IT Guy

IT、AI / Machine Learning、IoT、Project Management、プログラミング、ITIL等々

CISM 4 domains

CISM 4 domains
* CISM Review Manual 4th Edition(2016年試験用)の目次

Domain 1 - Information Security Governance (24%)

  • The body of knowledge and associated tasks necessary to develop an information security governance structure aligned with organizational objectives.

1.4 Information Security Governance Overview
1.5 Effective Information Security Governance
1.6 Governance and Third-party Relationships
1.7 Information Security Governance Metrics
1.8 Information Security Strategy Overview
1.9 Developing an Information Security Strategy
1.10 Information Security Strategy Objective
1.11 Determining Current State of Security
1.12 Information Security Strategy Development
1.13 Strategy Resources
1.14 Strategy Constraints
1.15 Action Plan to Implement Strategy

Domain 2 - Information Risk Management and Compliance (33%)

  • The knowledge base that the information security manager must understand in order to appropriately apply risk management principles and practices to an organization's information security program.

2.4 Risk Management Overview
2.5 Risk Management Strategy
2.6 Effective Information Risk Management
2.7 Information Risk Management Concepts
2.8 Implementing Risk Management
2.9 Risk Assessment and Analysis Methodologies
2.10 Risk Assessment
2.11 Information Resource Valuation
2.12 Recovery Time Objectives
2.13 Integration with Life Cycle Processes
2.14 Security Control Baselines
2.15 Risk Monitoring and Communication
2.16 Training and Awareness
2.17 Documentation

Domain 3 - Information Security Program Development and Management (25%)

  • The diverse areas of knowledge needed to develop and manage an information security program.

3.4 Information Security Program Management Overview
3.5 Information Security Program Objectives
3.6 Information Security Program Concepts
3.7 Scope and Charter of an Information Security Program
3.8 The Information Security Management Framework
3.9 Information Security Framework Components
3.10 Defining an Information Security Program Road Map
3.11 Information Security Infrastructure and Architecture
3.12 Architecture Implementation
3.13 Security Program Management and Administrative Activities
3.14 Security Program Services and Operational Activities
3.15 Controls and Countermeasures
3.16 Security Program Metrics and Monitoring
3.17 Common Information Security Program Challenges

Domain 4 - Information Security Incident Management (18%)

  • The essential knowledge neceesary to establish an effective program to respond to and subsequently manage incidents that threaten an organization's information systems and infrastructure.

4.4 Incident Management Overview
4.5 Incident Response Procedures
4.6 Incident Management Organization
4.7 Incident Management Resources
4.8 Incident Management Objectives
4.9 Incident Management Metrics and Indicators
4.10 Defining Incident Management Procedures
4.11 Current State of Incident Response Capability
4.12 Developing an Incident Response Plan
4.13 Business Continuity and Disaster Recovery Procedures
4.14 Testing Incident Response and Business Continuity / Disaster Recovery Plans
4.15 Executing Response and Recovery Plans
4.16 Postincident Activities and Investigation