Ota yhteyttä nyt ja varaa kurssisi.

ISC2 - CISSP-ISSMP Information Systems Security Management Professional

Kesto

Kesto:

Vain 5 päivän

Menetelmä

Menetelmä:

luokkahuone / Online / Hybridi

Seuraava päivä

Seuraava päivä:

24/6/2024 (Maanantai)

Overview

Official ISC2 Training Provider

The accelerated Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting and governing information security programs and demonstrates management and leadership skills. CISSP-ISSMPs direct the alignment of security programs with the organization’s mission, goals and strategies in order to meet enterprise financial and operational requirements in support of its desired risk position.

The broad spectrum of topics included in the CISSP-ISSMP Common Body of Knowledge (CBK®) ensure its relevancy across all disciplines in the field of information security management.

Upon completion of this course you will also learn:

  • Leadership and Business Management
  • Systems Lifecycle Management
  • Risk Management
  • Threat Intelligence and Incident Management
  • Contingency Management
  • Law, Ethics and Security Compliance Management

At the end of this course, you’ll achieve your CISSP-ISSMP Information Systems Security Management Professional certification.

Through Firebrand’s Lecture | Lab | Review methodology you’ll certify at twice the speed of traditional training and get access to courseware, learn from certified instructors, and train in a distraction-free environment.

40% faster

Distraction-free environment

Audience

The CISSP-ISSMP is ideal for those working in roles such as:

  • Chief information officer
  • Chief information security officer
  • Chief technology officer
  • Senior security executive

Katso hinnat nyt

 Katso hinnat

8 syytä, miksi kannattaa hankkia Firebrand Trainingiltä:

  1. Koulutuksen ja todistuksen saaminen kestää vain 5 päivän. Meidän kanssamme saat -koulutuksen ja -todistuksen ennätysajassa. Todistuksen ansaitset koulutuskeskuksessamme osana intensiivistä ja nopeutettua koulutusta.
  2. Hintaan sisältyy kaikki.Kertamaksu kattaa kaikki kurssimateriaalit, kokeet, kuljetuksen, majoituksen ja ateriat ja tarjoaa kustannustehokkaimman tavan hankkia koulutus ja todistus. Ilman mitään lisäkustannuksia.
  3. Suorita tutkinto ensimmäisellä kerralla tai kertaa koulutus ilmaiseksi. Tämä on takuumme. Olemme varmoja, että läpäiset -kurssin ensimmäisellä kerralla. Mutta jos näin ei käy, voit tulla takaisin vuoden kuluttua ja maksaa vain majoituksesta ja kokeista. Kaikki muu on ilmaista.
  4. Opit enemmän.Päivä perinteisen koulutuksen tarjoajan kanssa on yleensä klo 9–17, mihin sisältyy pitkä lounastauko. Firebrand Trainingiltä saat vähintään 12 tuntia päivässä keskittynyttä ja häiriötöntä laatukoulutusaikaa opettajasi kanssa.
  5. Opit nopeammin. Yhdistämme 3 eri oppimistyyliä (visuaalisen|kuuloon perustuvan|kosketukseen perustuvan) tarjotaksemme materiaalin tavalla joka varmistaa, että opit nopeammin ja helpommin.
  6. Opiskelet huippujen kanssa.Olemme kouluttaneet ja sertifioineet 134.561 ammattilaista ja olemme kumppaneita kaikkien alan suurien nimien kanssa ja olemme saaneet lukuisia palkintoja, mm. Microsoftin Danmarki Vuoden koulutuspartneri 2010, 2011, 2012 ja 2013, Institue of IT Trainingin ”Training Company of the Year 2006, 2007, 2008” Englannissa, ISC(2):n ”Highest Performing Affiliate of the Year 2009 & 2010 – EMEA” sekä EC-Councilin ”Accredited Training Centre of the Year 2010 og 2011”, ”Newcomer of the Year 2011” ja ”Instructors Circle of Excellence”.
  7. Opit enemmän kuin pelkän teorian. Olemme kehittäneet kurssia edelleen käyttämällä laboratorioita, esimerkkitapauksia ja harjoittelukokeita varmistaaksemme, että osaat soveltaa uutta tietoa työympäristöön.
  8. Opit parhailta. Ohjaajamme kurssilla ovat alan parhaita. He tarjoavat ainutlaatuisen yhdistelmän asiantuntemusta, kokemusta ja intohimoa opetukseen.

Benefits

Curriculum

CISSP-ISSMP Information Systems Security Management Professional

Domain 1: Leadership and Business Management

1.1 Establish security’s role in organizational culture, vision and mission

  • Define information security program vision and mission
  • Align security with organizational goals, objectives and values
  • Define security’s relationship to the overall business processes
  • Define the relationship between organizational culture and security

1.2 Align security program with organizational governance

  • Identify and navigate organizational governance structure
  • Validate roles of key stakeholders
  • Validate sources and boundaries of authorization
  • Advocate and obtain organizational support for security initiatives

1.3 Define and implement information security strategies

  • Identify security requirements from business initiatives
  • Evaluate capacity and capability to implement security strategies
  • Manage implementation of security strategies
  • Review and maintain security strategies
  • Prescribe security architecture and engineering theories, concepts and methods

1.4 Define and maintain security policy framework Determine applicable external standards

  • Determine applicable external standards
  • Determine data classification and protection requirements
  • Establish internal policies
  • Advocate and obtain organizational support for policies
  • Develop procedures, standards, guidelines and baselines
  • Ensure periodic review of security policy framework
  • Evaluate service management agreements (e.g., risk, financial)
  • Govern managed services (e.g., infrastructure, cloud services)
  • Manage impact of organizational change (e.g., mergers and acquisitions, outsourcing)
  • Ensure that appropriate regulatory compliance statements and requirements are included in contractual agreements
  • Monitor and enforce compliance with contractual agreements

1.5 Manage security requirements in contracts and agreements

1.6 Manage security awareness and training programs

  • Promote security programs to key stakeholders
  • Identify needs and implement training programs by target segment
  • Monitor and report on effectiveness of security awareness and training programs

1.7 Define, measure and report security metrics

  • Identify Key Performance Indicators (KPI)
  • Associate Key Performance Indicators (KPI) to the risk posture of the organization
  • Use metrics to drive security program development and operations

1.8 Prepare, obtain and administer security budget

  • Prepare and secure annual budget
  • Adjust budget based on evolving risks and threat landscape
  • Manage and report financial responsibilities

1.9 Manage security programs

Define roles and responsibilities

  • Determine and manage team accountability
  • Build cross-functional relationships
  • Resolve conflicts between security and other stakeholders
  • Identify communication bottlenecks and barriers
  • Integrate security controls into human resources processes

1.10 Apply product development and project management principles

  • Incorporate security into project lifecycle
  • Identify and apply appropriate project management methodology
  • Analyze project time, scope and cost relationship

Domain 2: Systems Lifecycle Management

2.1 Manage integration of security into Systems Development Life Cycle (SDLC)

  • Integrate information security gates (decision points) and requirements into lifecycle
  • Implement security controls into system lifecycle
  • Oversee security configuration management (CM) processes

2.2 Integrate new business initiatives and emerging technologies into the security architecture

  • Integrate security into new business initiatives and emerging technologies
  • Address impact of new business initiatives on security posture

2.3 Define and oversee comprehensive vulnerability management programs (e.g., vulnerability scanning, penetration testing, threat analysis)

  • Identify, classify and prioritize assets, systems and services based on criticality to business
  • Prioritize threats and vulnerabilities
  • Manage security testing
  • Manage mitigation and/or remediation of vulnerabilities based on risk

2.4 Manage security aspects of change control

  • Integrate security requirements with change control process
  • Identify and coordinate with the stakeholders
  • Manage documentation and tracking
  • Ensure policy compliance (e.g., continuous monitoring)

