GIPMC
  • Contact Us
img

Certified Information Systems Security Manager (CISSM)

Course Description:

The Certified Information Systems Security Manager (CISSM)® certification stands out in the field of information security credentials because it's tailored specifically for people who have managed an information security program. It's widely recognized globally as a significant achievement for those with experience in this area. This certification is unique in the field of information security because it's made for individuals who have managed information security programs. Benefits: There are many reasons to get this certification: - It's recognized worldwide as a qualification for information security managers. - It helps you understand how to oversee information security. - It teaches you how to create and manage an information security program. - It teaches you how to handle security incidents. - It helps you understand information risk management better. - It allows information security professionals to enhance their existing credentials and shows evidence of career

$ 800.00 $ 575.00
Add to Cart
Buy Now

Browse Certifications Info

Certification Overview

The Certified Information Systems Security Manager (CISSM)® certification stands out in the field of information security credentials because it's tailored specifically for people who have managed an information security program. It's widely recognized globally as a significant achievement for those with experience in this area. This certification is unique in the field of information security because it's made for individuals who have managed information security programs. Benefits: There are many reasons to get this certification: - It's recognized worldwide as a qualification for information security managers. - It helps you understand how to oversee information security. - It teaches you how to create and manage an information security program. - It teaches you how to handle security incidents. - It helps you understand information risk management better. - It allows information security professionals to enhance their existing credentials and shows evidence of career growth. - It acknowledges the acquisition of advanced job skills required for an information security professional. - It gives access to valuable resources like networking with peers and exchanging ideas.

E-Course Duration: 30 to 35 Hours

Download Sample Exam

Exam Information

  • The test consists of 100 questions. To pass, you need to get at least 70 of them right, which is 70% of the total.

  • You can take the exams online, and they're supervised using a webcam and a good internet connection. This means you can take the exams from anywhere and at any time.

  • The exam lasts for 1 hour and 20 minutes, which is the same as 80 minutes.

  • During the exam with ProctorU, you can't use any outside sources of information. They'll tell you what you can use, like your ID.

  • If you don't pass the exam on your second try, you need to wait at least fourteen (14) days before trying again for the third time or any time after that. You can take the exam as many times as you need to.

  • The Certified Information Systems Security Manager (CISSM)® certification is valid for 5 years. After that, you need to renew it once every 5 years to keep your certification credentials active.

  • CISSM® is a Registered Trademark of GIPMC.

  • N/A

  • Note: You don't need to finish an E-Course from the GIPMCBok portal before getting the Certified Information Security Professional (CISSM)® Certification. However, we strongly suggest doing it because many questions in the actual exam come from the E-Course.
Download Brochure

Course Outline

Module 1 - Introduction to Information Security

    • 1.2 More Than Just Computer Security
    • 1.2.1 Employee Mind-Set toward Controls
    • 1.3 Roles and Responsibilities
    • 1.3.1 Director, Design and Strategy
    • 1.4 Common Threats
    • 1.5 Policies and Procedures
    • 1.6 Risk Management
    • 1.7 Typical Information Protection Program

Module 2 - Threats to Information Security

    • 2.1 What Is Information Security?
    • 2.2 Common Threats
    • 2.2.1 Errors and Omissions
    • 2.2.2 Fraud and Theft
    • 2.2.3 Malicious Hackers
    • 2.2.4 Malicious Code
    • 2.2.5 Denial-of-Service Attacks
    • 2.2.6 Social Engineering
    • 2.2.7 Common Types of Social Engineering

Module 3 - The Structure of an Information Security Program

    • 3.1.1 Enterprisewide Security Program
    • 3.2 Business Unit Responsibilities
    • 3.2.1 Creation and Implementation of Policies and Standards
    • 3.2.2 Compliance with Policies and Standards
    • 3.3 Information Security Awareness Program
    • 3.3.1 Frequency
    • 3.3.2 Media
    • 3.4 Information Security Program Infrastructure
    • 3.4.1 Information Security Steering Committee
    • 3.4.2 Assignment of Information Security Responsibilities
    • 3.4.2.1 Senior Management
    • 3.4.2.2 Information Security Management
    • 3.4.2.3 Business Unit Managers
    • 3.4.2.4 First Line Supervisors
    • 3.4.2.5 Employees
    • 3.4.2.6 Third Parties

