Certified Information Security Manager (CISM) Online Course

Certified Information Security Manager (CISM) Online Course

About the Course

This comprehensive online video course thoroughly covers all four domains of the CISM (Certified Information Security Manager) certification:

• Domain 1: Information Security Governance – 24% of the exam
• Domain 2: Information Risk Management – 30% of the exam
• Domain 3: Information Security Program Development and Management – 27% of the exam
• Domain 4: Information Security Incident Management – 19% of the exam

To successfully pass the CISM exam—which consists of 150 multiple-choice questions over a four-hour period—you need a solid grasp of each of these domains. While many candidates rely on multiple books and resources, this course offers a focused and effective path to mastering the key concepts and achieving CISM certification.

Who should take this Course?

The Developing Solutions for Microsoft Azure (AZ-204) Online Course is ideal for software developers, cloud engineers, and IT professionals who want to design, build, test, and maintain cloud applications and services on Microsoft Azure. It’s also suitable for individuals preparing for the AZ-204 certification exam. Prior experience with Azure services, programming languages like C# or Python, and a solid understanding of REST APIs and cloud development concepts is recommended for successful learning.

Course Curriculum

Domain 1 - Information Security Governance (24% of exam)

• CISM Domain 1 - What we will be covering
• Governance, Management, standards, and frameworks
• Values, vision, and mission
• Policies, procedures, guidelines, and frameworks
• SWOT Analysis
• Gap Analysis
• OPEX, CAPEX, and fiscal years
• KGIs, KPIs, and KRIs
• The CIA triad
• Sensitive information and media security
• Data Classification
• Data owners
• Data security frameworks
• Ethics
• Laws and regulations
• GDPR (General Data Protection Regulation)
• Intellectual property
• Warfare, terrorism, sabotage, and ransomware
• Administrative personnel controls
• Designing security into our software
• Programming concepts
• Software development methodologies part 1
• Software development methodologies part 2
• Artificial intelligence (AI)
• CISM Domain 1 - What we covered

CISM Domain 2 - What we will be covering

• Risk Identification
• Risk Assessment
• Risk response and mitigation & Risk and Control Monitoring and Reporting
• COBIT5
• Attackers, Vishing and Phishing
• Incident Management definitions
• Incident Management
• NIST 800-53
• NIST 800-37
• ISO 27001 and 27002
• OWASP part 1
• OWASP part 2
• Vulnerability scanners
• Networking basics
• SIEM (Security Information and Event Management)
• The OSI model
• The TCP/IP model
• IP addresses and port numbers part 1
• IP addresses and port numbers part 2
• IP support protocols
• Cable types
• LAN topologies
• Layer 1 to 3 networking devices
• Firewalls
• Intrusion detection and prevention systems
• 0-day attacks
• Network authentication protocols
• WIFI
• Bluetooth
• Honeynets and Honeypots
• Secure communications
• Mobile device security
• Application white-listing
• Virtualization
• Database security
• Software vulnerabilities and Attacks
• System vulnerabilities, threats, and countermeasures
• Physical security part 1
• Physical security part 2
• Physical security part 3
• Site Selection
• Fire suppression and hot and cold aisles
• Electricity
• Backups
• RAID (Redundant Array of Independent Disks)
• Redundancy
• Media storage
• IOT (Internet Of Things)
• CISM Domain 2 - What we covered

CISM Domain 3 - What we will be covering

• Access control
• Introduction to Access Control
• IAAA and subject/object
• Type 1 authentication
• Type 2 authentication
• Type 3 authentication
• Authorization
• Accountability
• Access control systems
• Identity and access provisioning
• Introduction to Cryptography
• The history of Cryptography
• Symmetric encryption
• Asymmetric encryption
• Hashing
• Attacks on cryptography
• Digital signatures
• Implementing cryptography MAC, HMAC, SSL, and TLS
• Configuration Management
• Patch Management
• Change management
• Security evaluation models
• Security Assessments
• Security Audits
• Security Audit Logs
• Vulnerability scanners
• Penetration testing
• Penetration testing tools
• Social Engineering attacks
• Software testing
• CMM (Capability Maturity Model)
• Buying software from other companies
• CISM Domain 3 - What we covered

CISM Domain 4 - What we will be covering

• Domain 4 Key concepts
• BCP and DRP (Business Continuity Plan and Disaster Recovery Plan)
• Personnel
• DRP (Disaster Recovery Plan) basics
• Developing our BCP and DRP (Business Continuity Plan and Disaster Recovery Plan)
• BIA (Business Impact Analysis)
• Supply and infrastructure redundancy
• Disaster Recovery sites
• Other BCP sub plans
• Employee redundancy
• Testing, training, and improving the plans
• After a disruption
• Digital forensics
• Spinning disk forensics
• Memory and data remanence
• Data remanence and destruction
• Network and Software forensics
• CISM Domain 4 - What we covered