Computer Repair LogoNetwork Wireless Security and InstallationsNetwork Configuration and Netowork Security Logo
Network Migrations and internet services logoComputer Company InformationComputer Repair, Computer Installation and Website Development ServicesGovernment procurement vehicles and Computer and Website servicesInformation about Clients that have used our Computer Repair services and website development servicesFind out information about Computer Repair and website development services career opportunitiesGet Computer Repair Support
Experience, Knowledge, Reliability Date Time
Home of the Information Technology Experts Site Map for all Computer Repair and other services Contact Us for Computer Repair, Network Maintenance Information Home of the Computer Engineer Experts
Company
About Us
Partners
Contact Us
 
PRODUCTS
GlobalStrata Store


:: ISACA AND CISM CERTIFICATIONS

What does CISM measure?

CISM defines the core competencies and international standards of performance that information security managers are expected to master. It provides executive management with the assurance that those who have earned their CISM have the experience and knowledge to offer effective security management and consulting services.

What are the CISM job practice areas?

After more than two years of extensive data gathering and confirmation within the information security community, ISACA identified the tasks performed by and knowledge areas that are required of successful information security managers. CISM measures expertise in the following areas, with corresponding tasks:

  • Information Security Governance: Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

    T A S K S

    • Develop the information security strategy in support of business strategy and direction.
    • Obtain senior management commitment and support for information security throughout the enterprise.
    • Ensure that definitions of roles and responsibilities throughout the enterprise include information security governance activities.
    • Establish reporting and communication channels that support information security governance activities.
    • Identify current and potential legal and regulatory issues affecting information security and assess their impact on the enterprise.

    • Establish and maintain information security policies that support business goals and objectives.
    • Ensure the development of procedures and guidelines that support information security policies.
    • Develop business case and enterprise value analysis that support information security program investments.
  • Risk Management: Identify and manage information security risks to achieve business objectives.

    T A S K S

    • Develop a systematic, analytical and continuous risk management process.
    • Ensure that risk identification, analysis and mitigation activities are integrated into life cycle processes.
    • Apply risk identification and analysis methods.
    • Define strategies and prioritize options to mitigate risk to levels acceptable to the enterprise.
    • Report significant changes in risk to appropriate levels of management on both a periodic and event-driven basis.
    • Information Security Program
  • Management: Design, develop and manage an information security program to implement the information security governance framework.

    T A S K S

    • Create and maintain plans to implement the information security governance framework.
    • Develop information security baseline(s).
    • Develop procedures and guidelines to ensure business processes address information security risk.
    • Develop procedures and guidelines for IT infrastructure activities to ensure compliance with information security policies.
    • Integrate information security program requirements into the organization’s life cycle activities.
    • Develop methods of meeting information security policy requirements that recognize impact on end users.
    • Promote accountability by business process owners and other stakeholders in managing information security risks.
    • Establish metrics to manage the information security governance framework.
    • Ensure that internal and external resources for information security are identified, appropriated and managed.
  • Information Security Management: Oversee and direct information security
    activities to execute the information security program.

    T A S K S

    • Ensure that the rules of use for information systems comply with the enterprise’s information security policies.
    • Ensure that the administrative procedures for information systems comply with the enterprise’s information security policies.
    • Ensure that services provided by other enterprises, including outsourced providers, are consistent with established information
      security policies.
    • Use metrics to measure, monitor and report on the effectiveness of information security controls and compliance with information
      security policies.
    • Ensure that information security is not compromised throughout the change management process.
    • Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.
    • Ensure that noncompliance issues and other variances are resolved in a timely manner.
    • Ensure the development and delivery of activities that can influence culture and behavior of staff including information
      security education and awareness.
  • Response Management: Develop and manage a capability to respond
    to and recover from disruptive and destructive information security events.

    • T A S K S

    • Develop and implement processes for detecting, identifying and analyzing securityrelated events.
    • Develop response and recovery plans including organizing, training and equipping the teams.
    • Ensure periodic testing of the response and recovery plans where appropriate.
    • Ensure the execution of response and recovery plans as required.
    • Establish procedures for documenting an event as a basis for subsequent action, including forensics when necessary.
    • Manage post-event reviews to identify causes and corrective actions.


About | Services | Affordable Plans
Online Store | Government

  

Web Site Design | Computer Help | Training
Network Maintenance | Network Security | Logistics
Computer Consultant | Network Wiring

Site Map | Links | Terms | Online Payments | Career | 508 | contact
© Copyright 1999-2005 GlobalStrata Solutions Inc. All Rights are Reserved
PORFOLIO | CLIENTS
  Serving Washington DC area, Virginia area including Northern VA, Richmond, Peninsula (Williamsburg, Hampton, Newport News)
  Hampton Roads / Tidewater Southside area (Norfolk, Portsmouth, Virginia Beach, Chesapeake, Suffolk)