Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Certified Information Security Manager (CISM)
Course Introduction
Introduction (0:10)
Course Introduction (1:02)
Instructor Introduction (1:20)
Information Security Governance
Lesson 1: Information Security Governance Overview (0:53)
Information Security Governance Overview Part1 (1:12)
Information Security Governance Overview Part2 (2:00)
Information Security Governance Overview Part3 (1:22)
Information Security Governance Overview Part4 (1:32)
Information Security Governance Overview Part5 (0:29)
Importance of Information Security Governance Part1 (1:19)
Importance of Information Security Governance Part2 (6:21)
Outcomes of Information Security Governance Part1 (0:33)
Outcomes of Information Security Governance Part2 (1:26)
Outcomes of Information Security Governance Part3 (2:45)
Outcomes of Information Security Governance Part4 (1:27)
Outcomes of Information Security Governance Part5 (1:54)
Outcomes of Information Security Governance Part6 (1:28)
Lesson 2: Effective Information Security Governance (0:31)
Business Goals and Objectives Part1 (1:31)
Business Goals and Objectives Part2 (2:00)
Roles and Responsibilities of Senior Management Part1 (1:02)
Roles and Responsibilities of Senior Management Part2 (0:43)
Domain Tasks Part1 (1:21)
Domain Tasks Part2 (3:16)
Business Model for Information Security Part1 (0:45)
Business Model for Information Security Part2 (1:09)
Business Model for Information Security Part3 (3:16)
Business Model for Information Security Part4 (1:37)
Dynamic Interconnections Part1 (0:34)
Dynamic Interconnections Part2 (2:55)
Dynamic Interconnections Part3 (1:55)
Dynamic Interconnections Part4 (0:51)
Lesson 3: Information Security Concepts and Technologies (3:27)
Information Security Concepts and Technologies Part1 (2:58)
Information Security Concepts and Technologies Part2 (3:25)
Information Security Concepts and Technologies Part3 (1:50)
Technologies Part1 (1:41)
Technologies Part2 (6:12)
Lesson 4: Information Security Manager (0:33)
Responsibilities (1:48)
Senior Management Commitment Part1 (0:48)
Senior Management Commitment Part2 (2:27)
Obtaining Senior Management Commitment Part1 (0:24)
Obtaining Senior Management Commitment Part2 (0:53)
Establishing Reporting and Communication Channels Part1 (1:13)
Establishing Reporting and Communication Channels Part2 (1:07)
Lesson 5: Scope and Charter of Information Security Governance (1:55)
Assurance Process Integration and Convergence (2:24)
Convergence (2:32)
Governance and Third-Party Relationships (2:38)
Lesson 6: Information Security Governance Metrics (0:56)
Metrics (1:38)
Effective Security Metrics Part1 (1:46)
Effective Security Metrics Part2 (1:01)
Effective Security Metrics Part3 (1:51)
Effective Security Metrics Part4 (0:39)
Security Implementation Metrics (1:17)
Strategic Alignment Part1 (2:56)
Strategic Alignment Part2 (1:11)
Risk Management (1:14)
Value Delivery (1:02)
Resource Management Part1 (0:47)
Resource Management Part2 (0:41)
Performance Measurement (3:06)
Assurance Process Integration/Convergence (2:54)
Lesson 7: Information Security Strategy Overview (0:53)
Another View of Strategy (0:41)
Lesson 8: Creating Information Security Strategy (0:16)
Information Security Strategy (1:22)
Common Pitfalls Part1 (4:38)
Common Pitfalls Part2 (2:19)
Objectives of the Information Security Strategy (1:33)
What is the Goal? (1:40)
Defining Objectives (1:23)
Business Linkages (1:48)
Business Case Development Part1 (1:44)
Business Case Development Part2 (2:36)
Business Case Development Part3 (0:45)
Business Case Objectives (0:57)
The Desired State (1:48)
COBIT (1:08)
COBIT Controls (1:09)
