exam
exam-1
examvideo
Best seller!
CISM: Certified Information Security Manager Training Course
Best seller!
star star star star star
examvideo-1
$27.49
$24.99

CISM: Certified Information Security Manager Certification Video Training Course

The complete solution to prepare for for your exam with CISM: Certified Information Security Manager certification video training course. The CISM: Certified Information Security Manager certification video training course contains a complete set of videos that will provide you with thorough knowledge to understand the key concepts. Top notch prep including Isaca CISM exam dumps, study guide & practice test questions and answers.

523 Students Enrolled
388 Lectures
14:34:18 Hours

CISM: Certified Information Security Manager Certification Video Training Course Exam Curriculum

fb
1

Course Introduction

1 Lectures
Time 00:01:02
fb
2

Domain 01 - Information Security Governance

133 Lectures
Time 03:47:43
fb
3

Domain 02 - Information Risk Management

59 Lectures
Time 02:22:21
fb
4

Domain 03 - Information Security Program Development

114 Lectures
Time 04:07:00
fb
5

Domain 04 - Information Security Incident Management

81 Lectures
Time 04:16:12

Course Introduction

  • play 1. Course Introduction
    01:02

Domain 01 - Information Security Governance

  • play 1. Lesson 1: Information Security Governance Overview
    00:53
  • play 2. Information Security Governance Overview Part1
    01:12
  • play 3. Information Security Governance Overview Part2
    02:00
  • play 4. Information Security Governance Overview Part3
    01:22
  • play 5. Information Security Governance Overview Part4
    01:32
  • play 6. Information Security Governance Overview Part5
    00:30
  • play 7. Importance of Information Security Governance Part1
    06:21
  • play 8. Importance of Information Security Governance Part2
    01:19
  • play 9. Outcomes of Information Security Governance Part1
    00:33
  • play 10. Outcomes of Information Security Governance Part2
    01:26
  • play 11. Outcomes of Information Security Governance Part3
    02:45
  • play 12. Outcomes of Information Security Governance Part4
    01:27
  • play 13. Outcomes of Information Security Governance Part5
    01:54
  • play 14. Outcomes of Information Security Governance Part6
    01:28
  • play 15. Lesson 2: Effective Information Security Governance
    00:31
  • play 16. Business Goals and Objectives Part1
    01:31
  • play 17. Business Goals and Objectives Part2
    02:00
  • play 18. Roles and Responsibilities of Senior Management Part1
    01:02
  • play 19. Roles and Responsibilities of Senior Management Part2
    00:43
  • play 20. Domain Tasks Part1
    01:21
  • play 21. Domain Tasks Part2
    03:16
  • play 22. Business Model for Information Security Part1
    00:45
  • play 23. Business Model for Information Security Part2
    01:09
  • play 24. Business Model for Information Security Part3
    03:16
  • play 25. Business Model for Information Security Part4
    01:37
  • play 26. Dynamic Interconnections Part1
    00:34
  • play 27. Dynamic Interconnections Part2
    02:55
  • play 28. Dynamic Interconnections Part3
    01:55
  • play 29. Dynamic Interconnections Part4
    00:51
  • play 30. Lesson 3: Information Security Concepts and Technologies
    03:27
  • play 31. Information Security Concepts and Technologies Part1
    02:58
  • play 32. Information Security Concepts and Technologies Part2
    03:25
  • play 33. Information Security Concepts and Technologies Part3
    01:50
  • play 34. Technologies Part1
    01:41
  • play 35. Technologies Part2
    06:12
  • play 36. Lesson 4: Information Security Manager
    00:33
  • play 37. Responsibilities
    01:48
  • play 38. Senior Management Commitment Part1
    00:48
  • play 39. Senior Management Commitment Part2
    02:27
  • play 40. Obtaining Senior Management Commitment Part1
    00:24
  • play 41. Obtaining Senior Management Commitment Part2
    00:53
  • play 42. Establishing Reporting and Communication Channels Part1
    01:13
  • play 43. Establishing Reporting and Communication Channels Part2
    01:07
  • play 44. Lesson 5: Scope and Charter of Information Security Governance
    01:55
  • play 45. Assurance Process Integration and Convergence
