Prepare to pass the Certified Information Security Manager (CISM) exam. Explore the detailed information you need to prepare for the Information Risk Management exam domain.

Syllabus IntroductionInformation risk managementWhat you need to knowStudy resources1. Risk AssessmentRisk assessmentQuantitative risk assessmentInformation classification2. Risk ManagementRisk treatment optionsSecurity control selection and implementationOngoing risk managementRisk management frameworksRisk visibility and reporting3. MalwareComparing viruses, worms, and trojansComparing adware, spyware, and ransomwareUnderstanding backdoors and logic bombsBotnetsAdvanced persistent threats4. Understanding AttackersCybersecurity adversariesPreventing insider threatsThreat intelligence5. Attack TypesDenial of service attacksEavesdropping attacksNetwork attacksNetwork address spoofingPassword attacksWatering hole attacks6. Social Engineering AttacksSocial engineeringImpersonation attacksPhysical social engineering7. Vulnerability Scanning and Penetration TestingSecurity assessment toolsScanning for vulnerabilitiesAssessing threatsThreat assessment techniquesPenetration testingAdvanced vulnerability scanning8. Awareness and TrainingSecurity policy training and proceduresCompliance trainingUser habitsUser-based threatsMeasuring compliance and security postureAwareness program reviews9. Business ContinuityBusiness continuity planningBusiness continuity controlsHigh availability and fault tolerance10. Disaster RecoveryDisaster recovery planningBackupsValidating backupsDisaster recovery sitesTesting BC/DR plans11. Supply Chain RiskManaging vendor relationshipsVendor agreementsVendor information management12. ComplianceLegal and regulatory compliancePrivacy complianceIntellectual propertyData breachesConclusionWhat's next? Read more