Domain 1: Information Security Governance-Alignment of policy security information on the business strategy and direction.-Policy security information development.-Commitment of senior management and support for information security across the enterprise.-Roles and responsibilities in the governance of information security.-Hands-on work-Questions from previous sessions (CISMor comparable examinations).
Domain 2: Information Risk Management and Compliance-Development of a systematic and analytical approach and the ongoing process of risk management.-Identification, analysis and risk assessment.-Definition ofstrategies risk treatment.-Risk management communication.-Questions from previous sessions (CISMor comparable examinations).
Domain 3: Information Security Program Development and Management-The safety information architecture.-Methods to define therequired security measures.-Contract management and information security requirements.-Metrics and evaluation of IT security performance.-Questions from previous sessions (CISMor comparable examinations).
Information Security Incident Management-Components of a security incident management plan.-Concepts and practices in the management of security incidents.-Method classification.-Notification and escalation process.-Detection techniques and incidents analysis.-Questions from previoussessions (CISMor comparable examinations).Preparation and CertificationPartial simulation of the review conducted at the end of training.Subscribe to the www.isaca.org site, the registration deadline was made two months before the date of the examination.
Duration and conduct of the exam: 3 hours with 150questions (review available only in English).