    02:24
  • play 46. Convergence
    02:32
  • play 47. Governance and Third-Party Relationships
    02:38
  • play 48. Lesson 6: Information Security Governance Metrics
    00:56
  • play 49. Metrics
    01:39
  • play 50. Effective Security Metrics Part1
    01:46
  • play 51. Effective Security Metrics Part2
    01:01
  • play 52. Effective Security Metrics Part3
    01:51
  • play 53. Effective Security Metrics Part4
    00:39
  • play 54. Security Implementation Metrics
    01:17
  • play 55. Strategic Alignment Part1
    02:56
  • play 56. Strategic Alignment Part2
    01:11
  • play 57. Risk Management
    01:14
  • play 58. Value Delivery
    01:02
  • play 59. Resource Management Part1
    00:47
  • play 60. Resource Management Part2
    00:41
  • play 61. Performance Measurement
    03:06
  • play 62. Assurance Process Integration/Convergence
    02:54
  • play 63. Lesson 7: Information Security Strategy Overview
    00:53
  • play 64. Another View of Strategy
    00:41
  • play 65. Lesson 8: Creating Information Security Strategy
    00:16
  • play 66. Information Security Strategy
    01:22
  • play 67. Common Pitfalls Part1
    04:38
  • play 68. Common Pitfalls Part2
    02:19
  • play 69. Objectives of the Information Security Strategy
    01:33
  • play 70. What is the Goal?
    01:40
  • play 71. Defining Objectives
    01:23
  • play 72. Business Linkages
    01:48
  • play 73. Business Case Development Part1
    01:44
  • play 74. Business Case Development Part2
    02:36
  • play 75. Business Case Development Part3
    00:45
  • play 76. Business Case Objectives
    00:57
  • play 77. The Desired State
    01:48
  • play 78. COBIT
    01:08
  • play 79. COBIT Controls
    01:09
  • play 80. COBIT Framework
    00:48
  • play 81. Capability Maturity Model
    01:38
  • play 82. Balanced Scorecard
    01:22
  • play 83. Architectural Approaches
    01:03
  • play 84. ISO/IEC 27001 and 27002
    01:00
  • play 85. Risk Objectives Part1
    01:39
  • play 86. Risk Objectives Part2
    03:11
  • play 87. Lesson 9: Determining Current State Of Security
    00:45
  • play 88. Current Risk Part1
    02:37
  • play 89. Current Risk Part2
    01:11
  • play 90. BIA
    01:11
  • play 91. Lesson 10: Information Security Strategy Development
    01:52
  • play 92. The Roadmap
    01:01
  • play 93. Elements of a Strategy
    03:27
  • play 94. Strategy Resources and Constraints
    02:46
  • play 95. Lesson 11: Strategy Resources
    00:32
  • play 96. Policies and Standards
    01:01
  • play 97. Definitions
    05:48
  • play 98. Enterprise Information Security Architectures
    01:30
  • play 99. Controls
    03:00
  • play 100. Countermeasures
    00:55
  • play 101. Technologies
    01:50
  • play 102. Personnel
    01:54
  • play 103. Organizational Structure
    03:47
  • play 104. Employee Roles and Responsibilities
    00:28
  • play 105. Skills
    01:17
  • play 106. Audits
    01:41
  • play 107. Compliance Enforcement
    02:24
  • play 108. Threat Assessment
    01:41
  • play 109. Vulnerability Assessment
    02:21
  • play 110. Risk Assessment
    02:19
  • play 111. Insurance
    02:04
  • play 112. Business Impact Assessment
    02:32
  • play 113. Outsourced Security Providers
    02:57
  • play 114. Lesson 12: Strategy Constraints
    00:23
  • play 115. Legal and Regulatory Requirements
    01:43
  • play 116. Physical Constraints
    02:56
  • play 117. The Security Strategy
    01:36
  • play 118. Lesson 13: Action Plan to Implement Strategy
    01:13
  • play 119. Gap Analysis Part1
    01:35
  • play 120. Gap Analysis Part2
    00:52
  • play 121. Gap Analysis Part3
    03:01
  • play 122. Policy Development Part1
    01:42
  • play 123. Policy Development Part2
    01:00
  • play 124. Standards Development
    02:45
  • play 125. Training and Awareness
    00:35
  • play 126. Action Plan Metrics
    01:23
  • play 127. General Metric Considerations Part1
    00:23
  • play 128. General Metric Considerations Part2
    00:35
  • play 129. General Metric Considerations Part3
    00:43
  • play 130. General Metric Considerations Part4
    00:23
  • play 131. CMM4 Statements
    02:00
  • play 132. Objectives for CMM4
    00:47
  • play 133. Domain 01 Review
    00:44

