ISC2 CISSP-ISSMP Exam Syllabus

CISSP-ISSMP PDF, CISSP-ISSMP Dumps, CISSP-ISSMP PDF, CISSP-ISSMP VCE, CISSP-ISSMP Questions PDF, ISC2 CISSP-ISSMP VCE, ISC2 ISSMP Dumps, ISC2 ISSMP PDFUse this quick start guide to collect all the information about ISC2 CISSP-ISSMP Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the CISSP-ISSMP ISC2 Information Systems Security Management Professional exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual ISC2 ISSMP certification exam.

The ISC2 CISSP-ISSMP certification is mainly targeted to those candidates who want to build their career in Cybersecurity Strategy and Implementation domain. The ISC2 Information Systems Security Management Professional (CISSP-ISSMP) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of ISC2 ISSMP.

ISC2 CISSP-ISSMP Exam Summary:

Exam Name ISC2 Information Systems Security Management Professional (CISSP-ISSMP)
Exam Price $599 (USD)
Duration 180 mins
Number of Questions 125
Passing Score 700/1000
Books / Training Information Systems Security Management Professional (Online Self-Paced)
Schedule Exam Pearson VUE
Sample Questions ISC2 CISSP-ISSMP Sample Questions
Practice Exam ISC2 CISSP-ISSMP Certification Practice Exam

ISC2 ISSMP Exam Syllabus Topics:

Topic Details

Leadership and Business Management - 20%

Establish Security’s Role in Organizational Culture, Vision and Mission - Define information security program vision and mission
- Align security with organizational goals, objectives and values
- Define security's relationship to the overall business processes
- Define the relationship between organizational culture and security
Align Security Program with Organizational Governance - Identify and navigate organizational governance structure
- Validate roles of key stakeholders
- Validate sources and boundaries of authorization
- Advocate and obtain organizational support for security initiatives
Define and Implement Information Security Strategies - Identify security requirements from business initiatives
- Evaluate capacity and capability to implement security strategies
- Manage implementation of security strategies
- Review and maintain security strategies
- Prescribe security architecture and engineering theories, concepts and methods
Define and maintain security policy framework Determine applicable external standards - Determine applicable external standards
- Determine data classification and protection requirements
- Establish internal policies
- Advocate and obtain organizational support for policies
- Develop procedures, standards, guidelines and baselines
- Ensure periodic review of security policy framework
Manage Security Requirements in Contracts and Agreements - Evaluate service management agreements (e.g., risk, financial)
- Govern managed services (e.g., infrastructure, cloud services)
- Manage impact of organizational change (e.g., mergers and acquisitions, outsourcing)
- Ensure that appropriate regulatory compliance statements and requirements are included in contractual agreements
- Monitor and enforce compliance with contractual agreements
Manage security awareness and training programs - Promote security programs to key stakeholders
- Identify needs and implement training programs by target segment
- Monitor and report on effectiveness of security awareness and training programs
Define, Measure and Report Security Metrics - Identify Key Performance Indicators (KPI)
- Associate Key Performance Indicators (KPI) to the risk posture of the organization
- Use metrics to drive security program development and operations
Prepare, Obtain and Administer Security Budget - Prepare and secure annual budget
- Adjust budget based on evolving risks and threat landscape
- Manage and report financial responsibilities
Manage Security Programs - Define roles and responsibilities
- Determine and manage team accountability
- Build cross-functional relationships
- Resolve conflicts between security and other stakeholders
- Identify communication bottlenecks and barriers
- Integrate security controls into human resources processes
Apply Product Development and Project Management Principles - Incorporate security into project lifecycle
- Identify and apply appropriate project management methodology
- Analyze project time, scope and cost relationship

Systems Lifecycle Management - 18%

Manage integration of security into Systems Development Life Cycle (SDLC) - Integrate information security gates (decision points) and requirements into lifecycle
- Implement security controls into system lifecycle
- Oversee security configuration management (CM) processes
Integrate New Business Initiatives and Emerging Technologies into the Security Architecture - Integrate security into new business initiatives and emerging technologies
- Address impact of new business initiatives on security posture
Define and Oversee Comprehensive Vulnerability Management Programs (e.g., vulnerability scanning, penetration testing, threat analysis) - Identify, classify and prioritize assets, systems and services based on criticality to business
- Prioritize threats and vulnerabilities
- Manage security testing
- Manage mitigation and/or remediation of vulnerabilities based on risk
Manage Security Aspects of Change Control - Integrate security requirements with change control process
- Identify and coordinate with the stakeholders
- Manage documentation and tracking
- Ensure policy compliance (e.g., continuous monitoring)

