
82. Managing Complexity Part2
1m 45s
83. Objectives of Information Security Architectures Part1
1m 30s
84. Objectives of Information Security Architectures Part2
1m 15s
85. Physical and Environmental Controls
3m 32s
86. Lesson 10: Information Security Program
3m 3s
87. Information Security Program Deployment Metrics
2m 27s
88. Metrics
2m 2s
89. Strategic Alignment
53s
90. Risk Management
1m 41s
91. Value Delivery
35s
92. Resource Management
1m 23s
93. Assurance Process Integration
27s
94. Performance Measurement
41s
95. Security Baselines
38s
96. Lesson 11: Security Program Services and Operational Activities
48s
97. IS Liaison Responsibilities Part1
10m 17s
98. IS Liaison Responsibilities Part2
2m 28s
99. Cross-Organizational Responsibilities
1m 34s
100. Security Reviews and Audits Part1
3m 27s
101. Security Reviews and Audits Part2
1m 38s
102. Management of Security Technology
1m 25s
103. Due Diligence Part1
4m 10s
104. Due Diligence Part2
1m 36s
105. Compliance Monitoring and Enforcement Part1
2m 2s
106. Compliance Monitoring and Enforcement Part2
1m 46s
107. Assessment of Risk and Impact Part1
2m 17s
108. Assessment of Risk and Impact Part2
1m 28s
109. Outsourcing and Service Providers
2m 33s
110. Cloud Computing Part1
1m 37s
111. Cloud Computing Part2
1m 54s
112. Cloud Computing Part3
2m 23s
113. Integration with IT Processes
42s
114. Domain 03 Review
1m 13s

Domain 04 - Information Security Incident Management

1. Lesson 1: Incident Management Overview Part1
47s
2. Incident Management Overview Part2
3m 8s
3. Incident Management Overview Part3
3m 45s
4. Types of Events Part1
2m 44s
5. Types of Events Part2
3m 20s
6. Goals of Incident Management Part1
4m 45s
7. Goals of Incident Management Part2
6m 31s
8. Goals of Incident Management Part3
3m 26s
9. Lesson 2: Incident Response Procedures Part1
23s
10. Incident Response Procedures Part2
3m 40s
11. Importance of Incident Management
8m 1s
12. Outcomes of Incident Management
3m 50s
13. Incident Management
1m 35s
14. Concepts Part1
3m 44s
15. Concepts Part2
1m 35s
16. Concepts Part3
1m 34s
17. Incident Management Systems Part1
4m 2s
18. Incident Management Systems Part2
53s
19. Lesson 3: Incident Management Organization
2m 31s
20. Responsibilities Part1
3m 44s
21. Responsibilities Part2
2m 58s
22. Responsibilities Part3
5m 10s
23. Senior Management Commitment
1m 2s
24. Lesson 4: Incident Management Resources
25s
25. Policies and Standards
36s
26. Incident Response Technology Concepts
11m 12s
27. Personnel
3m 11s
28. Roles and Responsibilities (eNotes)
8m 24s
29. Skills
8m 9s
30. Awareness and Education
1m 20s
31. Audits
2m 49s
32. Lesson 5: Incident Management Objectives
17s
33. Defining Objectives
48s
34. The Desired State
3m 29s
35. Strategic Alignment
6m 42s
36. Other Concerns
2m 33s
37. Lesson 6: Incident Management Metrics and Indicators
5m 14s
38. Implementation of the Security Program Management
3m 1s
39. Management Metrics and Monitoring Part1
1m 35s
40. Management Metrics and Monitoring Part2
2m 48s
41. Other Security Monitoring Efforts
4m 24s
42. Lesson 7: Current State of Incident Response Capability
11s
43. Threats
4m 39s
44. Vulnerabilities
6m 15s
45. Lesson 8: Developing an Incident Response Plan
44s
46. Elements of an Incident Response Plan
8m 19s
47. Gap Analysis
3m 5s
48. BIA Part1
5m 5s
49. BIA Part2
2m 48s
50. Escalation Process for Effective IM
2m 45s
51. Help Desk Processes for Identifying Security Incidents
1m 27s
52. Incident Management and Response Teams
2m 10s
53. Organizing, Training, and Equipping the Response Staff
1m 55s
54. Incident Notification Process
55s
55. Challenges in making an Incident Management Plan
2m 18s
56. Lesson 9: BCP/DRP
7m 49s
57. Goals of Recovery Operations Part1
2m 2s
58. Goals of Recovery Operations Part2
1m 57s
59. Choosing a Site Selection Part1
5m 37s
60. Choosing a Site Selection Part2
1m 18s
61. Implementing the Strategy
3m 58s
62. Incident Management Response Teams
2m 10s
63. Network Service High-availability
4m 17s
64. Storage High-availability
4m 1s
65. Risk Transference
1m 27s
66. Other Response Recovery Plan Options
1m 29s
67. Lesson 10: Testing Response and Recovery Plans
2m 17s
68. Periodic Testing
1m 17s
69. Analyzing Test Results Part1
2m 6s
70. Analyzing Test Results Part2
3m 39s
71. Measuring the Test Results
58s
72. Lesson 11: Executing the Plan
1m 56s
73. Updating the Plan
1m 15s
74. Intrusion Detection Policies
1m 38s
75. Who to Notify about an Incident
1m 52s
76. Recovery Operations
1m 53s
77. Other Recovery Operations
1m 57s
78. Forensic Investigation
3m 5s
79. Hacker / Penetration Methodology
11m 50s
80. Domain 04 Review
1m 15s
81. Course Closure
34s