Domain 02 - Information Risk Management

  • play 1. Lesson 1: Risk Management Overview
    00:59
  • play 2. Risk Management Overview
    01:51
  • play 3. Types of Risk Analysis
    07:08
  • play 4. The Importance of Risk Management
    02:14
  • play 5. Risk Management Outcomes
    01:35
  • play 6. Risk Management Strategy
    01:49
  • play 7. Lesson 2: Good Information Security Risk Management
    04:14
  • play 8. Context and Purpose
    03:08
  • play 9. Scope and Charter
    00:39
  • play 10. Assets
    02:31
  • play 11. Other Risk Management Goals
    02:02
  • play 12. Roles and Responsibilities
    02:52
  • play 13. Lesson 3: Information Security Risk Management Concepts
    06:06
  • play 14. Technologies
    06:39
  • play 15. Lesson 4: Implementing Risk Management
    02:08
  • play 16. The Risk Management Framework
    02:00
  • play 17. The External Environment
    01:48
  • play 18. The Internal Environment
    02:07
  • play 19. The Risk Management Context
    00:47
  • play 20. Gap Analysis
    02:21
  • play 21. Other Organizational Support
    04:09
  • play 22. Risk Analysis
    01:22
  • play 23. Lesson 5: Risk Assessment
    01:19
  • play 24. NIST Risk Assessment Methodology
    03:49
  • play 25. Aggregated or Cascading Risk
    02:54
  • play 26. Other Risk Assessment Approaches
    01:18
  • play 27. Identification of Risks
    01:49
  • play 28. Threats
    01:08
  • play 29. Vulnerabilities Part1
    02:11
  • play 30. Vulnerabilities Part2
    04:10
  • play 31. Risks
    01:36
  • play 32. Analysis of Relevant Risks
    01:48
  • play 33. Risk Analysis
    02:29
  • play 34. Semi -Quantitative Analysis
    01:52
  • play 35. Quantitative Analysis Example
    04:14
  • play 36. Evaluation of Risks
    00:46
  • play 37. Risk Treatment Options
    04:39
  • play 38. Impact
    02:59
  • play 39. Lesson 6: Controls Countermeasures
    00:25
  • play 40. Controls
    04:43
  • play 41. Residual Risk
    03:38
  • play 42. Information Resource Valuation
    01:33
  • play 43. Methods of Valuing Assets
    01:36
  • play 44. Information Asset Classification
    03:32
  • play 45. Determining Classification
    02:05
  • play 46. Impact Part1
    03:53
  • play 47. Impact Part2
    01:03
  • play 48. Lesson 7: Recovery Time Objectives
    00:49
  • play 49. Recovery Point Objectives
    04:18
  • play 50. Service Delivery Objectives
    01:58
  • play 51. Third-Party Service Providers
    01:44
  • play 52. Working with Lifecycle Processes
    02:08
  • play 53. IT System Development
    02:12
  • play 54. Project Management Part1
    00:47
  • play 55. Project Management Part2
    02:10
  • play 56. Lesson 8: Risk Monitoring and Communication
    01:17
  • play 57. Risk Monitoring and Communication
    00:38
  • play 58. Other Communications
    01:25
  • play 59. Domain 02 Review
    01:01

