ISC2 ISSMP Exam Syllabus Topics:
| Topic | Details |
|---|---|
Leadership and Business Management - 22% | |
| Establish Security’s Role in Organizational Culture, Vision, and Mission | - Define information security program vision and mission - Align security with organizational goals, objectives, and values - Explain business processes and their relationships - Describe the relationship between organizational culture and security |
| Align Security Program with Organizational Governance | - Identify and navigate organizational governance structure - Recognize roles of key stakeholders - Recognize sources and boundaries of authorization - Negotiate organizational support for security initiatives |
| Define and Implement Information Security Strategies | - Identify security requirements from business initiatives - Evaluate capacity and capability to implement security strategies - Manage implementation of security strategies - Review and maintain security strategies - Describe security engineering theories, concepts, and methods |
| Define and Maintain Security Policy Framework | - Determine applicable external standards - Manage data classification - Establish internal policies - Obtain organizational support for policies - Develop procedures, standards, guidelines, and baselines - Ensure periodic review of security policy framework |
| Manage Security Requirements in Contracts and Agreements | - Evaluate service management agreements (e.g., risk, financial) - Govern managed services (e.g., infrastructure, cloud services) - Manage impact of organizational change (e.g., mergers and acquisitions, outsourcing) - Monitor and enforce compliance with contractual agreements |
| Oversee Security Awareness and Training Programs | - Promote security programs to key stakeholders - Identify training needs by target segment - Monitor and report on effectiveness of security awareness and training programs |
| Define, Measure, and Report Security Metrics | - Identify Key Performance Indicators (KPI) - Relate KPIs to the risk position of the organization - Use metrics to drive security program development and operations |
| Prepare, Obtain, and Administer Security Budget | - Manage and report financial responsibilities - Prepare and secure annual budget - Adjust budget based on evolving risks |
| Manage Security Programs | - Build cross-functional relationships - Identify communication bottlenecks and barriers - Define roles and responsibilities - Resolve conflicts between security and other stakeholders - Determine and manage team accountability |
| Apply Product Development and Project Management Principles | - Describe project lifecycle - Identify and apply appropriate project management methodology - Analyze time, scope, and cost relationship |
Systems Lifecycle Management - 19% | |
| Manage Integration of Security into System Development Lifecycle (SDLC) | - Integrate information security gates (decision points) and milestones into lifecycle - Implement security controls into system lifecycle - Oversee configuration management processes |
| Integrate New Business Initiatives and Emerging Technologies into the Security Architecture | - Participate in development of business case for new initiatives to integrate security - Address impact of new business initiatives on security |
| Define and Oversee Comprehensive Vulnerability Management Programs (e.g., vulnerability scanning, penetration testing, threat analysis) | - Classify assets, systems, and services based on criticality to business - Prioritize threats and vulnerabilities - Oversee security testing - Mitigate or remediate vulnerabilities based on risk |
| Manage Security Aspects of Change Control | - Integrate security requirements with change control process - Identify stakeholders - Oversee documentation and tracking - Ensure policy compliance |
Risk Management - 18% | |
| Develop and Manage a Risk Management Program | - Communicate risk management objectives with risk owners and other stakeholders - Understand principles for defining risk tolerance - Determine scope of organizational risk program - Obtain and verify organizational asset inventory - Analyze organizational risk management requirements - Determine the impact and likelihood of threats and vulnerabilities - Determine countermeasures, compensating and mitigating controls - Recommend risk treatment options and when to apply them |
| Conduct Risk Assessments (RA) | - Identify risk factors - Manage supplier, vendor, and third-party risk - Understand supply chain security management - Conduct Business Impact Analysis (BIA) - Manage risk exceptions - Monitor and report on risk - Perform cost–benefit analysis |
Threat Intelligence and Incident Management - 17% | |
| Establish and Maintain Threat Intelligence Program | - Synthesize relevant data from multiple threat intelligence sources - Conduct baseline analysis - Review anomalous behavior patterns for potential concerns - Conduct threat modeling - Identify ongoing attacks - Correlate related attacks - Create actionable alerting to appropriate resources |
| Establish and Maintain Incident Handling and Investigation Program | - Develop program documentation - Establish incident response case management process - Establish Incident Response Team (IRT) - Understand and apply incident management methodologies - Establish and maintain incident handling process - Establish and maintain investigation process - Quantify and report financial and operational impact of incidents and investigations to stakeholders - Conduct Root Cause Analysis (RCA) |
Contingency Management - 10% | |
| Oversee Development of Contingency Plans (CP) | - Analyze challenges related to the Business Continuity (BC) process (e.g., time, resources, verification) - Analyze challenges related to the Disaster Recovery (DR) process (e.g., time, resources, verification) - Analyze challenges related to the Continuity of Operations Plan (COOP) - Coordinate with key stakeholders - Define internal and external incident communications plans - Define incident roles and responsibilities - Determine organizational drivers and policies - Reference Business Impact Analysis (BIA) - Manage third-party dependencies - Prepare security management succession plan |
| Guide Development of Recovery Strategies | - Identify and analyze alternatives - Recommend and coordinate recovery strategies - Assign recovery roles and responsibilities |
| Maintain Business Continuity Plan (BCP), Continuity of Operations Plan (COOP), and Disaster Recovery Plan (DRP) | - Plan testing, evaluation, and modification - Determine survivability and resiliency capabilities - Manage plan update process |
| Manage Recovery Process | - Declare disaster - Implement plan - Restore normal operations - Gather lessons learned - Update plan based on lessons learned |
Law, Ethics, and Security Compliance Management - 14% | |
| Understand the Impact of Laws that Relate to Information Security | - Understand global privacy laws - Understand legal jurisdictions the organization operates within (e.g., trans-border data flow) - Understand export laws - Understand intellectual property laws - Understand industry regulations affecting the organization - Advise on potential liabilities |
| Understand Management Issues as Related to the (ISC)2 Code of Ethics | |
| Validate Compliance in Accordance with Applicable Laws, Regulations, and Industry Best Practices | - Obtain leadership buy-in - Select compliance framework(s) - Implement validation procedures outlined in framework(s) - Define and utilize security compliance metrics to report control effectiveness and potential areas of improvement |
| Coordinate with Auditors, and Assist with the Internal and External Audit Process | - Prepare - Schedule - Perform audit - Evaluate findings - Formulate response - Validate implemented mitigation and remediation actions |
| Document and Manage Compliance Exceptions | |
One-year free update
Please try downloading the free CISSP-ISSMP dumps demo before purchase. You will be allowed to free update your CISSP-ISSMP pdf torrent one-year after made payment. And we will send you the latest version immediately once we have any updating about CISSP-ISSMP exam answers. You just need to check your mailbox.
ISC2 CISSP-ISSMP Exam Certification Details:
| Exam Code | CISSP-ISSMP |
| Sample Questions | ISC2 CISSP-ISSMP Sample Questions |
| Schedule Exam | Pearson VUE |
| Number of Questions | 125 |
| Exam Price | $599 (USD) |
| Exam Name | ISC2 Information Systems Security Management Professional (CISSP-ISSMP) |
| Passing Score | 700/1000 |
| Duration | 180 mins |
For more info visit:
ISC CISSP-ISSMP Exam Reference
The perfect ISC CISSP-ISSMP exam dumps from our website are aimed at making well preparation for your certification exam and get high passing score. Our CISSP-ISSMP pdf torrent contains latest exam questions and current learning materials, which simulate the real exam to ensure you clear exam with CISSP-ISSMP exam answers. Our CISSP Concentrations vce dumps are written by our authoritative experts to cover the maximum knowledge points of CISSP-ISSMP exams test. Most people prefer to practice questions with our test engine because you can assess your performance in our CISSP-ISSMP free dumps and mark your mistakes. Free downloading dumps demo available before purchase and one-year free update of CISSP-ISSMP pdf torrent will be allowed after payment.
Dedicated efforts have been made by our authoritative experts to write the up-to-date ISC dumps demo for real exam. With the help of 100% accurate CISSP-ISSMP exam answers, our candidates definitely clear exam with great marks. Our study guide cover the IT knowledge and key points about the CISSP-ISSMP exams test, so you can find everything you want to overcome the difficulty of CISSP-ISSMP examsboost dumps. Moreover, our colleagues constantly check the update of our questions to follow up the current certification information about CISSP-ISSMP exam answers. So the study materials you practice are latest and valid that ensures you get passing score in the real CISSP-ISSMP exams test.
It is good thing that you have decided to put efforts to keep your knowledge updated by our CISSP-ISSMP - Information Systems Security Management Professional free dumps. Getting certification requires much time and energy for the preparation of CISSP-ISSMP vce dumps that is usually hard due to the busy schedule for most candidates. That's the reason that we created latest CISSP-ISSMP pdf torrent and pass guide for our customers. You just need to spend some of your spare time to practice CISSP-ISSMP exam dumps and remember the exam answers before real exam. Right preparation materials will boost your confidence to solve the difficult of exam questions in CISSP-ISSMP exams test, our materials did it.
100% guarantee money back
We ensure you clear exam with our CISSP-ISSMP free dumps with less time and effort. But we promise you full refund if you failed exam with our CISSP-ISSMP exam dumps. What you need to do is sending your score report to us, we will full refund after confirmation.
Instant Download CISSP-ISSMP Exam Braindumps: Upon successful payment, Our systems will automatically send the product you have purchased to your mailbox by email. (If not received within 12 hours, please contact us. Note: don't forget to check your spam.)
100% accurate exam answers
Our CISSP-ISSMP exam answers are tested and approved by our authoritative experts based on the certification center. Moreover, out colleagues constantly check the updating of CISSP-ISSMP examsboost dumps to keep the accuracy of our questions. And the current certification exam about CISSP-ISSMP exams test always is updated by our website, so the learning materials you obtained are up-to-date and valid for clear exam.
Jim 
Orville 
Antonio 
Colin 
Odelia 
Uriah 
Pag 
Kelly 
Hale 
Moses 
Myron 
Horace 
Wanda 
Elvira 
Milo 
Cara 
Kyle 
Wright 
Joyce 
