Warrior's comprehensive CISM bootcamp is tailored to provide an intensive fast track to certification.

The syllabus includes

Information security concepts

Information Risk Management

• The relationship between information security and business operations techniques used to secure senior management commitment and support of information security management.

• Methods of integrating information security governance into the overall enterprise governance framework.

• Practices associated with an overall policy directive that captures senior management.

• Level direction and expectations for information security in laying the foundation for information security management within an organization.

• An information security steering group function.

• Information security management roles, responsibilities and organizational structure.

• Areas of governance (for example, risk management, data classification management, network security, system access).

• Centralized and decentralized approaches to coordinating information security.

• Common insurance policies and imposed conditions (for example, crime or fidelity insurance, business interruptions)

• The requirements for the content and retention of business records and compliance.

• The process for linking policies to enterprise business objectives.

• The function and content of essential elements of an information security program (for example, policy statements, procedures and guidelines).

• Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures.

• Information security process improvement and its relationship to traditional process management.

• Information security process improvement and its relationship to security architecture development and modeling.

• Information security process improvement and its relationship to security infrastructure.

• Generally accepted international standards for information security management and related process improvement models.

• Methodology for business case development and computing enterprise value proposition.

Information Risk Management

* Information resources used in support of business processes.

* Information resource valuation methodologies.

* Information classification.

* The principles of development of baselines and their relationship to risk-based assessments of control requirements.

* Life-cycle-based risk management principles and practices.

* Threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources.

* Quantitative and qualitative methods used to determine sensitivity and criticality of information resources and the impact of adverse events.

* Use of gap analysis to assess generally accepted standards of good practice for information security management against current state.

* Recovery time objectives (RTO) for information resources and how to determine RTO.

RTO and how it relates to business continuity and contingency planning objectives and processes.

* Risk mitigation strategies used in defining security requirements for information resources supporting business applications.

* Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.

* Managing and reporting status of identified risks

Information Security Program Development

* Methods to develop an implementation plan that meets security requirements identified in risk analyses.

* Project management methods and techniques.

* The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise.

* Security baselines and configuration management in the design and management of business applications and the infrastructure.

* Information security architectures: (for example, single sign-on, rules-based as opposed to list-based system access control for systems, limited points of systems administration).

* Information security technologies (for example, cryptographic techniques and digital signatures, to enable management to select appropriate controls).

* Security procedures and guidelines for business processes and infrastructure activities. The systems development life cycle methodologies (for example, traditional SDLC, prototyping).

* Planning, conducting, reporting and follow-up of security testing.

* Certifying and accrediting the compliance of business applications and infrastructure to the enterprise's information security governance framework.

* Types, benefits and costs of physical, administrative and technical controls.

* Planning, designing, developing, testing and implementing information security requirements into an enterprise's business processes.

* Security metrics design, development and implementation.

* Acquisition management methods and techniques (for example, evaluation of vendor service level agreements, preparation of contracts).

Information Security Program Management

* How to interpret information security policies into operational use.

* Information security administration process and procedures.

* Methods for managing the implementation of the enterprise's information security program through third parties including trading partners and security services providers.

* Continuous monitoring of security activities in the enterprise's infrastructure and business applications.

* Methods used to manage success/failure in information security investments through data collection and periodic review of key performance indicators.

* Change and configuration management activities.

* Information security management due diligence activities and reviews of the infrastructure.

* Liaison activities with internal/external assurance providers performing information security reviews.

* Due diligence activities, reviews and related standards for managing and controlling access to information resources.

* External vulnerability reporting sources, which provide information that may require changes to the information security in applications and infrastructure.

* Events affecting security baselines that may require risk reassessments and changes to information security requirements in security plans, test plans and reperformance

information security problem management practices.

* Information security manager facilitative roles as change agents, educators and consultants.

* The ways in which culture and cultural differences affect the behavior of staff.

* The activities that can change culture and behavior of staff.

* Methods and techniques for security awareness training and education.

Incident Management and Response

* The components of an incident response capability.

* Information security emergency management practices (for example, production change control activities, development of computer emergency response team).

* Disaster recovery planning and business recovery processes.

* Disaster recovery testing for infrastructure and critical business applications.

* Escalation processes for effective security management.

* Intrusion detection policies and processes.

* Help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks.

* The notification process in managing security incidents and

recovery: (for example, automated notice and recovery mechanisms for example in response to virus alerts in a real-time fashion).

* The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence.

* Post-incident reviews and follow-up procedures.