Domain 3: Risk Management

3.1 Develop and manage a risk management program

  • Identify risk management program objectives
  • Communicate and agree on risk management objectives with risk owners and other stakeholders
  • Determine scope of organizational risk program
  • Identify organizational security risk tolerance/appetite
  • Obtain and verify organizational asset inventory
  • Analyze organizational risks
  • Determine countermeasures, compensating and mitigating controls
  • Perform cost-benefit analysis (CBA) of risk treatment options

3.2 Conduct risk assessments

  • Identify risk factors

    3.3 Manage security risks within the supply chain (e.g., supplier, vendor, third-party risk)

    • Identify supply chain security risk requirements
    • Integrate supply chain security risks into organizational risk management
    • Validate security risk control within the supply chain
    • Monitor and review the supply chain security risks

    Domain 4: Threat Intelligence and Incident Management

    4.1 Establish and maintain threat intelligence program

    • Aggregate threat data from multiple threat intelligence sources
    • Conduct baseline analysis of network traffic, data and user behavior
    • Detect and analyze anomalous behavior patterns for potential concerns
    • Conduct threat modeling
    • Identify and categorize an attack
    • Correlate related security event and threat data
    • Create actionable alerting to appropriate resources

    4.2 Establish and maintain incident handling and investigation program

    • Develop program documentation
    • Establish incident response case management process
    • Establish incident response team
    • Apply incident management methodologies
    • Establish and maintain incident handling process
    • Establish and maintain investigation process
    • Quantify and report financial and operational impact of incidents and investigations to stakeholders
    • Conduct root cause analysis (RCA)

    Domain 5: Contingency Management

    5.1 Facilitate development of contingency plans

    • Identify and analyze factors related to the Continuity of Operations Plan (COOP)
    • Identify and analyze factors related to the business continuity plan (BCP) (e.g., time, resources, verification)
    • Identify and analyze factors related to the disaster recovery plan (DRP) (e.g., time, resources, verification)
    • Coordinate contingency management plans with key stakeholders
    • Define internal and external crisis communications plans
    • Define and communicate contingency roles and responsibilities
    • Identify and analyze contingency impact on business processes and priorities
    • Manage third-party contingency dependencies
    • Prepare security management succession plan

    5.2 Develop recovery strategies

    • Identify and analyze alternatives
    • Recommend and coordinate recovery strategies
    • Assign recovery roles and responsibilities

    5.3 Maintain contingency plan, Continuity of Operations Plan (COOP), business continuity plan (BCP) and disaster recovery plan (DRP)

    • Plan testing, evaluation and modification
    • Determine survivability and resiliency capabilities
    • Manage plan update process

    5.4 Manage disaster response and recovery process

    • Declare disaster
    • Implement plan
    • Restore normal operations
    • Gather lessons learned
    • Update plan based on lessons learned

    Domain 6: Law, Ethics and Security Compliance Management

    6.1 Identify the impact of laws and regulations that relate to information security

    6.2 Adhere to the ISC2 Code of Ethics as related to management issues

    6.3 Validate compliance in accordance with applicable laws, regulations and industry best practices

    6.4 Coordinate with auditors and regulators in support of the internal and external audit processes

    6.5 Document and manage compliance exceptions

    • Identify and document compensating controls and workarounds
    • Report and obtain authorized approval of risk waiver

    Domain 6: Law, Ethics and Security Compliance Management

    • Identify applicable privacy laws
    • Identify legal jurisdictions the organization and users operate within (e.g., trans-border data flow)
    • Identify export laws
    • Identify intellectual property (IP) laws
    • Identify applicable industry regulations
    • Identify and advise on non-compliance risks
    • Inform and advise senior management
    • Evaluate and select compliance framework(s)
    • Implement the compliance framework(s)
    • Define and monitor compliance metrics
    • Plan
    • Schedule
    • Coordinate audit activities
    • Evaluate and validate findings
    • Formulate response
    • Validate implemented mitigation and remediation actions

    • Exam Track

    At the end of this accelerated course, you’ll sit the following exam at the Firebrand Training centre, covered by your Certification Guarantee:

    CISSP-ISSMP Information Systems Security Management Professional

    CISSP-ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024.

