Domain 1 - Information Security and Governance
Nine tasks which CISM candidate must know how to perform:
- Info security strategy aligned with org goals. Needs thought of ongoing management of this program.
- establish and maintain governance framework
- security governance aligned with corporate governance
- communicate management's directives and develop standards, procedures and guidelines
- develop business cases to support investment in security
- ensure that external influences are considered and addressed in the info security strategy
- ensure stakeholder support for these initiatives
- define and communicate roles and responsibilities
- establish monitoring regimes eg KPIs and report on the metrics
Labels: CISM