- Information Security Governance
- An information security steering group function
- Legal and regulatory issues associated with Internet businesses, global transmissions and transborder data flows
- Common insurance policies and imposed conditions
- Information security process improvement
- Recovery time objectives (RTO) for information resources
- Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
- Security metrics design, development and implementation.
- Information security management due diligence activities and reviews of the infrastructure.
- Events affecting security baselines that may require risk reassessments
- Changes to information security requirements in security plans, test plans and reperformance
- Disaster recovery testing for infrastructure and critical business applications.
|
- The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence.
- External vulnerability reporting sources
- The key components of cost benefit analysis and enterprise migration plans
- Privacy and tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security
- CISM information classification methods
- Life-cycle-based risk management principles and practices.
- Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
- Security baselines and configuration management in the design and management of business applications and the infrastructure.
- Acquisition management methods and techniques
- Evaluation of vendor service level agreements, preparation of contracts)
- CISM question and answer review
|
