Main › CISSM) Certified Information System Security Manager

CISSM) Certified Information System Security Manager

CISSM) Certified Information System Security Manager

PREREQUISITES: 

A minimum of 1 year in Information Systems

STUDENT MATERIALS:

Student Workbook

CERTIFICATION EXAMS:
  • Mile2 C)ISSM – Certified Information Systems Security Manager
  • Covers ISACA® CISM exam objectives
CPES: 32 HOURS
WHO SHOULD ATTEND?
  • IS Security Officers
  • IS Managers
  • Risk Managers
  • Auditors
  • Information Systems Owners
  • IS Control Assessors
  • System Managers
  • Government

The Certified Information Systems Security Manager covers the skills and knowledge to assess threat analysis and risks, Risk & incident management, Security programs and CISO roles, IS security strategy and frameworks, Audit and Risk management creation of policies, compliance and awareness, as well as DR and BCP development, deployment and maintenance.

THE CERTIFIED INFORMATION SYSTEMS SECURITY MANAGER WILL RECEIVE IN-DEPTH KNOWLEDGE IN TOPICS THAT PERTAIN TO THE FOLLOWING:  
  • Information Security Governance
  • Information Risk Management & Compliance
  • Information Security Program Development & Management
  • Information Security Incident management.
COURSE CONTENT
MODULE 1 – INTRODUCTION
MODULE 2 – INFORMATION SECURITY GOVERNANCE
MODULE 3 – INFORMATION RISK MANAGEMENT AND COMPLIANCE
MODULE 4 – INFORMATION SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT
MODULE 5 –  INFORMATION SECURITY INCIDENT MANAGEMENT
DETAILED MODULE DESCRIPTION
MODULE 1 – INTRODUCTION
  • Welcome
  • Agenda
  • CISM
  • CISM Exam Review Course Overview
  • CISM Qualifications
  • The Learning Environment
  • Daily Format
  • Domain Structure
  • Course Structure
  • Logistics
MODULE 2 – INFORMATION SECURITY GOVERNANCE
  • Course Agenda
  • Examination Content
  • Chapter 1 Learning Objectives
  • The First Question
  • Information Security Governance Overview
  • Selling the Importance of Information Security
  • The First Priority for the CISM
  •  Business Goals and Objectives
  • Outcomes of Information Security Governance
  • Benefits of Information Security Governance
  • Performance and Governance
  • Information Security Strategy
  • Developing Information Security Strategy
  • Elements of a Strategy
  • Objectives of Security Strategy
  • The Goal of Information Security
  • Defining Security Objectives
  • Business Linkages
  • Business Case Development
  • The Information Security Program
  • Security Program Priorities
  • Security versus Business
  • Security Program Objectives
  • What is Security?
  • Security Integration
  • Security Program
  • Architecture
  • Information Security Frameworks
  • Using an Information Security Framework
  • The Desired State of Security
  • The Desired State cont.
  • The Maturity of the Security Program Using CMM
  • Using the Balanced Scorecard
  • The ISO27001:2013 Framework
  • Examples of Other Security Frameworks
  • Examples of Other Security Frameworks
  • Constraints and Considerations for a Security Program
  • Constraints and Considerations for a Security Program cont.
  • Elements of Risk and Security
  • Risk Management
  • Information Security Concepts
  • Information Security Concepts cont.
  • Security Program Elements
  • Security Program Elements cont.
  • Third Party Agreements
  • Roles and Responsibilities of Senior Management
  • Senior Management Commitment
  • Steering Committee
  • CISO Chief Information Security Officer Responsibilities
  • Business Manager Responsibilities
  • IT Staff Responsibilities
  • Centralized versus Decentralized Security
  • Evaluating the Security Program
  • Audit and Assurance of Security
  • Evaluating the Security Program
  • Effective Security Metrics
  • Effective Security Metrics cont.
  • Key Performance Indicators (KPIs)
  • End to End Security
  • Correlation Tools
  • Reporting and Compliance
