ISC2 ISSMP®: Information Systems Security Management Professional
Course 2082
5 DAY COURSE

The Information Systems Security Management Professional (ISSMP) is a security leader who specializes in establishing, presenting and governing information security programs and demonstrates management and leadership skills. ISSMPs direct the alignment of security programs with the organization’s mission, goals and strategies in order to meet enterprise financial and operational requirements in support of its desired risk position.

ISC2 ISSMP®: Information Systems Security Management Professional Benefits

• Course Benefits

  • Establish and lead an enterprise information security program
  • Ensure security is integrated and managed effectively throughout the system development and acquisition lifecycle.
  • Identify, assess, and manage information security risks
  • Oversee the development and execution of incident response and threat intelligence programs
  • Design and maintain business continuity and disaster recovery strategies

  Prerequisites

  Candidates must meet one of the following:

  • Hold an active CISSP in good standing and have two years of cumulative full-time experience in one or more ISSAP domains
    OR
  • Possess seven years of cumulative full-time experience in two or more ISSAP domains

  Experience Substitution:

  • A relevant bachelor’s or master’s degree or an approved ISC2 credential may substitute for one year of experience
  • Part-time work and internships may count toward experience requirements

ISSMP Security Management Certification Outline

Learning Objectives

Domain 1: Leadership and Operational Management

• Establish security’s role in organizational culture, vision and mission
• Align security program with organizational governance
• Define and implement information security strategies
• Define and maintain security policy framework
• Manage security requirements in contracts and agreements
• Manage security awareness and training programs
• Define, measure and report security metrics
• Prepare, obtain and manage security budget
• Manage security programs

Domain 2: Systems Lifecyle Management

• Manage integration of security throughout system lifecycle
• Integrate organization initiatives and emerging technologies throughout the security architecture
• Define and manage comprehensive vulnerability management programs
• Manage security aspects of change control
• Manage security programs

Domain 3: Risk Management

• Develop and manage a risk management program
• Manage security risks with the supply chain
• Conduct risk assessments
• Manage risk controls

Domain 4: Security Operations

• Establish and maintain security operations center
• Establish and maintain threat intelligence program
• Establish and maintain incident management program
• Develop and manage a risk management program

Domain 5: Contingency Management

• Facilitate development of contingency plans
• Develop recovery strategies
• Maintain contingency plan, resiliency plan
• Manage disaster response and recovery process

Domain 6: Law , Ethics and Security Compliance Management

• Identify the impact of laws and regulations
• Understand, adhere to and promote professional ethics
• Validate compliance in accordance with applicable laws and regulations
• Document and manage compliance exceptions