CISM 2013: Information Security Governance (Part 2)

Course details

Many companies realize that their information security is not in the state that it should be. As an information security manager, it will be your role to guide your organization to where information-related risks are controlled and sound information security processes are being followed by each and every employee. In order to move a company from a current state, to a desired state, there are many steps that must be taken. This course examines what an information security strategy is, frameworks and models you can use to build your strategy, who the strategy participants are, and constraints that may stand in your way. This course prepares you for the Certified Information Security Manager (CISM) exam.

• match the key participants in developing an information security strategy with their corresponding responsibilities
• recognize appropriate models for developing an information security strategy
• label examples of pitfalls that organizations may encounter as they develop an information security strategy
• assess the effectiveness of a given management team's efforts to develop an information security strategy
• recognize questions that an information strategy should answer
• recognize two types of objectives an information security strategy should have
• identify the key elements of a business case for an information security program
• recognize key concepts related to approaches for determining the desired state of security
• identify the aspects of security that must be assessed when determining the current state
• identify the components of a roadmap for achieving security objectives
• match constraints that must be considered when developing an information security strategy to their corresponding descriptions
• assess the efforts of a given management team to create a roadmap for its information security strategy