  • Regulations and Standards
  • Effect of Regulations
  • Reporting and Analysis
  • Ethics
  • Ethical Standards
  • Ethical Responsibility
  • Practice Questions
MODULE 3 – INFORMATION RISK MANAGEMENT AND COMPLIANCE
  • Exam Relevance
  • Information Asset Classification
  • Roles and Responsibilities
  • Roles and Responsibilities
  • Information Classification Considerations
  • Regulations and Legislation
  • Asset Valuation
  • Valuation Process
  • Information Protection
  • Information Asset Protection
  • Definition of Risk
  • Why is Risk Important
  • Risk Management Definition
  • Risk Management Objective
  • Risk Management Overview
  • Risk Management Overview
  • Defining the Risk Environment
  • Threats to Information and Information Systems
  • Threat Analysis
  • Aggregate Risk
  • Cascading Risk
  • Identification of Vulnerabilities
  • The Effect of Risk
  • Impact
  • Impact cont.
  • Risk Management Process
  • Risk Assessment Methodology
  • Annualized Loss Expectancy (ALE)
  • Qualitative Risk Assessment
  • Data Gathering Techniques
  • Results of Risk Assessment
  • Alignment of Risk Assessment and BIA
  • Risk Treatment
  • Risk Treatment
  • Risk Mitigation and Controls
  • Control Recommendations
  • Cost Benefit Analysis of Controls
  • Cost Benefit Analysis of Controls cont.
  • Risk Mitigation Schematic
  • Control Types and Categories
  • Control Types and Categories cont.
  • Security Control Baselines
  • Ongoing Risk Assessment
  • Measuring Control Effectiveness
  • Building Risk Management In (Agenda)
  • Risk Related to Change Control
  • Controlling Risk in Change Control
  • Risk Management During SDLC
  • Ongoing Risk Management Monitoring and Analysis
  • Audit and Risk Management
  • Audit and Risk Management cont.
  • Risk in Business Process Re-Engineering
  • Risk in Project Management
  • Risk During Employment Process
  • New Employee Initiation
  • Risk During Employment
  • Risk at Termination of Employment
  • Risks During Procurement
  • Risk During Procurement cont.
  • Reporting to Management
  • Documentation
  • Training and Awareness
  • Training and Awareness
  • Training for End Users
  • Practice Questions
MODULE 4 – INFORMATION SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT
  • Security Strategy and Program Relationship
  • Information Security Management
  • Importance of Security Management
  • Definition
  • Effective Security Management
  • Reasons for Security Program Failure
  • Program Objectives
  • Security Program Development
  • Security Program Development cont.
  • Outcomes of Information Security Program Development
  • Governance of the Security Program
  • Role of the Information Security Manager (Agenda)
  • Strategy
  • Policy
  • Creating Effective Policy
  • Awareness
  • Implementation
  • Monitoring
  • Compliance
  • Developing an Information Security Road Map
  • Defining Security Program Objectives
  • Inventory of Information Systems
  • Challenges in Developing an Information Security Program
  • Challenges in Developing an Information Security Program cont.
  • Elements of a Security Program Road Map
  • Security Programs and Projects
  • Security Program and Project Development
  • Security Project Planning
  • Selection of Controls
  • Common Control Practices
  • Security Program Elements (Agenda)
  • Policies
  • Acceptable Use Policy
  • Acceptable Use Policy cont.
  • Standards
  • Procedures
  • Guidelines
  • Technology
  • Personnel Security
  • Training and Skills Matrix
  • Organizational Structure
  • Outsourced Security Providers
  • Third-party Service Providers
  • Facilities
  • Facilities Security
  • Environmental Security
  • Information Security Concepts (Agenda)
  • Information Security Concepts (Agenda)
  • Access Control
  • Identification
  • Authentication
  • Authorization
  • Accounting / Auditability
  • Criticality
