A Guide to ISACA CISM Domains & Domain 1: Information Security Governance

1
A Guide to ISACA CISM Domains Domain 1
Information Security Governance
www.infosectrain.com sales_at_infosectrain.com
2
The Certified Information Security Manager
certification validates and proves your knowledge
and experience in developing and managing an
enterprise information security program.
www.infosectrain.com sales_at_infosectrain.com
3

• CISM is mainly designed for individuals who want
  to land in positions like Information Security
  Analysts, IT managers, or consultants supporting
  information security management. A CISM-certified
  professional is also expected to develop
  practices and policies, manage information
  security, and understand the relationship between
  business objectives and information security.
• When you are willing to learn CISM, you have to
  focus on the domains of CISM mainly. And here are
  the domains.
• Domains of CISM
• Information Security Governance
• Information Risk Management
• Information Security Program Development and
  Management
• Information Security Incident Management
• In this blog, we will discuss CISM domain
  1 Information Security Governance.

www.infosectrain.com sales_at_infosectrain.com
4
What is Information Security Governance? The
National Institute of Standards and Technology
(NIST) defines Information Security Governance as
the process of establishing and managing a
framework that ensures that information security
strategies are aligned with business objectives
and comply with applicable laws as well as
regulations by following standard policies and
internal controls. In its simplest form,
Information Security Governance entails good risk
management, reliable reporting controls,
comprehensive training and testing, and rigorous
corporate accountability. In addition to
providing direction for cybersecurity activities,
it ensures the companys security objectives are
effectively met. https//www.youtube.com/watch?v
lkGuKF1BFVc
www.infosectrain.com sales_at_infosectrain.com
5
Working of Information Security Governance CISOs
and other chief executive officers typically
oversee governance within an organization. With
the help of senior management and security
professionals, board members, CXOs and executives
identify information assets and information
security risks, create a strategy for securing
information systems and the data they contain,
and develop information security policies that
cover everything from access controls to
organizational security awareness. Using a
governance framework is crucial for ensuring that
the organizations policies, procedures, and
practices adhere to regulations and standards.
The most popular Information Security Governance
frameworks include
www.infosectrain.com sales_at_infosectrain.com
6

• National Institute for Security and Technology
  (NIST) publication 800-53
• The Payment Card Industry Data Security Standard
  (PCI DSS)
• Control Objectives for Information and Related
  Technology (COBIT)
• International Organization for Standardization
  (ISO) 27001
• The Health Information Portability and
  Accountability Act (HIPAA)

https//www.infosectrain.com/courses/cism-certific
ation-training/
www.infosectrain.com sales_at_infosectrain.com
7
Information Security Governance is more crucial
than ever. According to recent Nominet data, 66
percent of firms had at least one security breach
in the previous year, with 30 percent
experiencing several breaches. Nominet discovered
in its 2020 CISO Stress Report that CISOs ranked
the duty of safeguarding their organization and
its network as the most stressful aspect of their
job. According to the paper, since the pace of
cybercrime shows no indication of slowing down,
this stress is being compounded by the growing
frequency of cyber events. So, here are a few
tips to follow in order to stay on top of
Information Security Governance demands Select
a better framework The first step in becoming an
expert in your organizations information
security programs-or its lack thereof-is to
select a framework, such as ISO or COBIT. An
information security framework can serve as a
guide for implementing processes and procedures
across an organization and prevent the use of
haphazard approaches.




www.infosectrain.com sales_at_infosectrain.com
8
Take a close look at the IT infrastructure It is
very important to have a close look at your IT
infrastructure, and you have to concentrate
particularly on how servers and firewalls are
configured. Review your server configurations and
firewall rule sets. If you do not have any
pre-plan to review these devices, make it your
priority. You will also have to set up a process
and timeline for penetration testing and run
vulnerability scans on your network. Penetration
testing and vulnerability scans are the starting
points for any investigation into your
technology. Establish an Information Security
Governance committee What to do after
successfully developing the policies? Policies
should also be thoroughly reviewed by key
stakeholders, not just the IT and security
staff. Set up an information security governance
committee that includes legal, auditors, HR, and
C-suite representatives. The inclusion of people
with different (non-IT) perspectives is important
when developing policies. The governance
committee finalizes all policies, which then
creates the roadmap for the management and
training of information security programs.




www.infosectrain.com sales_at_infosectrain.com
9
Develop training programs The majority of
employees aspire to do the right thing. If you
tell them what they need to do, theyll usually
do it. All you have to do now is spell out the
business procedures and expectations. Audience-ba
sed security awareness training can go from left
to right and from top to bottom. You must
customize the material for various audiences. For
example, if youre speaking to a highly technical
IT audience, youll need to explain the security
standards that apply when setting up servers or
routers. You may need to discuss password length
and complexity as well as how to recognize
phishing and social engineering techniques for
non-technical audiences. If you are excited to
learn more about CISM, join infosecTrain for the
best lectures.




www.infosectrain.com sales_at_infosectrain.com
10

• Why InfosecTrain?
• As ISACA is our premium training partner, our
  trainers know how much and what exactly to teach
  to make you a professional.
• InfosecTrain allows you to customize your
  training schedules our trainers will provide
  one-on-one training.
• You can hire a trainer from Infosec Train who
  will teach you at your own pace.
• One more great part is that you will have access
  to all our recorded sessions.

www.infosectrain.com sales_at_infosectrain.com
11




That sounds exciting, right? So what are you
waiting for? Enroll in our CISM course and get
certified. Here you can get the best CISM domain
training.
www.infosectrain.com sales_at_infosectrain.com
12
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
13
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
14
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
15
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
16
(No Transcript)
17
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com