Description

Prepare to pass the Certified Information Security Manager (CISM) exam. Explore the detailed information you need to prepare for the Information Risk Management exam domain.

Tags

Syllabus

Syllabus IntroductionInformation security risk managementWhat you need to knowStudy resources1. Risk AssessmentRisk assessmentQuantitative risk assessmentInformation classification2. Risk ManagementRisk treatment optionsSecurity control selection and implementationOngoing risk managementRisk management frameworksRisk visibility and reporting3. MalwareComparing viruses, worms, and TrojansMalware payloadsUnderstanding backdoors and logic bombsBotnetsAdvanced persistent threats4. Understanding AttackersCybersecurity adversariesPreventing insider threatsThreat intelligence5. Attack TypesDenial of service attacksEavesdropping attacksDNS attacksLayer 2 attacksNetwork address spoofingPassword attacksPassword spraying and credential stuffingWatering hole attacks6. Social Engineering AttacksSocial engineeringImpersonation attacksPhysical social engineering7. Vulnerability Scanning and Penetration TestingWhat is vulnerability management?Identify scan targetsScan configurationScan perspectiveSecurity Content Automation Protocol (SCAP)Common Vulnerability Scoring System (CVSS)Analyzing scan reportsCorrelating scan results8. Awareness and TrainingSecurity awareness trainingCompliance trainingUser habitsMeasuring compliance and security postureAwareness program reviews9. Business ContinuityBusiness continuity planningBusiness continuity controlsHigh availability and fault tolerance10. Disaster RecoveryDisaster recovery planningBackupsRestoring backupsDisaster recovery sitesTesting BC/DR plans11. Supply Chain RiskManaging vendor relationshipsVendor agreementsVendor information managementAudits and assessmentsCloud audits12. ComplianceLegal and compliance risksPrivacy complianceData breachesIntellectual propertyConclusionContinuing your studies Read more