Title: ISACA’s CISM Domain 2: Information Risk Management
1ISACAs CISM Domain 2 Information Risk
Management
www.infosectrain.com sales_at_infosectrain.com
2www.infosectrain.com sales_at_infosectrain.com
3- CISM Domains
- Information Security Governance
- Information Risk Management
- Information Security Program Development and
Management - Information Security Incident Management
- In this blog, let us discuss domain 2 of CISM,
which is Information Risk Management. - Note To get a clear understanding of Information
Risk Management, let me explain them separately.
www.infosectrain.com sales_at_infosectrain.com
4Information Information is organized,
structured, and processed data which helps in
decision making. For example, assume you have a
toy shop, a single customer sales of an item is
called data, and this data becomes information
when you can find the most popular and least
popular toys. And with that information, you can
add and remove toys from your shop/store. Risk
Risk in this context is the potential possibility
of occurrences of incidents or events that may
materially harm the companys data/information. M
anagement Management means identifying,
assessing, evaluating, and dealing with risks
(coping with any changes) through proactive,
deliberate, explicit, and systematic measures.
Additionally, it means managing the process,
controlling the authorization, resourcing, risk
treatment, etc.
www.infosectrain.com sales_at_infosectrain.com
5Information Risk Management process The process
of Information Security management can be summed
up as shown in this diagram.
www.infosectrain.com sales_at_infosectrain.com
6The first stage of the process is to identify the
potential risk factors like vulnerabilities,
threats, incidents, and impacts. The second
stage is to evaluate the risks, which includes
accessing or considering the information
collected in the first stage to define the
significance of various risks. In the third
stage, which is threat risks, we avoid, share, or
mitigate them. In this stage, we usually
implement the risk treatment decisions. Handling
changes may seem obvious, but their importance is
emphasized in the above mentioned infographic.
The information risks within an organization are
constantly shifting, partly as a result of the
risk treatment, partly as a result of various
other factors. At the end of the diagram, you
can see that organizations must often respond to
external obligations like market pressure,
exceptions, and compliance.
www.infosectrain.com sales_at_infosectrain.com
7Information Risk Management best practices No
one can guarantee that the IRM process of one
data asset can be successful with another data
asset hence it is essential for organizations to
use a combination of various strategies and
policies. But, there are a few best practices
that every organization must commonly implement
to maintain a strong cybersecurity
posture. https//youtu.be/eBnnpLD8cXE Here are
the three best practices that must be taken by
every organization to maintain a great
Information Risk Management program.
www.infosectrain.com sales_at_infosectrain.com
8Monitor the IT environment Constantly
monitoring the IT environment will help the
organization identify vulnerabilities and help to
prioritize the remediation activities. For
instance, many organizations struggle to
configure cloud resources. News reports often
mention Amazons S3 buckets. Inherently, these
public cloud storage locations are not risky, but
not configuring them appropriately opens them up
to the public, including to attackers. By
monitoring your IT environment continuously and
consistently, you can identify misconfigured
databases and storage locations, improving the
security of your data.
www.infosectrain.com sales_at_infosectrain.com
9Monitor the supply team Risk mitigation from
third-party vendors is also an important aspect
of your IT risk management approach. While you
may have authority over your vendors, you may not
be able to hold their vendors to the same
contractual requirements. You require insight
into the cybersecurity posture throughout your
ecosystem as part of your holistic Information
Risk Management approach. You might be at risk
if your vendors vendor uses a cloud database and
stores your information as plain text.
Continually monitor your supply stream for
encryption, which makes data unreadable even if a
hacker accesses it, this gives you insight into
the cyber health of your ecosystem.
www.infosectrain.com sales_at_infosectrain.com
10Monitor compliance Legislative agencies and
industry standards groups have issued
increasingly strict compliance rules as data
breaches continue to make headlines. Several new
legislation, like the General Data Protection
Regulation (GDPR), the California Consumer
Privacy Act (CCPA), and the New York Stop Hacks
and Improve Electronic Data Security (NY SHIELD)
Act, mandate constant monitoring as part of a
cybersecurity compliance program. You must
monitor and record your efforts to offer
assurance to internal and external auditors in
order to develop a compliant IT risk management
program. You must prioritize repair measures and
record your operations as you regularly monitor
your enterprises IT ecosystem, giving proof of
governance to your auditors.
www.infosectrain.com sales_at_infosectrain.com
11- Why InfosecTrain?
- InfosecTrain allows you to customize your
training schedules our trainers will provide
one-on-one training. - You can hire a trainer from Infosec Train who
will teach you at your own pace. - As ISACA is our premium training partner, our
trainers know how much and what exactly to teach
to make you a professional. - One more great part is that you will have access
to all our recorded sessions.
www.infosectrain.com sales_at_infosectrain.com
12That sounds exciting, right? So what are you
waiting for? Enroll in our CISM course and get
certified. Here you can get the best CISM domain
training.
www.infosectrain.com sales_at_infosectrain.com
13About InfosecTrain
- Established in 2016, we are one of the finest
Security and Technology Training and Consulting
company - Wide range of professional training programs,
certifications consulting services in the IT
and Cyber Security domain - High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com sales_at_infosectrain.com
14Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
15Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
16Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
17(No Transcript)
18Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com