All of our content is centered around the Latest CISM Testable Domains
- 2000 Test Question Database
- Extended Support during the weeks prior to the exam
Self Paced Training
- Complete Domain Coverage
- Bonus Crypotraphy Module
- Self-Paced Module Tracking
- Dropbox Account with Instructor Resources
Domain 2—Information Risk Management and Compliance (33%)
- 2.1 Establish and maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
- 2.2 Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
- 2.3 Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify risk to the organization’s information.
- 2.4 Determine appropriate risk treatment options to manage risk to acceptable levels.
- 2.5 Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level.
- 2.6 Identify the gap between current and desired risk levels to manage risk to an acceptable level.
- 2.7 Integrate information risk management into business and IT processes (for example, development, procurement, project management, mergers and acquisitions) to promote a consistent and comprehensive information risk management process across the organization.
- 2.8 Monitor existing risk to ensure that changes are identified and managed appropriately.
- 2.9 Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision-making process.
Domain 4—Information Security Incident Management (18%)
- 4.1 Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate identification of and response to incidents.
- 4.2 Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents.
- 4.3 Develop and implement processes to ensure the timely identification of information security incidents.
- 4.4 Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organizational requirements.
- 4.5 Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management.
- 4.6 Organize, train and equip teams to effectively respond to information security incidents in a timely manner.
- 4.7 Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities.
- 4.8 Establish and maintain communication plans and processes to manage communication with internal and external entities.
- 4.9 Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.
- 4.10 Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan.