CISMP Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

This Certificate in Information Security Management Principles (CISMP) training course covers the Information Security Essentials and Information Security Essentials Plus courses. These will prepare you to take the industry recognized Certificate in Information Security Management Principles (CISMP) exam by the British Computer Society (BCS).

By attending CISMP workshop, delegates will learn to:

Champion the security cause in an organization (business need, communicate what applies and relative importance, concrete high-level steps to take, desired outcome, interrelationships of risk assessment, business continuity planning, countermeasures, and policies)
Describe an integrated approach to Governance, Risk and Compliance (GRC) that moves an organization ahead of mere compliance
Describe generalized security lifecycle as starting point in organizational discussions, and how processes fit together
Identify what aspect of security (CIA) is at risk from specific types of attack in an environment
Outline types of threats, vulnerabilities, and regulations that affect an environment
Describe the standards related to security process management, roles, and responsibilities throughout an organization
Identify the legal requirements that affect the security program
List standards supporting the choice of controls and countermeasures
Recognize software development practices that support integrating security requirements
Describe and prepare for an audit
List best practices in handling a security incident
Begin to prepare for industry-recognized security and risk certifications, or a security administration position

A basic understanding of operating systems and networks
Some experience with managing networks is helpful but not required
Some experience in project management or organizational management may be helpful but not required

The CISMP class is ideal for:

Anyone working toward the BCS Certificate in Information Security Management Principles (CISMP) certification
IT managers or members of information security management teams
Systems managers
Anyone working towards an industry recognized certification such as ISO/IEC 27001, ISO/IEC 27002, CISMP, CISSP, Security+ or CCSK

Setting a secure foundation

Champion the business case for the importance of information security
Describe how security/IA can become a business advantage
Discuss information assurance maturity models
Identify relevant sources of compliance requirements: legislative, regulatory, client

Defining key tenets of information security

Define information security and its key elements, Confidentiality, Integrity, and Availability
Map compliance requirements to securing information (CIA)
Differentiate between threats, vulnerabilities, and attacks
Apply definitions to an environment
Identify forms of threat
List common enterprise vulnerabilities
Describe what constitutes a security incident

Managing information security in the organization

Communicate the advantages of using an existing framework
Illustrate the security governance lifecycle
List the key roles, responsibilities, and interactions
Describe components of security professionalism and ethics
Differentiate between policy, standard, procedure, and guideline
Distinguish what makes a good security policy
Describe the importance of communicating policies

Introduction to IT threats, vulnerabilities, and attacks

Describe vulnerabilities in client/server communication
Describe why large organizations are vulnerable
Identify physical, technical, and social forms of security threat
Identify and describe the most common attacks
Discuss common examples of social engineering

Assessing risk

Describe the role of risk management in information security and how the elements fit with the security governance lifecycle
Estimate your organization's risk appetite in various key areas and begin a plan to verify
Distinguish business impact analysis from risk assessment
Distinguish quantitative and qualitative risk analysis
List applicable privacy legislation in different regions
List categories of intellectual property law
Define vulnerability scanning
List sample tools for port scanning and other vulnerability scanning
Identify tool selection and comparison criteria
Develop a useful report of outcome of scanning

Controlling access

Describe the importance of access control in implementing information security
Demonstrate how authentication and authorization work together to provide access control
Outline why technical and physical controls for access are both important

Selecting controls

List common controls for each category of threat
List/categorize countermeasures by strategy
Discuss the importance of patch management
Categorize physical controls
Discuss technical countermeasures
Identify firewall positioning in network architecture and the DMZ network
List actions a firewall can take in response to types of traffic
Describe use of intrusion prevention systems
Describe how an IPS detects an attack
Compare types of IPS
Describe how virtual private networking supports security objectives
Describe how encryption aids security
Describe how encryption is performed
Distinguish between symmetric and asymmetric encryption
Describe the positioning of virus scanners

Planning security for consumerization of it and the cloud

Describe the impact that the Consumerization of IT is having on IT
Discuss the threats and vulnerabilities in the mobile world
Summarize security interventions for mobile devices
Identify the risks of social media
Summarize controls for social media related threats
Describe the relationship between cloud computing and consumerization
Distinguish types of cloud based computing and services
Identify risks of different forms of cloud use
List controls for security in the cloud
Describe the impact on security of big data, internet of things, and dark web

Secure Outsourcing

Describe the difference between outsourcing and managed service providers
Develop polices, standards, procedures for third party vendors
Understand compliance requirements for working with third parties
List typical obligations for contractors
Champion controls on third party access
Describe security controls for information exchanged with contractors
Develop processes for managing information during supplier changes
Name business continuity management links to outsourced service providers
List investigation and forensics requirements for suppliers

Business continuity and disaster recovery planning

Describe the importance of continuity planning
List conditions that make it necessary
Define continuity planning and terms
Describe the relationship with risk management
Identify elements of a business continuity plan
Compare and contrast BCP and DRP
Define key elements of service level agreements
Describe verification techniques for redundancy
Explain redundancy considerations

Implementing strategies for security success

Address some of the most overlooked threats in IT Security
List best practices in hiring and educating employees

Information security governance

List the checks and balances between organizational needs and security governance
Describe a holistic organizational approach to governance
Communicate the importance of board level support for information security
Show how information security needs percolate through tiers of management and implementation
List the organizational roles related to information security
Describe the policy development process
Recognize and interpret a risk register chart

Legal framework

List data that must be kept private
List applicable privacy legislation in different regions
Describe typical elements of privacy legislation
Identify potential privacy related offenses
Describe how companies with multiple locations can comply with differing legal requirements
List key organization responsibilities in monitoring employees

Relevant standards

List key standards bodies for various regions
Recognize ISO standards and their relationships
List the steps in the ISMS cycle
List the elements of the ISMS document
Identify levels of assurance evaluation
Recognize certified products
Recognize key elements of NIST lineage
Describe the importance of encryption standards

Software design for security

Describe software development best practices to ensure security

Security audit

Define key audit related terms
Overview the audit process
List objectives for audits
List types of audit
Describe the auditor’s role
List the elements of audit documentation

Incident management

Describe the steps to take during a security incident
List the elements of a security incident report
Identify what constitutes an incident
Describe the process to collect evidence related to an incident

Business Continuity Management

Describe the business continuity lifecycle
List elements of analysis for business impact
Describe considerations for returning to business operation

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

Certificate in Information Security Management Principles (CISMP)

COURSE AGENDA