Domain 2: Asset Security

• Classification and Ownership of Information Assets

• Data Protection and Retention Policies

• Data Security Controls and Handling Requirements

 

Domain 3: Security Architecture and Engineering

• Security Models and Design Principles

• Cryptography and Secure Protocols

• Security of Systems and Application Architectures

 

Domain 4: Communication and Network Security

• Secure Network Architecture and Design

• Network Attacks and Countermeasures

• Wireless and VoIP Security

 

Domain 5: Identity and Access Management (IAM)

• Authentication, Authorization, and Accounting (AAA)

• Identity as a Service (IDaaS) and Federation

• Access Control Models

 

Domain 6: Security Assessment and Testing

• Security Testing Methodologies

• Vulnerability Assessments and Penetration Testing

• Security Auditing and Compliance

 

Domain 7: Security Operations

• Incident Management and Forensics

• Logging, Monitoring, and SIEM Solutions

• Malware and Threat Intelligence

 

Domain 8: Software Development Security

• Secure Software Development Life Cycle (SDLC)

• Software Security Controls and Code Review

• Security in DevOps and Agile Environments

 

CISM Certification Training

Domain 1: Information Security Governance

• Governance and Compliance Frameworks

• Developing an Information Security Strategy

• Regulatory and Legal Compliance

 

Domain 2: Information Risk Management

• Risk Assessment and Risk Treatment

• Risk Mitigation Strategies

• Business Impact Analysis (BIA)

 

Domain 3: Information Security Program Development and Management

• Developing and Implementing Security Policies

• Security Awareness and Training Programs

• Metrics and Performance Measurement

 

Domain 4: Information Security Incident Management

• Incident Response Planning

• Cyber Threat Intelligence and Analysis

• Digital Forensics and Investigation