COBIT Framework (0:48)
Capability Maturity Model (1:38)
Balanced Scorecard (1:22)
Architectural Approaches (1:03)
ISO/IEC 27001 and 27002 (1:00)
Risk Objectives Part1 (1:39)
Risk Objectives Part2 (3:11)
Lesson 9: Determining Current State Of Security (0:45)
Current Risk Part1 (2:37)
Current Risk Part2 (1:11)
BIA (1:11)
Lesson 10: Information Security Strategy Development (1:52)
The Roadmap (1:01)
Elements of a Strategy (3:27)
Strategy Resources and Constraints (2:46)
Lesson 11: Strategy Resources (0:32)
Policies and Standards (1:00)
Definitions (5:48)
Enterprise Information Security Architectures (1:30)
Controls (3:00)
Countermeasures (0:55)
Technologies (1:50)
Personnel (1:54)
Organizational Structure (3:47)
Employee Roles and Responsibilities (0:28)
Skills (1:17)
Audits (1:41)
Compliance Enforcement (2:24)
Threat Assessment (1:41)
Vulnerability Assessment (2:21)
Risk Assessment (2:19)
Insurance (2:04)
Business Impact Assessment (2:32)
Outsourced Security Providers (2:57)
Lesson 12: Strategy Constraints (0:23)
Legal and Regulatory Requirements (1:43)
Physical Constraints (2:56)
The Security Strategy (1:36)
Lesson 13: Action Plan to Implement Strategy (1:13)
Gap Analysis Part1 (1:35)
Gap Analysis Part2 (0:52)
Gap Analysis Part3 (3:01)
Policy Development Part1 (1:41)
Policy Development Part2 (1:00)
Standards Development (2:45)
Training and Awareness (0:35)
Action Plan Metrics (1:23)
General Metric Considerations Part1 (0:23)
General Metric Considerations Part2 (0:35)
General Metric Considerations Part3 (0:43)
General Metric Considerations Part4 (0:23)
CMM4 Statements (2:00)
Objectives for CMM4 (0:47)
Section Review (0:44)
Review Questions
Information Risk Management
Lesson 1: Risk Management Overview (0:59)
Risk Management Overview (1:51)
Types of Risk Analysis (7:08)
The Importance of Risk Management (2:14)
Risk Management Outcomes (1:35)
Risk Management Strategy (1:49)
Lesson 2: Good Information Security Risk Management (4:14)
Context and Purpose (3:08)
Scope and Charter (0:39)
Assets (2:31)
Other Risk Management Goals (2:02)
Roles and Responsibilities (2:51)
Lesson 3: Information Security Risk Management Concepts (6:06)
Technologies (6:39)
Lesson 4: Implementing Risk Management (2:08)
The Risk Management Framework (2:00)
The External Environment (1:48)
The Internal Environment (2:07)
The Risk Management Context (0:47)
Gap Analysis (2:21)
Other Organizational Support (4:09)
Risk Analysis (1:22)
Lesson 5: Risk Assessment (1:19)
NIST Risk Assessment Methodology (3:49)
Aggregated or Cascading Risk (2:54)
Other Risk Assessment Approaches (1:18)
Identification of Risks (1:49)
Threats (1:08)
Vulnerabilities Part1 (2:11)
Vulnerabilities Part2 (4:10)
Risks (1:36)
Analysis of Relevant Risks (1:48)
Risk Analysis (2:29)
Semi -Quantitative Analysis (1:52)
Quantitative Analysis Example (4:14)
Evaluation of Risks (0:46)
Risk Treatment Options (4:39)
Impact (2:59)
Lesson 6: Controls Countermeasures (0:25)
Controls (4:43)
Residual Risk (3:38)
Information Resource Valuation (1:33)
Methods of Valuing Assets (1:36)
Information Asset Classification (3:32)
Determining Classification (2:05)
Impact Part1 (3:53)
Impact Part2 (1:03)
Lesson 7: Recovery Time Objectives (0:49)
Recovery Point Objectives (4:18)
Service Delivery Objectives (1:58)
Third-Party Service Providers (1:44)
Working with Lifecycle Processes (2:08)
IT System Development (2:11)
Project Management Part1 (0:46)
Project Management Part2 (2:10)
Lesson 8: Risk Monitoring and Communication (1:17)
Risk Monitoring and Communication (0:38)
Other Communications (1:25)
Section Review (1:01)
Review Questions
Information Security Program Development
Introduction (0:31)
