Domain 1 - Information Security and Governance

Nine tasks which CISM candidate must know how to perform:

1. Info security strategy aligned with org goals. Needs thought of ongoing management of this program.
2. establish and maintain governance framework
3. security governance aligned with corporate governance
4. communicate management's directives and develop standards, procedures and guidelines
5. develop business cases to support investment in security
6. ensure that external influences are considered and addressed in the info security strategy
7. ensure stakeholder support for these initiatives
8. define and communicate roles and responsibilities
9. establish monitoring regimes eg KPIs and report on the metrics