All CISM videos and practice questions

Introduction

Tips and tricks

CISM Domain 1 - What we will be covering.

Governance vs. Management.

Standards and frameworks.

Information Security Governance: Values, vision, mission, and plans.

Information Security Governance Policies, procedures, guidelines, and frameworks.

Gap Analysis.

SWOT Analysis.

OPEX, CAPEX, and fiscal years.

KGIs, KPIs, and KRIs.

The CIA triad - Part 1 - Confidentiality, Integrity, and Availability.

The CIA triad - Part 2 - Confidentiality, Integrity, and Availability.

The 3 states of data (data at rest, data in motion, and data in use).

Data classification and clearance.

Data handling, data storage, and data retention.

Mission, data, system owners, and data custodians.

Ethics.

Laws and regulations.

Laws and regulations - Evidence.

US laws, European laws, and international treaties.

GDPR (General Data Protection Regulation).

International agreements and guidelines.

Intellectual property.

Administrative personnel controls.

COBIT5

ISO 27001 and 27002.

NIST 800-53.

NIST 800-37 and the NIST Cyber Security framework.

RACI charts (Responsible, Accountable, Consulted, Informed).

GRC - Governance, Risk Management, and Compliance

Data security frameworks.

Data Protection.

Security models and concepts - Introduction.

Security models and concepts - Part 1.

Security models and concepts - Part 2.

Artificial intelligence (AI).

CISM Domain 1 - What we covered.

CISM Domain 1 links.

CISM Domain 2 - What we will be covering.

Risk Identification.

Risk Management - Assessment Part 1.

Risk Management - Assessment Part 2.

Risk response and mitigation & Risk and Control Monitoring and Reporting.

Attackers, Vishing, and Phishing - Part 1.

Attackers, Vishing and Phishing - Part 2.

OWASP - Part 1.

OWASP - Part 2.

OWASP - Part 3.

OWASP - Part 4.

Networking basics and definitions.

SIEM (Security Information and Event Management).

The OSI model - Part 1.

The OSI model - Part 2.

The TCP/IP model.

IP addresses, MAC addresses, and port numbers - Part 1.

IP addresses, MAC addresses, and port numbers - Part 2.

IP addresses, MAC addresses, and port numbers - Part 3.

IP addresses, MAC addresses, and port numbers - Part 4.

IP support protocols - Part 1.

IP support protocols - Part 2.

Cable types.

LAN topologies.

Layer 1 to 3 networking devices.

Firewalls - Part 1.

Firewalls - Part 2.

Intrusion detection and prevention systems.

Network authentication protocols.

WIFI - Part 1.

WiFi - Part 2

Bluetooth.

Honeynets and Honeypots.

Secure communications - Part 1.

Secure communications - Part 2.

Secure Communications - Part 3.

Mobile device security.

Application positive-listing.

Virtualization, Cloud, and Distributed Computing - Part 1.

Virtualization, Cloud, and Distributed Computing - Part 2.

Virtualization, Cloud, and Distributed Computing - Part 3.

Virtualization, Cloud, and Distributed Computing - Part 4.

Virtualization, Cloud, and Distributed Computing - Part 5.

Software vulnerabilities and Attacks.

System vulnerabilities, threats, and countermeasures.

IOT (Internet Of Things).

Wireless networks.

CISM Domain 2 - What we covered.

CISM Domain 2 links.

CISM Domain 3 - What we will be covering.

The information life cycle.

Secure design principles.

Secure system design concepts.

Asset tracking and hardware hardening.

DevOps and DevSecOps.

Configuration Management.

Patch Management.

Change Management.

Security evaluation models.

Security Assessments.

Security Audits.

Security Audit Logs.

Vulnerability scanners.

Penetration testing.

Penetration testing tools.

Social engineering attacks.

Maturity Models - Part 1.

Maturity Models - Part 2.

Access control.

Introduction to Access Control.

IAAA Part 1 - Identification, Authentication, Authorization, and Accountability.

IAAA Part 2 - Identification, Authentication, Authorization, and Accountability.

Type 1 authentication.

Type 2 authentication.

Type 3 authentication.

Authorization.

Accountability.

Access control systems.

Identity and access provisioning.

Introduction to Cryptography - Part 1.

Introduction to Cryptography - Part 2.

The history of Cryptography - Part 1.

The history of Cryptography - Part 2.

The encryption we use today.

Symmetric encryption - Part 1.

Symmetric encryption - Part 2.

Asymmetric encryption - Part 1.

Asymmetric encryption - Part 2.

Hashing - Part 1.

Hashing - Part 2.

Attacks on our cryptography - Part 1.

Attacks on our cryptography - Part 2.

Attacks on our cryptography - Part 3.

Digital signatures.

MAC, HMAC, SSL, and TLS.

Software testing - Part 1.

Software testing - Part 2.

Buying software from other companies.

Designing security into our software .

Software development methodologies - Part 1 .

Software development methodologies - Part 2.

Software development methodologies - Part 3.

Software development methodologies - Part 4.

Physical security - Part 1.

Physical security - Part 2.

Physical security - Part 3.

Physical security - Part 4.

Physical security - Part 5.

Physical security - Part 6.

Site Selection - Part 1.

Site Selection - Part 2.

Electricity.

Fire suppression and hot and cold aisles.

Heat, Flame, Particle, and Smoke Detectors.

Fire suppression - Part 1.

Fire suppression - Part 2.

Backups.

RAID (Redundant Array of Independent Disks).

Redundancy.

Media storage.

3rd party software, Acquisitions, and Divesture security.

CISM Domain 3 - What we covered.

CISM Domain 3 links.

CISM Domain 4 - What we will be covering.

Incident Management definitions.

Incident Management - Part 1.

Incident Management - Part 2.

BCP - Business Continuity Planning - Part 1.

BCP - Business Continuity Planning - Part 2.

Personnel.

DRP (Disaster Recovery Plan) basics.

Developing our BCP and DRP.

BCP - BIA (Business Impact Analysis).

Supply and infrastructure redundancy.

Disaster Recovery sites.

Other BCP sub plans.

Employee redundancy.

Testing, training, and improving the plans - Part 1.

Testing, training, and improving the plans - Part 2.

After a disruption.

Digital forensics.

Spinning disk forensics.

Memory and data remanence.

Data remanence and destruction.

Network and Software forensics.

0-day attacks.

Warfare, terrorism, sabotage, and ransomware.

Programming concepts - Part 1.

Programming concepts - Part 2.

Database security.

Malware - Part 1.

Malware - Part 2.

Web architecture and attacks.

Personnel safety.

CISM Domain 4 - What we covered.

CISM Domain 4 links.

Thor's CISM Glossary - 2500 terms

Thor's CISM Domain 1 Flashcards - ThorTeaches.com

Thor's CISM Domain 2 Flashcards - ThorTeaches.com

Thor's CISM Domain 3 Flashcards - ThorTeaches.com

Thor's CISM Domain 4 Flashcards - ThorTeaches.com

The CISM exam itself, how to mentally and physically prepare for it.

Life after passing the CISM certification and being endorsed.

CPE resources.

I failed, now what should I do?

Why you should want to get CISM certified.

How to approach studying for the CISM exam and study plans.

How to reach your goal, in this case passing the CISM exam!

General CISM and ISACA links.

CISM Exam emulation practice test #1 - Hard difficulty

Our other courses:

CISSP: All videos and practice questions from ThorTeaches.
Course
Get ready for your CISSP (Certified Information Systems Security Professional) exam with our FULL 2024 CISSP course.
Purchase

CISSP: All videos and practice questions from ThorTeaches.