  • Sensitivity
  • Trust Models
  • Technology-based Security
  • Technologies
  • Security in Technical Components
  • Operations Security
  • Technologies – Access Control Lists
  • Filtering and Content Management
  • Technologies – SPAM
  • Technologies – Databases and DBMS
  • Encryption
  • Technologies – Cryptography
  • Technologies – Cryptography cont.
  • Technologies – Encryption cont.
  • Technologies – Hashing Algorithms
  • Technology – Communications OSI Model
  • Technology – Communications TCP/IP
  • Technologies – Operating Systems
  • Technology – Firewalls
  • Emerging Technologies
  • Intrusion Detection Policies and Processes
  • Intrusion Detection Systems
  • IDS / IPS
  • Password Cracking
  • Vulnerability Assessments
  • Penetration Testing
  • Penetration Testing cont.
  • Third Party Security Reviews
  • Integration into Life Cycle Processes
  • Security in External Agreements
  • Security in External Agreements
  • Security Program Implementation
  • Phased Approach
  • Challenges During Implementation
  • Evaluating the Security Program
  • Evaluating Security Program cont.
  • Evaluating the Security Program cont.
  • Measuring Information Security Risk and Loss
  • Measuring Effectiveness of Technical Security Program
  • Measuring Effectiveness of Security Management
  • Security Project Management
  • Review of Security Compliance
  • Practice Questions
MODULE 5 –  INFORMATION SECURITY INCIDENT MANAGEMENT
  • Learning Objectives
  • Definition
  • Goals of Incident Management and Response
  • Goals of Incident Response cont.
  • What is an Incident – Intentional
  • What is an Incident – Unintentional
  • History of Incidents
  • Developing Response and Recovery Plans
  • Incident Management and Response
  • Incident Management and Response cont.
  • Incident Management and Response cont.
  • Importance of Incident Management and Response
  • Incident Response Functions
  • Incident Response Manager Responsibilities
  • Incident Response Manager Responsibilities cont.
  • Requirements for Incident Response Managers
  • Senior Management Involvement
  • The Desired State
  • Strategic Alignment of Incident Response
  • Detailed Plan of Action for Incident Management
  • Detailed Plan of Action for Incident Management – Prepare
  • Detailed Plan of Action for Incident Management – Prepare cont.
  • Detailed Plan of Action for Incident Management – Protect
  • Detailed Plan of Action for Incident Management – Detect
  • Detailed Plan of Action for Incident Management – Triage
  • Detailed Plan of Action for Incident Management – Response
  • Elements of an Incident Response Plan
  • Crisis Communications
  • Challenges in Developing an Incident Management Plan
  • Personnel
  • Personnel cont.
  • Personnel cont.
  • Team Member Skills
  • Skills cont.
  • Skills cont.
  • Security Concepts and Technologies
  • Organizing, Training and Equipping the Response Staff
  • Value Delivery
  • Performance Measurement
  • Reviewing the Current State of Incident Response Capability
  • Audits
  • Gap Analysis – Basis for
  • an Incident Response Plan
  • When an Incident Occurs
  • During an Incident
  • During an Incident cont.
  • Containment Strategies
  • The Battle Box
  • Evidence Identification and Preservation
  • Post Event Reviews
  • Disaster Recovery Planning (DRP) and Business Recovery Processes
  • Development of BCP and DRP
  • Plan Development
  • Plan Development cont.
  • Recovery Strategies
  • Recovery Strategies
  • Basis for Recovery Strategy Selections
  • Disaster Recovery Sites
  • Disaster Recovery Sites cont.
  • Recovery of Communications
  • Notification Requirements
  • Notification Requirements cont.
  • Response Teams
  • Insurance
  • Testing Response and Recovery Plans
  • Types of Tests
  • Test Results
  • Test Results cont.
  • Plan Maintenance Activities
  • BCP and DRP Training
  • Practice Questions

