CISM Domain-1

This domain will cover the following aspects:

 Understanding importance of security alignment with Business

 Identify Security Requirements and preparing the Information Security Charter

 Preparing strategy based on current and Desired Security Status and common pitfalls. 

 Importance of Security Evaluations, Direction and Oversight and how to setup.

CISM Domain-2

 Understanding emerging risk and threat landscape, Vulnerability and Control Deficiency Analysis.

 Considerations while setting up the Risk Management Function

 Risk Based approach to control implementation 

 Continuous evaluation of the Security Risk posture. 

CISM Domain-3

 Understand how to develop an Information Security Program by utilizing industry standards and frameworks, Information Security policies, Standards, procedures and guidelines while creating an Information Security Program Road Map.

 Ongoing Management of an information security program by focusing on design, control, implementation, integration, testing, evaluation and training, communications and reporting.

CISM Domain-4

 Considerations while setting up the Incident Response and Business Continuity programs for Detection, Response and Recovery 

 Setting up and continued assessment of the incident management readiness based on Business Impact Analysis, Business Continuity, Disaster Recovery, Incident Management Training, Testing and ongoing Evaluation.

 Understand and apply Concepts and practices during Incident Management Operations, Common Tools and Technologies, Incident Containment Methods, Incident Eradication and Recovery and Post-Incident Review Practices.