Overview
Curriculum
- 4 Sections
- 37 Lessons
- 19 Hours
Expand all sectionsCollapse all sections
- 01. Domain 1: Information Security Governance9
- 1.1Establish internal and external reporting and communication channels.
- 1.2Define, communicate and monitor information security responsibilities.
- 1.3Gain ongoing commitment from senior leadership and other stakeholders.
- 1.4Develop business cases to support investments in information security.
- 1.5Identify internal and external influences to the organization.
- 1.6Integrate information security governance into corporate governance.
- 1.7Develop and maintain information security policies.
- 1.8Establish and maintain an information security governance framework.
- 1.9Develop an information security strategy, aligned with business goals and directives.
- 02. Domain 2: Information Risk Management9
- 2.1Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.
- 2.2Monitor for internal and external factors (e.g., threat landscape, cybersecurity, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately.
- 2.3Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
- 2.4Facilitate the integration of information risk management into business and IT processes to enable a consistent and comprehensive information risk management program across the organization.
- 2.5Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
- 2.6Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
- 2.7Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and at appropriate times, to identify and assess risk to the organization’s information.
- 2.8Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
- 2.9Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
- 03. Domain 3: Information Security Program Development & Management10
- 3.1Compile reports to key stakeholders on overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.
- 3.2Develop procedures (metrics) to evaluate the effectiveness and efficiency of the IS program.
- 3.3Integrate information security requirements into organizational processes.
- 3.4Integrate information security requirements into contracts and activities of third parties.
- 3.5Develop a program for information security awareness and training.
- 3.6Develop documentation that ensures compliance with policies.
- 3.7Establish and maintain IS architectures to execute the IS program.
- 3.8Establish and maintain requirements for all resources to execute the IS program.
- 3.9Ensure alignment between the information security program and other business functions.
- 3.10Develop a security program, aligned with information security strategy.
- 04. Domain 4: Information Security Incident Management9
- 4.1Align incident response plan with DRP and BCP.
- 4.2Determine the root cause of IS incidents.
- 4.3Test and review the incident response plan.
- 4.4Develop incident escalation and communication processes.
- 4.5Develop processes to investigate and document information security incidents.
- 4.6Establish teams that effectively respond to information security incidents.
- 4.7Develop processes for timely identification of information security incidents.
- 4.8Establish an incident response plan.
- 4.9Define (types of) information security incidents.
Instructor