Main › C)ISSA. Certified Information System Security Auditor

C)ISSA. Certified Information System Security Auditor

C)ISSA. Certified Information System Security Auditor

PREREQUISITES:

A minimum of 1 year of Information Systems

STUDENT MATERIALS:

Student Workbook Certification

EXAMS:

Mile2 C)ISSA – Certified Information Systems Security Auditor

Covers ISACA® CISA exam objectives

Main › ITIL® Foundation for IT Service Management (with Case Study)

ITIL® Foundation for IT Service Management (with Case Study)

ITIL® Foundation for IT Service Management (with Case Study)

COURSE OVERVIEW

This 3-day course introduces the fundamentals of IT Service Management (ITSM) based on the IT Infrastructure Library (ITIL®). It describes the key concepts, processes, functions and roles of the ITIL® service lifecycle. The course is made up of lectures and practical assignments, which provide an interactive learning experience. This results in good awareness and comprehension of the main aspects of ITIL®. The course prepares attendees for the ITIL® Foundation Certificate examination. An exam voucher is provided to each student upon completion of the training.

PREREQUISITES
  • Experience and knowledge of IT computing environments are useful but not essential
AUDIENCE
  • IT professionals, business managers and business process owners
  • Individuals who require a basic understanding of the ITIL® framework and how it may be used to enhance the quality of IT service management within an organization
  • IT professionals that are working within an organization that has adopted and adapted ITIL® who need to be informed about and thereafter contribute to an ongoing service improvement program
COURSE OBJECTIVES

Candidates can expect to gain knowledge and understanding in the following upon successful completion of the education and examination components related to this certification:

  • Service management as a practice (comprehension)
  • The ITIL® service lifecycle (comprehension)
  • Generic concepts and definitions (awareness)
  • Key principles and models (comprehension)
  • Selected processes (awareness)
  • Selected functions (awareness)
  • Selected roles (awareness)
  • Technology and architecture (awareness)
  • Competence and training (awareness)
NEXT STEPS
  • Courses from the Lifecycle or Capability streams leading to the ITIL® Expert qualification
BENEFITS TO YOU
  • Understand how IT Services create value for the business and the importance of IT Service Management in making this happen
  • Understand how IT and the Business can collaborate to improve overall productivity and efficiency
  • See how each stage of the service lifecycle contributes to the overall service and how each process and role plays a part
  • Discover how to become more proactive
  • Learn ITSM concepts via a case study and related assignments
COURSE OUTLINE

Service Management as a Practice

  • Define the concept of a service, and comprehend and explain the concept of service management as a practice

The ITIL® service lifecycle

  • Understand the value of the ITIL® service lifecycle, how the processes integrate with each other, throughout the lifecycle and explain the objectives, scope and business value for each phase in the lifecycle

Generic concepts and definitions

  • Define some of the key terminology and explain the key concepts of service management

Key principles and models

  • Comprehend and account for the key principles and models of service management and to balance some of the opposing forces within service management

Processes

  • Understand how the service management processes contribute to the ITIL® service lifecycle, to explain the purpose, objectives, scope, basic concepts, activities and interfaces of the processes

Functions

  • Explain the role, objectives and organizational structures of the different functions

Roles

  • Account for and be aware of the responsibilities of some of the key roles in service management

Technology and architecture

  • Understand how service automation assists with expediting service management processes

Competence and training

  • Competence and skills for service management

Mock exam

  • Help the candidate to pass the ITIL® Foundation exam

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › ITIL® Service Transition (ST)

ITIL® Service Transition (ST)

ITIL® Service Transition (ST)

SPECIAL NOTES

A 90-minute multiple-choice exam is included with the cost of the course.

For VILT (virtual instructor-led training) sessions:The course will be in session on all three days (8:30am- approximately 5:00pm Central Time). After completing the course, you will take the exam through CSME at your convenience via an exam voucher. (Note: Exam Vouchers expire within 30 days of completion of the course). Upon registering, you will receive specific instructions on how to arrange for your exam. HP strongly recommends you take the exam within a few days of completing the course.

COURSE OVERVIEW

This 3-day course covers the Service Transition component of the ITIL® lifecycle. Topics include change management, service asset and configuration management, service release and deployment, service validation and testing, change evaluation, and decision making with the Service Management Knowledge System (SMKS). The course prepares attendees for the ITIL® Intermediate Qualification: Service Transition Certificate, one of the modules that leads to the ITIL® Expert Certificate in IT Service Management.

