ISSMP – Information Systems Security Management Professional

Overview

🕮 Off the shelf (OTS)

Candidates must be a CISSP in good standing and have two years cumulative, full-time experience in one or more of the six domains of the current ISSMP outline.

Or

Candidates must have a minimum of seven years cumulative, full-time experience in two or more of the domains of the current ISSMP outline. Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields or an additional credential from the ISC2 approved list may satisfy one year of the required experience. Only one year of experience can be waived. Part-time work and internships may also count towards the experience requirement.""""

This cybersecurity management certification shows that you excel at establishing, presenting and governing information security programs. You also demonstrate deep management and leadership skills across critical security functions like incident response and recovery.
Outline:
1.1 Establish security’s role in organizational culture, vision and mission
1.2 Align security program with organizational governance

1.3 Define and implement information security strategies

1.4 Define and maintain security policy framework Determine applicable external standards

1.5 Manage security requirements in contracts and agreements

1.6 Manage security awareness and training programs

1.7 Define, measure and report security metrics

1.8 Prepare, obtain and administer security budget

1.9 Manage security programs

1.10 Apply product development and project management principles

2.1 Manage integration of security into Systems Development Life Cycle (SDLC)

2.2 Integrate new business initiatives and emerging technologies into the security architecture

2.3 Define and oversee comprehensive vulnerability management programs (e.g., vulnerability scanning, penetration testing, threat analysis)

2.4 Manage security aspects of change control

3.1 Develop and manage a risk management program

3.2 Conduct risk assessments

3.3 Manage security risks within the supply chain (e.g., supplier, vendor, third-party risk)

4.1 Establish and maintain threat intelligence program

4.2 Establish and maintain incident handling and investigation program

5.1 Facilitate development of contingency plans

5.2 Develop recovery strategies

5.3 Maintain contingency plan, Continuity of Operations Plan (COOP), business continuity plan (BCP) and disaster recovery plan (DRP)

5.4 Manage disaster response and recovery process

6.1 Identify the impact of laws and regulations that relate to information security

6.2 Adhere to the ISC2 Code of Ethics as related to management issues

6.3 Validate compliance in accordance with applicable laws, regulations and industry best practices

6.4 Coordinate with auditors and regulators in support of the internal and external audit processes

6.5 Document and manage compliance exceptions.

Successful completion of this course requires access an external online assessment. The online assessment platform may not be accessible from Civil Service department IT due to security restrictions. If you have any questions or believe you may be impacted by these restrictions, please contact support@governmentcampus.co.uk.