Domain 03 - Information Security Program Development

  • play 1. Introduction
    00:31
  • play 2. Lesson 1: Development of Information Security Program
    02:50
  • play 3. Importance of the Program
    00:52
  • play 4. Outcomes of Security Program Development
    01:47
  • play 5. Effective Information Security Program Development
    04:59
  • play 6. Lesson 2: Information Security Program Objectives
    00:10
  • play 7. Cross Organizational Responsibilities
    01:55
  • play 8. Program Objectives Part1
    02:23
  • play 9. Program Objectives Part2
    01:18
  • play 10. Defining Objectives Part1
    02:11
  • play 11. Defining Objectives Part2
    01:08
  • play 12. Lesson 3: Information Security Program Development Concepts Part1
    04:02
  • play 13. Information Security Program Development Concepts Part2
    05:39
  • play 14. Technology Resources
    02:44
  • play 15. Information Security Manager
    01:25
  • play 16. Lesson 4: Scope and Charter of Information Security Program Development
    00:30
  • play 17. Assurance Function Integration
    01:35
  • play 18. Challenges in Developing Information Security Program
    01:54
  • play 19. Pitfalls
    02:48
  • play 20. Objectives of the Security Program
    02:06
  • play 21. Program Goals
    02:52
  • play 22. The Steps of the Security Program
    01:46
  • play 23. Defining the Roadmap Part1
    01:38
  • play 24. Defining the Roadmap Part2
    00:58
  • play 25. Elements of the Roadmap Part1
    01:18
  • play 26. Elements of the Roadmap Part2
    00:34
  • play 27. Elements of the Roadmap Part3
    01:57
  • play 28. Elements of the Roadmap Part4
    01:17
  • play 29. Elements of the Roadmap Part5
    00:18
  • play 30. Gap Analysis
    00:44
  • play 31. Lesson 5: Information Security Management Framework
    00:15
  • play 32. Security Management Framework
    04:55
  • play 33. COBIT 5
    05:59
  • play 34. ISO/IEC 27001
    04:30
  • play 35. Lesson 6: Information Security Framework Components
    00:13
  • play 36. Operational Components Part1
    01:56
  • play 37. Operational Components Part2
    03:11
  • play 38. Management Components
    01:31
  • play 39. Administrative Components
    03:30
  • play 40. Educational and Informational Components
    01:26
  • play 41. Lesson 7: Information Security Program Resources
    01:32
  • play 42. Resources
    03:27
  • play 43. Documentation
    00:54
  • play 44. Enterprise Architecture Part1
    04:29
  • play 45. Enterprise Architecture Part2
    01:54
  • play 46. Enterprise Architecture Part3
    01:11
  • play 47. Controls as Strategy Implementation Resources Part1
    03:42
  • play 48. Controls as Strategy Implementation Resources Part2
    02:20
  • play 49. Controls as Strategy Implementation Resources Part3
    04:35
  • play 50. Controls as Strategy Implementation Resources Part4
    02:19
  • play 51. Common Control Practices
    01:41
  • play 52. Countermeasures
    00:37
  • play 53. Technologies Part1
    01:13
  • play 54. Technologies Part2
    01:52
  • play 55. Technologies Part3
    01:39
  • play 56. Technologies Part4
    05:38
  • play 57. Personnel Part1
    02:00
  • play 58. Personnel Part2
    02:56
  • play 59. Security Awareness
    01:28
  • play 60. Awareness Topics
    05:18
  • play 61. Formal Audits
    01:16
  • play 62. Compliance Enforcement
    01:03
  • play 63. Project Risk Analysis
    03:09
  • play 64. Other Actions
    02:58
  • play 65. Other Organizational Support
    01:21
  • play 66. Program Budgeting Part1
    01:03
  • play 67. Program Budgeting Part2
    02:19
  • play 68. Lesson 8: Implementing an Information Security Program
    00:13
  • play 69. Policy Compliance
    02:38
  • play 70. Standards Compliance
    02:44
  • play 71. Training and Education
    01:43
  • play 72. ISACA Control Objectives
    03:52
  • play 73. Third-party Service Providers Part1
    01:08
  • play 74. Third-party Service Providers Part2
    04:22
  • play 75. Integration into Lifecycle Processes
    02:14
  • play 76. Monitoring and Communication
    03:33
  • play 77. Documentation
    01:33
  • play 78. The Plan of Action Part1
    01:17
  • play 79. The Plan of Action Part2
    01:36
  • play 80. Lesson 9: Information Infrastructure and Architecture
    00:53
  • play 81. Managing Complexity Part1
    04:42
  • play 82. Managing Complexity Part2
    01:45
  • play 83. Objectives of Information Security Architectures Part1
    01:30
  • play 84. Objectives of Information Security Architectures Part2
    01:15
  • play 85. Physical and Environmental Controls
    03:32
  • play 86. Lesson 10: Information Security Program
    03:03
  • play 87. Information Security Program Deployment Metrics
    02:27
  • play 88. Metrics
    02:02
  • play 89. Strategic Alignment
    00:53
  • play 90. Risk Management
    01:41
  • play 91. Value Delivery
    00:35
  • play 92. Resource Management
    01:23
  • play 93. Assurance Process Integration
    00:27
  • play 94. Performance Measurement
    00:41
  • play 95. Security Baselines
    00:38
  • play 96. Lesson 11: Security Program Services and Operational Activities
    00:48
  • play 97. IS Liaison Responsibilities Part1
    10:17
  • play 98. IS Liaison Responsibilities Part2
    02:28
  • play 99. Cross-Organizational Responsibilities
    01:34
  • play 100. Security Reviews and Audits Part1
    03:27
  • play 101. Security Reviews and Audits Part2
    01:38
  • play 102. Management of Security Technology
    01:25
  • play 103. Due Diligence Part1
    04:10
  • play 104. Due Diligence Part2
    01:36
  • play 105. Compliance Monitoring and Enforcement Part1
    02:02
  • play 106. Compliance Monitoring and Enforcement Part2
    01:46
  • play 107. Assessment of Risk and Impact Part1
    02:17
  • play 108. Assessment of Risk and Impact Part2
    01:28
  • play 109. Outsourcing and Service Providers
    02:33
  • play 110. Cloud Computing Part1
    01:37
  • play 111. Cloud Computing Part2
    01:54
  • play 112. Cloud Computing Part3
    02:23
  • play 113. Integration with IT Processes
    00:42
  • play 114. Domain 03 Review
    01:13