PREREQUISITES
  • Hold the ITIL® Foundation Certificate in IT Service Management (or other appropriate earlier ITIL® and bridge qualifications)
  • A basic IT literacy and around 2 years IT experience are highly desirable
  • Undertake at least 21 contact hours (hours of instruction, excluding breaks, with an Accredited Training Organization (ATO) or an accredited e-learning solution), as part of a formal, approved training course/scheme
  • Complete at least 21 hours of personal study by reviewing the syllabus and the ITIL® Service Transition publication in preparation for the examination
AUDIENCE
  • Chief information officers (CIOs), Chief technology officers (CTOs), Managers, Supervisory staff, Team leaders, Service designers
  • IT architects, IT planners, IT consultants, IT audit managers, IT security managers
  • ITSM trainers involved in the ongoing management, coordination and integration of transition activities within the service lifecycle
  • Individuals who require a detailed understanding of the ITIL® service transition stage of the ITIL® service lifecycle and of how it may be implemented to enhance the quality of IT service provision within an organization
  • IT professionals working within, or about to enter, a service transition environment and requiring a detailed understanding of the processes, functions and activities involved
  • Individuals who have attained the ITIL® Foundation Certificate in IT Service Management and wish to advance to higher level ITIL®certifications
  • Individuals seeking the ITIL® Expert Certification in IT Service Management for which this qualification can be one of the prerequisite modules
  • Individuals seeking progress toward the ITIL® Master Certificate in IT Service Management for which the ITIL® Expert is a prerequisite
COURSE OBJECTIVES

Candidates can expect to gain competencies in the following upon successful completion of the education and examination components relating to this certification:

  • Introduction to service transition
  • Service transition principles
  • Service transition processes
  • Managing people through service transitions
  • Organizing for service transition
  • Technology considerations
  • Implementing and improving service transition
  • Challenges, critical success factors and risks
NEXT STEPS
  • Courses from the Lifecycle or Capability streams leading to the ITIL® Expert qualification
BENEFITS TO YOU
  • Identify the ITIL® lifecycle and the fundamental processes involved in Service Transition and how to integrate them into your business’ IT service model
COURSE OUTLINE

Introduction to Service Transition

  • The purpose and objectives of service transition
  • The scope of service transition and ways that service transition adds value to the business
  • The context of service transition in relation to all other lifecycle stages

Service Transition Principles

  • Service transition policies, principles and best practices for service transition
  • How to use metrics to ensure the quality of a new or changed service and the effectiveness and efficiency of service transition
  • The inputs to and outputs from service transition as it interfaces with the other service lifecycle phases

Service Transition Processes

  • A management perspective of the purpose and value of the service transition processes, how they integrate within service transition and how they interface with other lifecycle phases
  • Processes: Transition Planning and Support, Change Management, Service Asset and Configuration Management, Release and Deployment Management, Service Validation and Testing, Change Evaluation, Knowledge Management

Managing People through Service Transitions

  • How to address and manage the communication and commitment aspects of service transition
  • How to manage organizational and stakeholder change
  • How to develop a stakeholder management strategy, map and analyse stakeholders and monitor changes in stakeholder commitment

Organizing for service transition

  • How the technical and application management functions interface with service transition
  • The interfaces that exist between service transition and other organizational units (including programmes, projects, service design and suppliers) and the “handover points” required to ensure delivery of new or change services within the agreed schedule
  • Service transition roles and responsibilities, where and how they are used, as well as examples of how small or larger service transition organizations would be structured to use these roles
  • Why service transition needs service design and service operation, what it uses from them and how

Technology Considerations

  • Technology requirements that support the service transition stage and its integration into the service lifecycle
  • Types of knowledge management, service asset and configuration management and workflow tools that can be used to support service transition

Implementing and improving service transition

  • The key activities for introducing an integrated service transition approach into an organization
  • The design, creation, implementation and use of service transition in a virtual or cloud environment.

Challenges, critical success factors and risks

  • Be able to provide insight and guidance for service transition challenges, risks and critical success factors

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html