Risk Management - 19%

Develop and Manage a Risk Management Program - Identify risk management program objectives
- Communicate and agree on risk management objectives with risk owners and other stakeholders
- Determine scope of organizational risk program
- Identify organizational security risk tolerance/appetite
- Obtain and verify organizational asset inventory
- Analyze organizational risks
- Determine countermeasures, compensating and mitigating controls
- Perform cost-benefit analysis (CBA) of risk treatment options
Conduct Risk Assessments - Identify risk factors
Manage security risks within the supply chain (e.g., supplier, vendor, third-party risk) - Identify supply chain security risk requirements
- Integrate supply chain security risks into organizational risk management
- Validate security risk control within the supply chain
- Monitor and review the supply chain security risks

Threat Intelligence and Incident Management - 17%

Establish and Maintain Threat Intelligence Program - Aggregate threat data from multiple threat intelligence sources
- Conduct baseline analysis of network traffic, data and user behavior
- Detect and analyze anomalous behavior patterns for potential concerns
- Conduct threat modeling
- Identify and categorize an attack
- Correlate related security event and threat data
- Create actionable alerting to appropriate resources
Establish and Maintain Incident Handling and Investigation Program - Develop program documentation
- Establish incident response case management process
- Establish Incident Response Team
- Apply incident management methodologies
- Establish and maintain incident handling process
- Establish and maintain investigation process
- Quantify and report financial and operational impact of incidents and investigations to stakeholders
- Conduct Root Cause Analysis (RCA)

Contingency Management - 15%

Facilitate development of contingency plans - Identify and analyze factors related to the Continuity of Operations Plan (COOP)
- Identify and analyze factors related to the business continuity plan (BCP) (e.g., time, resources, verification)
- Identify and analyze factors related to the disaster recovery plan (DRP) (e.g., time, resources, verification)
- Coordinate contingency management plans with key stakeholders
- Define internal and external crisis communications plans
- Define and communicate contingency roles and responsibilities
- Identify and analyze contingency impact on business processes and priorities
- Manage third-party contingency dependencies
- Prepare security management succession plan
Develop recovery strategies - Identify and analyze alternatives
- Recommend and coordinate recovery strategies
- Assign recovery roles and responsibilities
Maintain contingency plan, Continuity of Operations Plan (COOP), business continuity plan (BCP) and disaster recovery plan (DRP) - Plan testing, evaluation and modification
- Determine survivability and resiliency capabilities
- Manage plan update process
Manage disaster response and recovery process - Declare disaster
- Implement plan
- Restore normal operations
- Gather lessons learned
- Update plan based on lessons learned

Law, Ethics and Security Compliance Management - 11%

Identify the impact of laws and regulations that relate to information security - Identify applicable privacy laws
- Identify legal jurisdictions the organization and users operate within (e.g., trans-border data flow)
- Identify export laws
- Identify intellectual property (IP) laws
- Identify applicable industry regulations
- Identify and advise on non-compliance risks
Adhere to the (ISC)2
Code of Ethics as related to management issues
Validate compliance in accordance with applicable laws, regulations and industry best practices - Inform and advise senior management
- Evaluate and select compliance framework(s)
- Implement the compliance framework(s)
- Define and monitor compliance metrics
Coordinate with auditors and regulators in support of the internal and external audit processes - Plan
- Schedule
- Coordinate audit activities
- Evaluate and validate findings
- Formulate response
- Validate implemented mitigation and remediation actions
Document and Manage Compliance Exceptions - Identify and document compensating controls and workarounds
- Report and obtain authorized approval of risk waiver

To ensure success in ISC2 ISSMP certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for ISC2 Information Systems Security Management Professional (CISSP-ISSMP) exam.

Rating: 4.9 / 5 (75 votes)