Module 4 - Information Security Policies

    • 4.1 Policy Is the Cornerstone
    • 4.2 Why Implement an Information Security Policy
    • 4.3 Corporate Policies
    • 4.4 Organizationwide (Tier 1) Policies
    • 4.4.1 Employment
    • 4.4.2 Standards of Conduct
    • 4.4.3 Conflict of Interest
    • 4.4.4 Performance Management
    • 4.4.5 Employee Discipline
    • 4.4.6 Information Security
    • 4.4.7 Corporate Communications
    • 4.4.8 Workplace Security
    • 4.4.9 Business Continuity Plans (BCPs)
    • 4.4.10 Procurement and Contracts
    • 4.4.11 Records Management
    • 4.4.12 Asset Classification
    • 4.5 Organizationwide Policy Document
    • 4.6 Legal Requirements
    • 4.6.1 Duty of Loyalty
    • 4.6.2 Duty of Care
    • 4.6.3 Federal Sentencing Guidelines for Criminal Convictions
    • 4.6.4 The Economic Espionage Act of 1996
    • 4.6.5 The Foreign Corrupt Practices Act (FCPA)
    • 4.6.5 Sarbanes–Oxley (SOX) Act
    • 4.6.6 Health Insurance Portability and Accountability Act (HIPAA)
    • 4.6.7 Gramm–Leach–Bliley Act (GLBA)
    • 4.7 Business Requirements
    • 4.8.1 Policy
    • 4.8.2 Standards
    • 4.8.3 Procedures
    • 4.8.4 Guidelines
    • 4.9 Policy Key Elements
    • 4.10 Policy Format
    • 4.10.1 Global (Tier 1) Policy
    • 4.10.1.1 Topic
    • 4.10.1.2 Scope
    • 4.10.1.3 Responsibilities
    • 4.10.1.4 Compliance or Consequences
    • 4.10.1.5 Sample Information Security Global Policies
    • 4.10.2 Topic-Specific (Tier 2) Policy
    • 4.10.2.1 Thesis Statement
    • 4.10.2.2 Relevance
    • 4.10.2.3 Responsibilities
    • 4.10.2.4 Compliance
    • 4.10.2.5 Supplementary Information
    • 4.10.3 Application-Specific (Tier 3) Policy

Module 5 - Asset Classification

    • 5.1 Introduction
    • 5.2 Overview
    • 5.3 Why Classify Information?
    • 5.4 What Is Information Classification?
    • 5.5 Where to Begin?
    • 5.6 Information Classification Category Examples
    • 5.6.1 Example 1
    • 5.6.2 Example 2
    • 5.6.3 Example 3
    • 5.6.4 Example 4
    • 5.7 Resist the Urge to Add Categories
    • 5.8 What Constitutes Confidential Information
    • 5.8.1 Copyright
    • 5.9 Employee Responsibilities
    • 5.9.1 Owner
    • 5.9.1.1 Information Owner
    • 5.9.2 Custodian
    • 5.9.3 User
    • 5.10 Classification Examples
    • 5.10.1 Classification: Example 1
    • 5.10.2 Classification: Example 2
    • 5.10.3 Classification: Example 3
    • 5.10.4 Classification: Example 4
    • 5.11 Declassification or Reclassification of Information
    • 5.12 Records Management Policy
    • 5.12.1 Sample Records Management Policy
    • 5.13 Information Handling Standards Matrix
    • 5.13.1 Printed Material
    • 5.13.2 Electronically Stored Information
    • 5.13.3 Electronically Transmitted Information
    • 5.13.4 Record Management Retention Schedule
    • 5.14 Information Classification Methodology
    • 5.15 Authorization for Access
    • 5.15.1 Owner
    • 5.15.2 Custodian
    • 5.15.3 User

Module 6 - Access Control

    • 6.1 Business Requirements for Access Control
    • 6.1.1 Access Control Policy
    • 6.2 User Access Management
    • 6.2.1 Account Authorization
    • 6.2.2 Access Privilege Management
    • 6.2.3 Account Authentication Management
    • 6.3 System and Network Access Control
    • 6.3.1 Network Access and Security Components
    • 6.3.2 System Standards
    • 6.3.3 Remote Access
    • 6.4 Operating System Access Controls
    • 6.4.1 Operating Systems Standards
    • 6.4.2 Change Control Management
    • 6.5 Monitoring System Access
    • 6.5.1 Event Logging
    • 6.5.2 Monitoring Standards
    • 6.5.3 Intrusion Detection Systems
    • 6.6 Cryptography
    • 6.6.1 Definitions
    • 6.6.2 Public Key and Private Key
    • 6.6.3 Block Mode, Cipher Block, and Stream Ciphers
    • 6.6.4 Cryptanalysis
    • 6.7 Sample Access Control Policy

Module 7 - Physical Security

    • 7.1 Data Center Requirements
    • 7.2 Physical Access Controls
    • 7.2.1 Assets to be Protected
    • 7.2.2 Potential Threats
    • 7.2.3 Attitude toward Risk
    • 7.2.4 Sample Controls
    • 7.3 Fire Prevention and Detection
    • 7.3.1 Fire Prevention
    • 7.3.2 Fire Detection
    • 7.3.3 Fire Fighting
    • 7.4 Verified Disposal of Documents
    • 7.4.1 Collection of Documents
    • 7.4.2 Document Destruction Options
    • 7.4.3 Choosing Services
    • 7.5 Agreements
    • 7.5.1 Duress Alarms
    • 7.6 Intrusion Detection Systems
    • 7.6.1 Purpose
    • 7.6.2 Planning
    • 7.6.3 Elements
    • 7.6.4 Procedures
    • 7.7 Sample Physical Security Policy

Target Audience

  • CEO / CFO / CIO / CTO / CISO
  • IS / IT Specialist / Analyst / Manager
  • IS / IT Auditor / Consultant
  • IS / IT Head / Director
  • IT Operations Manager / Head / Director
  • IT Compliance Manager / Head / Director
  • Security Head / Director
  • Security Specialist / Analyst
  • Security Manager / Architect
  • Security Consultant / Professional
  • Security Officer / Engineer
  • Security Administrator
  • Security Auditor
  • Network Specialist / Analyst
  • Network Manager / Architect
  • Network Consultant / Professional
  • Network Administrator
  • Senior Systems Engineer
  • Systems Analyst
  • Systems Administrator
Subscribe

Join Our Newsletter Now

Subscribe to GIPMC mailing list to receive update on new Certifications, Special Offers and Discount Information.