English | MP4 | AVC 1280Ă—720 | AAC 48KHz 2ch | 4h 45m | 559 MB
Prepare to pass the Certified Information Security Manager (CISM) exam. In this course, Mike Chapple details how to best set up, define, and manage an information security program in an organization—concepts that can help you ace the questions in the Information Security Program Development and Management exam domain. Mike helps you grasp the role of a manager in an information security program and goes over a wide variety of technical, physical, and administrative controls used to safeguard information and systems. Learn how to build your security team and maintain security in the hiring process; approach cloud storage security; secure mobile devices; work with firewalls, VPNs, and VPN concentrators; maintain employee safety; and much more.
Topics include:
- Building a security team
- Conducting a gap analysis
- Improving personnel security
- File permissions and data encryption
- Cloud computing and virtualization
- Host-based network security controls
- Securing mobile devices
- Choosing encryption algorithms
- Physical and network security
- Biometrics and multifactor authentication
- Development methodologies
Table of Contents
Introduction
1 Information security program development and management
2 What you need to know
3 Study resources
Information Security Program Development
4 Scope and charter
5 Alignment of security and business objectives
6 Building a security team
7 Conducting a gap analysis
Personnel Security
8 Improving personnel security
9 Security in the hiring process
10 Employee termination process
11 Employee privacy
12 Social networking
Data Security Controls
13 File permissions
14 Data encryption
Cloud Computing and Virtualization
15 Virtualization
16 Cloud computing models
17 Public cloud tiers
18 Cloud storage security
Host Security
19 Operating system security
20 Malware prevention
21 Application management
22 Host-based network security controls
23 Hardware security
Mobile Security
24 Mobile device security
25 Mobile device management
26 Mobile device tracking
27 Mobile application security
28 Bring your own device BYOD policy
Cryptography
29 Understanding encryption
30 Symmetric and asymmetric cryptography
31 Goals of cryptography
32 Choosing encryption algorithms
33 The cryptographic life cycle
34 Key exchange
35 Diffie Hellman
36 Key escrow
37 Key stretching
38 Trust models
39 PKI and digital certificates
40 Hash functions
41 Digital signatures
42 TLS and SSL
43 IPsec
44 Securing common protocols
Physical Security
45 Physical security control types
46 Physical access control
47 Visitor management
Network Security
48 Routers and switches
49 Firewalls
50 VPNs and VPN concentrators
51 Network intrusion detection and prevention
52 Unified threat management
53 VLANs and network segmentation
54 Network access control
55 Remote network access
Identity and Access Management
56 Identity and access management
57 Identification authentication and authorization
58 Usernames and access cards
59 Authentication factors
60 Biometrics
61 Multifactor authentication
62 Something you have
Asset Management
63 Physical asset management
64 Change and configuration management
Personnel Safety
65 Employee safety
66 Emergency management
Software Security
67 Application security
68 Development methodologies
69 Maturity models
70 Operation maintenance and change management
71 Risk analysis and mitigation
72 Software testing
73 Acquired software
Conclusion
74 What s next
Resolve the captcha to access the links!