Domain 3: Information Security Program Development and ManagementCourse 3 covers ISACA CISM Domain 3, including sections on information security programs, from design and implementation to risk monitoring and reporting.
Course descriptionCISM Domain 3 covers information security program development beginning with what resources are needed to develop an effective program and moving into current standards and frameworks; creating a road map; measuring effectiveness with metrics; awareness and training; effective program communications; program performance review; and more.
Domain 3: Information security program development supplemental materials
File - 00:15:00
The supplemental materials for Domain 3 include documents with key terms, definitions, and other materials that will help students prepare for the ISACA CISM exam.
Domain 3: Information security program development participant guide
File - 00:15:00
This participant guide include the various slides that the instructor went over in the videos for Domain 3 so that participants can review the main ideas, as well as relevant charts, graphics, questions and activities.
Domain 3: Information security program development course summary
Video - 00:03:00
A short summary of Domain 3, reviewing the main areas covered in the preceding videos on Information security program development
Program communications, reporting and performance management
Video - 00:48:00
This video discusses one of the most important elements in any information security program: effective communication and reporting regarding security and privacy objectives, ongoing risk status, program evaluation, compliance monitoring and enforcement, and areas for improvement, as well as steps in the PDCA process.
Integrating the security program with IT operations
Video - 01:21:00
In this video, the instructor explains how the information security manager must partner with others in the organization to incorporate and integrate elements of enterprise information and technology governance and management to create an effective IS program that defines and assigns roles and responsibilities to various stakeholders, recognizes the skills of various stakeholders and more.
IS awareness and training
Video - 00:14:00
In this video, the role of the information security manager in creating, managing, and testing IS awareness and training for various intended audiences is described.
IS program management
Video - 00:57:00
This video focuses on building and managing an IS program with the use of various types of controls and countermeasures, which must be selected based on the objectives set out for the enterprise, including techniques such as control automation, SOAR (security orchestration, automation and response) solutions, and program testing and evaluation.
IS program metrics
Video - 00:33:00
This video provides the learner with information about creating a monitoring system that provides metrics and measures so that management is informed and can make appropriate decisions about the enterprise’s safety.
Defining an IS program road map
Video - 00:18:00
This video defines what an effective IS program road map must include and how to build one that applies a controls process, uses applicable frameworks and architectures, focuses on defined objectives, and has a distinct lifecycle.
IS standards and frameworks
Video - 00:26:00
This video describes the broad policies, standards, procedures and frameworks that provide common reference points and guidance for managing an information security program, such as enterprise information security architecture (EISA) and alternative architectures, as well as IS program outcomes and typical components.
IS program development and resources
Video - 00:42:00
This video focuses on the importance of using development objectives that support business functions and minimize operational disruptions when developing an IS program, as well as discussing steps to create a program; essential elements (such as a scope and charter); necessary resources and budgeting; and common challenges and constraints.
Introduction to CISM Domain 3: Information security program development
Video - 00:04:00
The instructor provides a brief introduction to the learning objectives and an outline of the materials covered by the videos for ISACA CISM Domain 3: Information security program management, which is weighted at 33% of the exam.
Plans & pricing
- Team administration and reporting
- Dedicated client success manager
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps