CtrlK

Search...

Trending this month -AWS CCP•CISSP•AZ-900•A+•TOGAF•AI-102•Sec+•AZ-104•CSA•ITIL 4

Quick Feedback

CISM Study Notes

Domain 1: Information Security Governance (17%)

Security Governance Framework

Strategic Alignment

Ensure security activities support business objectives and enterprise strategy

Value Delivery

Optimize security investments to support organizational objectives

Risk Management

Ensure risks are appropriately managed within acceptable levels

Resource Management

Use security knowledge and infrastructure efficiently and effectively

Performance Measurement

Monitor and report on security processes to ensure objectives are achieved

Roles and Responsibilities

Role	Primary Responsibility	Accountability
Board of Directors	Oversight and governance	Ultimate accountability
Executive Management	Strategic direction and support	Operational accountability
CISO	Security program leadership	Program implementation
Information Security Manager	Day-to-day operations	Tactical execution
Business Process Owners	Risk decisions for their processes	Process-level security

Security Policies

Policies: High-level statements of management intent and direction
Standards: Mandatory requirements that support policies
Procedures: Step-by-step instructions for implementing standards
Guidelines: Recommendations and best practices (not mandatory)
Baselines: Minimum security configurations for systems

Governance Metrics

KPIs

Key Performance Indicators measure operational effectiveness

KRIs

Key Risk Indicators provide early warning of increasing risk

KGIs

Key Goal Indicators measure progress toward objectives

CSFs

Critical Success Factors define what must go well for success