Domain 04 - Information Security Incident Management

  • play 1. Lesson 1: Incident Management Overview Part1
    00:47
  • play 2. Incident Management Overview Part2
    03:08
  • play 3. Incident Management Overview Part3
    03:45
  • play 4. Types of Events Part1
    02:44
  • play 5. Types of Events Part2
    03:20
  • play 6. Goals of Incident Management Part1
    04:45
  • play 7. Goals of Incident Management Part2
    06:31
  • play 8. Goals of Incident Management Part3
    03:26
  • play 9. Lesson 2: Incident Response Procedures Part1
    00:23
  • play 10. Incident Response Procedures Part2
    03:40
  • play 11. Importance of Incident Management
    08:01
  • play 12. Outcomes of Incident Management
    03:50
  • play 13. Incident Management
    01:35
  • play 14. Concepts Part1
    03:44
  • play 15. Concepts Part2
    01:35
  • play 16. Concepts Part3
    01:34
  • play 17. Incident Management Systems Part1
    04:02
  • play 18. Incident Management Systems Part2
    00:53
  • play 19. Lesson 3: Incident Management Organization
    02:31
  • play 20. Responsibilities Part1
    03:44
  • play 21. Responsibilities Part2
    02:58
  • play 22. Responsibilities Part3
    05:10
  • play 23. Senior Management Commitment
    01:02
  • play 24. Lesson 4: Incident Management Resources
    00:25
  • play 25. Policies and Standards
    00:36
  • play 26. Incident Response Technology Concepts
    11:12
  • play 27. Personnel
    03:11
  • play 28. Roles and Responsibilities (eNotes)
    08:24
  • play 29. Skills
    08:09
  • play 30. Awareness and Education
    01:20
  • play 31. Audits
    02:49
  • play 32. Lesson 5: Incident Management Objectives
    00:17
  • play 33. Defining Objectives
    00:48
  • play 34. The Desired State
    03:29
  • play 35. Strategic Alignment
    06:42
  • play 36. Other Concerns
    02:33
  • play 37. Lesson 6: Incident Management Metrics and Indicators
    05:14
  • play 38. Implementation of the Security Program Management
    03:01
  • play 39. Management Metrics and Monitoring Part1
    01:35
  • play 40. Management Metrics and Monitoring Part2
    02:48
  • play 41. Other Security Monitoring Efforts
    04:24
  • play 42. Lesson 7: Current State of Incident Response Capability
    00:11
  • play 43. Threats
    04:39
  • play 44. Vulnerabilities
    06:15
  • play 45. Lesson 8: Developing an Incident Response Plan
    00:44
  • play 46. Elements of an Incident Response Plan
    08:19
  • play 47. Gap Analysis
    03:05
  • play 48. BIA Part1
    05:05
  • play 49. BIA Part2
    02:48
  • play 50. Escalation Process for Effective IM
    02:45
  • play 51. Help Desk Processes for Identifying Security Incidents
    01:27
  • play 52. Incident Management and Response Teams
    02:10
  • play 53. Organizing, Training, and Equipping the Response Staff
    01:55
  • play 54. Incident Notification Process
    00:55
  • play 55. Challenges in making an Incident Management Plan
    02:18
  • play 56. Lesson 9: BCP/DRP
    07:49
  • play 57. Goals of Recovery Operations Part1
    02:02
  • play 58. Goals of Recovery Operations Part2
    01:57
  • play 59. Choosing a Site Selection Part1
    05:37
  • play 60. Choosing a Site Selection Part2
    01:18
  • play 61. Implementing the Strategy
    03:58
  • play 62. Incident Management Response Teams
    02:10
  • play 63. Network Service High-availability
    04:17
  • play 64. Storage High-availability
    04:01
  • play 65. Risk Transference
    01:27
  • play 66. Other Response Recovery Plan Options
    01:29
  • play 67. Lesson 10: Testing Response and Recovery Plans
    02:17
  • play 68. Periodic Testing
    01:17
  • play 69. Analyzing Test Results Part1
    02:06
  • play 70. Analyzing Test Results Part2
    03:39
  • play 71. Measuring the Test Results
    00:58
  • play 72. Lesson 11: Executing the Plan
    01:56
  • play 73. Updating the Plan
    01:15
  • play 74. Intrusion Detection Policies
    01:38
  • play 75. Who to Notify about an Incident
    01:52
  • play 76. Recovery Operations
    01:53
  • play 77. Other Recovery Operations
    01:57
  • play 78. Forensic Investigation
    03:05
  • play 79. Hacker / Penetration Methodology
    11:50
  • play 80. Domain 04 Review
    01:15
  • play 81. Course Closure
    00:34
examvideo-11