Lesson 1: Development of Information Security Program (2:50)
Importance of the Program (0:52)
Outcomes of Security Program Development (1:47)
Effective Information Security Program Development (4:59)
Lesson 2: Information Security Program Objectives (1:55)
Cross Organizational Responsibilities (0:10)
Program Objectives Part1 (2:23)
Program Objectives Part2 (1:18)
Defining Objectives Part1 (2:11)
Defining Objectives Part2 (1:08)
Lesson 3: Information Security Program Development Concepts Part1 (4:02)
Information Security Program Development Concepts Part2 (5:39)
Technology Resources (2:44)
Information Security Manager (1:25)
Lesson 4: Scope and Charter of Information Security Program Development (0:30)
Assurance Function Integration (1:35)
Challenges in Developing Information Security Program (1:54)
Pitfalls (2:48)
Objectives of the Security Program (2:06)
Program Goals (2:52)
The Steps of the Security Program (1:46)
Defining the Roadmap Part1 (1:38)
Defining the Roadmap Part2 (0:58)
Elements of the Roadmap Part1 (1:18)
Elements of the Roadmap Part2 (0:34)
Elements of the Roadmap Part3 (1:57)
Elements of the Roadmap Part4 (1:17)
Elements of the Roadmap Part5 (0:18)
Gap Analysis (0:44)
Lesson 5: Information Security Management Framework (0:15)
Security Management Framework (4:55)
COBIT 5 (5:59)
ISO/IEC 27001 (4:30)
Lesson 6: Information Security Framework Components (0:13)
Operational Components Part1 (1:56)
Operational Components Part2 (3:11)
Management Components (1:31)
Administrative Components (3:29)
Educational and Informational Components (1:25)
Lesson 7: Information Security Program Resources (1:32)
Resources (3:27)
Documentation (0:54)
Enterprise Architecture Part1 (4:29)
Enterprise Architecture Part2 (1:54)
Enterprise Architecture Part3 (1:11)
Controls as Strategy Implementation Resources Part1 (3:42)
Controls as Strategy Implementation Resources Part2 (2:20)
Controls as Strategy Implementation Resources Part3 (4:35)
Controls as Strategy Implementation Resources Part4 (2:19)
Common Control Practices (1:41)
Countermeasures (0:37)
Technologies Part1 (1:13)
Technologies Part2 (1:52)
Technologies Part3 (1:39)
Technologies Part4 (5:38)
Personnel Part1 (2:00)
Personnel Part2 (2:56)
Security Awareness (1:28)
Awareness Topics (5:18)
Formal Audits (1:16)
Compliance Enforcement (1:03)
Project Risk Analysis (3:09)
Other Actions (2:58)
Other Organizational Support (1:21)
Program Budgeting Part1 (1:03)
Program Budgeting Part2 (2:19)
Lesson 8: Implementing an Information Security Program (0:13)
Policy Compliance (2:38)
Standards Compliance (2:44)
Training and Education (1:43)
ISACA Control Objectives (3:52)
Third-party Service Providers Part1 (1:08)
Third-party Service Providers Part2 (4:22)
Integration into Lifecycle Processes (2:14)
Monitoring and Communication (3:33)
Documentation (1:33)
The Plan of Action Part1 (1:17)
The Plan of Action Part2 (1:36)
Lesson 9: Information Infrastructure and Architecture (0:53)
Managing Complexity Part1 (4:42)
Managing Complexity Part2 (1:45)
Objectives of Information Security Architectures Part1 (1:30)
Objectives of Information Security Architectures Part2 (1:15)
Physical and Environmental Controls (3:32)
Lesson 10: Information Security Program (3:03)
Information Security Program Deployment Metrics (2:27)
Metrics (2:02)
Strategic Alignment (0:53)
Risk Management (1:41)
Value Delivery (0:35)
Resource Management (1:22)
Assurance Process Integration (0:27)
Performance Measurement (0:41)
Security Baselines (0:38)
Lesson 11: Security Program Services and Operational Activities (0:48)
IS Liaison Responsibilities Part1 (10:17)
IS Liaison Responsibilities Part2 (2:28)