    Length of exam: 3 hours

    Number of items: 125 Multiple choice

    Passing grade: 700 out of 1000 points

    Domains Weight:

    1. 1. Leadership and Business Management 20%
    2. 2. Systems Lifecycle Management 18%
    3. 3. Risk Management 19%
    4. 4. Threat Intelligence and Incident Management 17%
    5. 5. Contingency Management 15%
    6. 6. Law, Ethics and Security Compliance Management 11%

    What's Included

    Prerequisites

    Before attending this accelerated course, you must be a CISSP in good standing and have two years cumulative paid work experience in one or more of the six domains of the CISSP-ISSMP CBK.

    Arvioinnit

    Olemme kouluttaneet kymmenen vuoden aikana yli 134.561 opiskelijaa. Heitä kaikkia on pyydetty arvioimaan pikakurssimme. Tällä hetkellä 96,41% on sitä mieltä, että Firebrand on ylittänyt heidän odotuksensa:

    "The Firebrand Training experience was fantastic from start to finish. Excellent facilities, knowledgeable and engaging instructors, and great customer service throughout. I would thoroughly recommend."
    Wesley Parsons. (8/4/2024 (Maanantai) - 13/4/2024 (Lauantai))

    "The course was excellent and well presented. Having an instructor for such a detailed and broad course was a tremendous help when preparing to sit the exam. Having passed the exam, I can happily say I don’t think I could have accomplished all I learnt within a week without Firebrand’s course."
    Robert Fothergill. (8/4/2024 (Maanantai) - 13/4/2024 (Lauantai))

    "With my personal experience I absolutely recommended learners to sign up with Firebrand. I felt confident for the exam after attending the course. Comparing my experience solving practise test and exam before and after attending the course, it went up from south to north."
    Ashish Nair. (8/4/2024 (Maanantai) - 13/4/2024 (Lauantai))

    "I had a great time attending the CISSP course because it gave me what I needed. A high level understanding of the material and valuable advice about how to prepare and tackle the exam. The course itself is challenging on its own but when you are with a group of like minded people it makes it fun to learn. For anyone considering taking the CISSP or using firebrand for your training, it’s a no-brainer."
    Rushan Ratha. (8/4/2024 (Maanantai) - 13/4/2024 (Lauantai))

    "A very intense course & a huge amount to cover in the relatively short 5-day window, but the course tutor pushes through the substantial content at a steady place & ensures the essential subject elements, plus question answering techniques, were pulled out for us to focus on for the exam."
    I.B., IK Tech Limited. (8/4/2024 (Maanantai) - 13/4/2024 (Lauantai))

    Kurssipäivämäärät

    Alkaa

    Loppuu

    Saatavuus

    Sijainti

    Rekisteröidy

    19/2/2024 (Maanantai)

    23/2/2024 (Perjantai)

    Päättynyt - Jätä palautetta

    -

     

    24/6/2024 (Maanantai)

    28/6/2024 (Perjantai)

    Odotuslista

    Maanlaajuinen

     

    5/8/2024 (Maanantai)

    9/8/2024 (Perjantai)

    Rajoitettu määrä paikkoja

    Maanlaajuinen

     

    16/9/2024 (Maanantai)

    20/9/2024 (Perjantai)

    Paikkoja saatavilla

    Maanlaajuinen

     

    28/10/2024 (Maanantai)

    1/11/2024 (Perjantai)

    Paikkoja saatavilla

    Maanlaajuinen

     

    9/12/2024 (Maanantai)

    13/12/2024 (Perjantai)

    Paikkoja saatavilla

    Maanlaajuinen

     

    Uusimmat arvostelut opiskelijoiltamme

    Trustpilot