About CISM: Certified Information Security Manager Certification Video Training Course

CISM: Certified Information Security Manager certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.

Domain 01 - Information Security Governance

90. BIA

Now when we talk about the roadmap, really when we look at the elements of strategy, the question is: what should go into the security strategy? Again, one of the things that needs to be included is the starting point and the destinations. Now, when we create this roadmap, it's really a document that's going to tell us how to get to that defined and desired state of security. Now the roadmap may have many stops along the way.

There may be times when you create some short-term goals to be able to help build you up to that long-term goal, which might be to get to the desired state of security. It's an important part of understanding where you are and where you need to go in order to develop that kind of plan or strategy. Now, other things that you should document, things that are going to be crucial for understanding what resources I have available to me to get to that desired state, are things like understanding the people that I have involved: do I have people with sufficient expertise or training? Do I have the resources necessary for whatever the strategy is going to be? Do you need to maybe look into getting third-party help?

What are the processes that you're going to go through? Again, remember that the processes, as you can look at them as part of the overall project, may have different dependencies and different timelines in which they are supposed to be executed. We must consider the technologies. Now, technologies are extremely beneficial and constantly evolving. In fact, it's not uncommon for new technology to emerge during the process of reaching your desired states, which may be an even better solution than the one you originally planned. And, of course, you want to look at other resources. Other resources could include monetary and financial resources, as well as the possibility of mergers.

91. Lesson 10: Information Security Strategy Development

So now I'm going to look at the roadmap. Like I said, prior to beginning the roadmap, we need to know what the desired level of security is going to be. We have to have an architecture chosen as a framework so that we can begin. And, as previously stated, achieving that desired state is typically regarded as a long-term goal that may include a number of short-term series, projects, and initiatives.

Now, another good thing about that, though, is that we are creating through this process ways of being able to get to those key points where we can say, "Look, we're meeting our deadlines, we're meeting our budgets, and we're meeting the time objectives that we're supposed to be at, at certain locations." It's providing some of those metrics and measurements that can help us see the progress of getting to that end point.

Now, this means that the overall roadmap is probably going to be broken down, as I said, into a series of short-term projects. But again, the benefits are that we have a lot of checkpoints and the ability to do reviews, to look, and to see if we're still on target. So there are a lot of benefits to this planning process.

92. The Roadmap

Part of what we need to look at, as we said, are the resources. And remember, resources are what's available to the organization, and they should be listed and considered when you're developing your security strategy. So examples of this are, of course, existing policies, standards, procedures, and guidelines.

Now, it is important to understand that part of our current state of security should be based on the current policies, standards, and procedures. Now, a policy is usually, as we said, a kind of framework or blueprint for what we are trying to achieve. And a part of this process may be the creation of new policies, but we still have to make sure we're working within existing policies because they were there to get you to the current state of security that you have. So I'm not going to suggest you just throw all the old policies out, don't have any standards throughout all the procedures, and forget that those are the items that helped get you to your current state of security, but instead try to work from that state to get to the new location or to the desired state.