Cross-Organizational Responsibilities (1:34)
Security Reviews and Audits Part1 (3:27)
Security Reviews and Audits Part2 (1:38)
Management of Security Technology (1:25)
Due Diligence Part1 (4:10)
Due Diligence Part2 (1:36)
Compliance Monitoring and Enforcement Part1 (2:02)
Compliance Monitoring and Enforcement Part2 (1:46)
Assessment of Risk and Impact Part1 (2:16)
Assessment of Risk and Impact Part2 (1:28)
Outsourcing and Service Providers (2:33)
Cloud Computing Part1 (1:37)
Cloud Computing Part2 (1:54)
Cloud Computing Part3 (2:23)
Integration with IT Processes (0:42)
Section Review (1:13)
Review Questions
Information Security Incident Management
Lesson 1: Incident Management Overview Part1 (0:47)
Incident Management Overview Part2 (3:08)
Incident Management Overview Part3 (3:45)
Types of Events Part1 (2:43)
Types of Events Part2 (3:20)
Goals of Incident Management Part1 (4:45)
Goals of Incident Management Part2 (6:31)
Goals of Incident Management Part3 (3:26)
Lesson 2: Incident Response Procedures Part1 (0:23)
Incident Response Procedures Part2 (3:40)
Importance of Incident Management (8:01)
Outcomes of Incident Management (3:50)
Incident Management (1:34)
Concepts Part1 (3:44)
Concepts Part2 (1:35)
Concepts Part3 (1:34)
Incident Management Systems Part1 (4:02)
Incident Management Systems Part2 (0:53)
Lesson 3: Incident Management Organization (2:30)
Responsibilities Part1 (3:44)
Responsibilities Part2 (2:58)
Responsibilities Part3 (5:10)
Senior Management Commitment (1:02)
Lesson 4: Incident Management Resources (0:25)
Policies and Standards (0:36)
Incident Response Technology Concepts (11:11)
Personnel (8:24)
Roles and Responsibilities (eNotes) (3:11)
Skills (8:09)
Awareness and Education (1:20)
Audits (2:49)
Lesson 5: Incident Management Objectives (0:17)
Defining Objectives (0:48)
The Desired State (3:29)
Strategic Alignment (6:42)
Other Concerns (2:32)
Lesson 6: Incident Management Metrics and Indicators (5:14)
Implementation of the Security Program Management (3:01)
Management Metrics and Monitoring Part1 (1:35)
Management Metrics and Monitoring Part2 (2:48)
Other Security Monitoring Efforts (4:24)
Lesson 7: Current State of Incident Response Capability (0:11)
Threats (4:39)
Vulnerabilities (6:15)
Lesson 8: Developing an Incident Response Plan (0:44)
Elements of an Incident Response Plan (8:19)
Gap Analysis (3:05)
BIA Part1 (5:05)
BIA Part2 (2:48)
Escalation Process for Effective IM (2:45)
Help Desk Processes for Identifying Security Incidents (1:27)
Incident Management and Response Teams (2:10)
Organizing, Training, and Equipping the Response Staff (1:55)
Incident Notification Process (0:55)
Challenges in making an Incident Management Plan (2:18)
Lesson 9: BCP/DRP (7:49)
Goals of Recovery Operations Part1 (2:02)
Goals of Recovery Operations Part2 (1:57)
Choosing a Site Selection Part1 (5:37)
Choosing a Site Selection Part2 (1:18)
Implementing the Strategy (3:58)
Incident Management Response Teams (2:10)
Network Service High-availability (4:17)
Storage High-availability (4:01)
Risk Transference (1:27)
Other Response Recovery Plan Options (1:29)
Lesson 10: Testing Response and Recovery Plans (2:17)
Periodic Testing (1:17)
Analyzing Test Results Part1 (2:06)
Analyzing Test Results Part2 (3:39)
Measuring the Test Results (0:57)
Lesson 11: Executing the Plan (1:56)
Updating the Plan (1:15)
Intrusion Detection Policies (1:38)
Who to Notify about an Incident (1:52)
Recovery Operations (1:53)
Other Recovery Operations (1:57)
Forensic Investigation (3:05)
Hacker / Penetration Methodology (11:50)
Section Review (1:15)
Review Questions
Course Closure (1:53)
Other Actions
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock