Certified Information Security Manager (CISM) Proficiency (Advanced Level)

Topics covered

• apply IPv4 concepts to a network environment
• apply IPv6 concepts to a network environment
• describe the PKI hierarchy
• differentiate between authentication and authorization
• discuss how IPsec secures network traffic
• draw a correlation between OSI layers and TCP/IP protocols
• identify common hardening techniques for networks and hosts
• identify how identity and access management constitutes a critical aspect of IT security
• identify how IPD and IPS systems differ
• identify the relationship between IT security and business processes
• outline how cryptography addresses IT security
• outline how to apply common risk management concepts, such as gap analysis, SWOT, and risk vs. incident
• outline how to determine the risk appetite of an organization
• recall how MFA enhances user sign-in security
• recall how Wi-Fi networks can be secured
• recall when federated identities should be used
• recognize how different server roles can be deployed and managed safely including through a jump box
• recognize how DNS is a network name resolution service
• recognize how IT security policies must align to securing business processes
• recognize how security baselines can help identify potential indicators of compromise
• recognize the relevance of IT security in today's business environment
• recognize when different types of firewalls should be used
• use change management to securely modify network and device configurations in a structured manner
• use patch management to securely deploy updates in a structured manner