You may now have some limitations or constraints; they may be physical in nature. You may just have no more room for growth within your current facilities. Maybe you've maxed out the power utilisation offered by the power suppliers, or whatever the case may be. It could be technical limitations or constraints that you have to deal with or existing technical resources that might be available as well. When we have limitations based on what we can get from our service providers, such as wide area networks or infrastructure, the type of cabling, not all facilities can get fibre optics basically into their network from their service providers. Some may be so rural that they're lucky to get a good copper phone line.

I hope that's not the case for you, but just to reiterate, we have some technical and physical issues, as well as procedural controls. Remember, there are maybe some regulations we have to follow as well to make sure we don't violate anything as we're getting to that new desired state. Look at your existing countermeasures and figure out if they work for what you're coming from. not only the existing state but also the desired state. Talk about layers of defence if you can put them in place. Again, this means that we must stay current on the technologies we are currently using as well as any new technologies that may be on the horizon as we work toward our long-term goal. Your organisational structure is very important in all aspects. In fact, there may be times when you encounter people who are hesitant or resistant to change.

Maybe you have to deal with the fact that there may be existing "kingdoms" that people don't want to give up. Some responsibilities from existing cultures might throw some constraints in there as well. Having clearly defined roles and responsibilities is certainly an important aspect. The skills, training, awareness, and education of everybody involved; existing audits to see if you are currently in compliance; and, of course, audits to help you see that you get to certain checkpoints or are on the way to the desired state. And do I have the existing and underlying risk and business impact assessments that help me create a clearly defined roadmap as part of my strategy to get to that desired state? Security?

93. Elements of a Strategy

Now, as I said, the resources and constraints kind of go hand in hand. However, constraints must be considered when developing a strategy. And again, you have some constraints that absolutely cannot budge. There may be legal issues or regulations that you cannot violate without risking severe criminal or civil penalties from the jurisdiction that you live in. Like I said, the physical environment may be enough of a constraint that there's no room for growth.

The corporation's ethics, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture, culture We've always done business this way, so we want to continue to do business this way. And again, it just kind of gets us into the "the way we've always done things" mentality rather than being flexible to see that growth. And again, it could be that the changes you make may affect other people's roles and responsibilities, or what we sometimes call their kingdoms. And we don't want to cause anyone to be upset. The costs. I'm not saying don't upset them. I'm just saying to think of these as constraints if they are truly constraints and there aren't ways to work around them. Again, the expenses are the costs.

Sometimes things go over the estimated costs. We talked about some of those pitfalls and coming up with the strategies, and, you know, people are kind of getting anchored onto an existing cost or not willing to take into account how things might evolve or change or not having those flexibilities. Your personnel and organisational structure could certainly be issues, especially if you're trying to get to a certain desired state. Maybe you require some new offsite facilities as backups, maybe as a part of your disaster recovery business continuity plans, and you've decided to put those facilities at such a distance that it's not reasonable for your current set of people to be able to drive those distances to man those facilities.

So that could also be another issue that you have to deal with. And of course, again, the resources and capabilities of the existing personnel and staff. If you've desired to find a new countermeasure and you have nobody trained in that particular product, that may be a limitation you have to come across. You might have time constraints as well, and of course, risk tolerance. Again, remembering that some of the constraints we have are that we might have a very small appetite for risk, As a result, we must ensure that we achieve the risk that we are willing to accept as part of the objectives. And again, that could cause a constraint insofar as maybe it takes too much time, too much money, not enough personnel, or whatever it is to get to a certain point.

94. Strategy Resources and Constraints

Now, the business impact assessment is something we should do while we're looking at our current risks. And in fact, a thorough business impact analysis of your critical systems and processes is there so you can get a good picture of your current state of security. Now people might say, "Okay, look, why do I need to see my current state?" I know where I want to be. Why do I look at my current state? We often use the gap between them to perform a gap analysis, so that if we know where we are now, we can begin the process of making course corrections, following the roadmap, or whatever great other term we use to get to the state that we're attempting to achieve. That is one way of looking at it. It's hard to chart a path if you don't know where you are, even if you know where it is you're trying to get to. So again, some of that business impact analysis that you have can help you get the information you need to create an effective strategy. The strategy must now address the gap between acceptable levels of impact and the current level of potential impacts.

