Overview
The Information System Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting and governing information security programs and demonstrates management and leadership skills. ISSMPs direct the alignment of security programs with the organization’s mission, goals and strategies in order to meet enterprise financial and operational requirements in support of its desired risk position.
The course covers the broad spectrum of topics that are included in the ISSMP Common Body of Knowledge (CBK), and also focusses on the key concepts of the six domains evaluated in the certification examination for the CISSP-ISSMP certification.
What You'll Learn
- Establish security’s role in organizational culture, vision and mission
- Define and implement information security strategies
- Define, measure and report security metrics
- Manage security programs
- Manage security aspects of change control
- Develop and manage a risk management program
- Conduct risk assessments
- Establish and maintain threat intelligence program
- Oversee development of contingency plans
- Guide development of recovery strategies
- Maintain BCP, COOP and DRP
- Document and manage compliance exceptions
Curriculum
- Establish security’s role in organizational culture, vision and mission
- Align security program with organizational governance
- Define and implement information security strategies
- Define and maintain security policy framework
- Manage security requirements in contracts and agreements
- Oversee security awareness and training programs
- Define, measure and report security metrics
- Prepare, obtain and administer security budget
- Manage security programs
- Apply product development and project management principles
- Manage integration of security into System Development Life Cycle (SDLC)
- Integrate new business initiatives and emerging technologies into the security architecture
- Define and oversee comprehensive vulnerability management programs
- Manage security aspects of change control
- Establish and maintain threat intelligence program
- Establish and maintain incident handling and investigation program
- Understand the impact of laws that relate to information security
- Understand management issues as related to the (ISC)2 Code of Ethics
- Validate compliance in accordance with applicable laws, regulations and industry best practices
- Coordinate with auditors and assist with the internal and external audit process
- Document and manage compliance exceptions
Who should attend
The course is highly recommended for –
- System managers
- Software managers
- Chief technical officers
- Chief security officers
- Security managers
Prerequisites
Interested in this Course?
Certification
This course prepares the participants for the certification examination for the CISSP-ISSMP certification. The details of the examination are as below –
| Duration of the examination | 3 hours |
| Number of questions | 125 |
| Format of the examination | Multiple choice questions |
| Passing grade | 700 out of 1000 |
| Exam availability | 1000 |
The course covers key concepts of all the six domains of the CISSP-ISSMP CBK. The weightage of these domains in the examination is –
| Leadership and business management | 22% |
| Systems lifecycle management | 19% |
| Risk management | 18% |
| Threat intelligence and incident management | 17% |
| Contingency management | 10% |
| Law, ethics and security compliance | 14% |