Prepaway's CISM: Certified Information Security Manager video training course for passing certification exams is the only solution which you need.

examvideo-12

Pass Isaca CISM Exam in First Attempt Guaranteed!

Get 100% Latest Exam Questions, Accurate & Verified Answers As Seen in the Actual Exam!
30 Days Free Updates, Instant Download!

block-premium
block-premium-1
Verified By Experts
CISM Premium Bundle
$39.99

CISM Premium Bundle

$69.98
$109.97
  • Premium File 400 Questions & Answers. Last update: Mar 10, 2025
  • Training Course 388 Video Lectures
  • Study Guide 817 Pages
 
$109.97
$69.98
examvideo-13
Free CISM Exam Questions & Isaca CISM Dumps
Isaca.realtests.cism.v2025-01-06.by.alex.1105q.ete
Views: 290
Downloads: 893
Size: 1.97 MB
 
Isaca.actualtests.cism.v2021-12-31.by.james.1091q.ete
Views: 193
Downloads: 1310
Size: 1.39 MB
 
Isaca.examlabs.cism.v2021-11-30.by.scarlett.1009q.ete
Views: 141
Downloads: 1278
Size: 1.3 MB
 
Isaca.examlabs.cism.v2021-02-12.by.noah.954q.ete
Views: 1511
Downloads: 2109
Size: 1.27 MB
 
Isaca.prep4sure.cism.v2020-10-30.by.elizabeth.911q.ete
Views: 653
Downloads: 1842
Size: 1.22 MB
 
Isaca.real-exams.cism.v2020-05-23.by.arthur.723q.ete
Views: 861
Downloads: 2207
Size: 1.01 MB
 
Isaca.certkiller.cism.v2020-04-11.by.grayson.674q.ete
Views: 776
Downloads: 2106
Size: 970.76 KB
 
Isaca.train4sure.cism.v2020-01-18.by.giovanni.691q.ete
Views: 833
Downloads: 2248
Size: 1018.18 KB
 
Isaca.Train4sure.Cism.v2018-01-10.by.barbara.378qs.ete
Views: 3083
Downloads: 4153
Size: 677.44 KB
 

Student Feedback

star star star star star
79%
star star star star star
20%
star star star star star
0%
star star star star star
0%
star star star star star
1%

Comments * The most recent comment are at the top

learnflypro Academy
India
Mar 07, 2025
Thanks for sharing this informative here. Nicely described about CCNA Certification and CISCO certification .
very nice right the answer in certification training .
amna afzal
Pakistan
Feb 23, 2025
my problem is that i have to be very confused to give the right answer in exams even i know the right answer
L E O
United States
Feb 08, 2025
Good summary, quick powerpoint slides, brief explanation, comprehensive paper sets…thanks to the team.
Busy Bee
South Africa
Jan 26, 2025
My problem was lack of confidence and motivation, which was provided to me by the instructors of CISM. All the lectures and modules are capable enough to provide you with in-depth knowledge, while the examination paper sets come with a different level of difficulty to select from for preparing for the actual exam. Thank you all for the motivation and skills you provided me with.
Mr. Bo
Algeria
Jan 12, 2025
When I initially had a look at the modules of the CISM course, I almost lost my consciousness, thinking how would I clear the exams and also how I am able to go through all the modules and paper tests. But one of my friends suggested me with CISM preparation materials that made learning easy with the help of videos. Humble tone, intelligent speech, brief explanation, and what not is provided in the course module. Thanks tons for giving me desired numbers in the exams.
Julian
Iran
Jan 02, 2025
What a preparation course! I wasn’t able to believe my scoring when the results were in my hands. The course is prepared well that would give you all the required knowledge with any kind of updating in the papers and the course as well. The videos provided by the instructors are well built up with high standards that provide with every minor detailed the individual preparing for CISM should have. I would give the credit of my clearing certificate to the team of instructors who were there to help me anytime I wanted them.
Tom
Costa Rica
Dec 15, 2024
I have worked along hard with this course that made my learning quick and efficient. With the help of the simple language and tone provided by our instructors, it was easy for me to grasp the important details and clear the exams with a lovely score. Thank you for your quick learning course designing technique.
examvideo-17