The new Courseware is out. You have to decide if you like to take the old test by May 1 or new content On June 1 and beyond.
The new content is as follows
1 Information Security Governance
A Enterprise Governance
1A1 Organizational Culture
1A2 Legal, Regulatory, and Contractual Requirements
1A3 Organizational Structures, Roles, and Responsibilities
B Information Security Strategy
1B1 Information Security Strategy Development
1B2 Information Governance Frameworks and Standards
1B3 Strategic Planning (e.g., budgets, resources, business case).
2 Information Security Risk Management
A Information Security Risk Assessment
2A1 Emerging Risk and Threat Landscape
2A2 Vulnerability and Control Deficiency Analysis
2A3 Risk Assessment and Analysis
B Information Security Risk Response
2B1 Risk Treatment / Risk Response Options
2B2 Risk and Control Ownership
2B3 Risk Monitoring and Reporting
3Information Security Program
A Information Security Program Development
3A1 Information Security Program Resources (e.g., people, tools, technologies)
3A2 Information Asset Identification and Classification
3A3 Industry Standards and Frameworks for Information Security
3A4 Information Security Policies, Procedures, and Guidelines
3A5 Information Security Program Metrics
B Information Security Program Management
3B1 Information Security Control Design and Selection
3B2 Information Security Control Implementation and Integrations
3B3 Information Security Control Testing and Evaluation
3B4 Information Security Awareness and Training/td>
3B5 Management of External Services (e.g., providers, suppliers, third parties, fourth parties)
3B6 Information Security Program Communications and Reporting
4 Incident Management
A Incident Management Readiness
4A1 Incident Response Plan
4A2 Business Impact Analysis (BIA)
4A3 Business Continuity Plan (BCP)
4A4 Disaster Recovery Plan (DRP)
4A5 Incident Classification/Categorization
4A6 Incident Management Training, Testing, and Evaluation
B Incident Management Operations
4B1 Incident Management Tools and Techniques
4B2 Incident Investigation and Evaluation
4B3 Incident Containment Methods
4B4 Incident Response Communications (e.g., reporting, notification, escalation)
4B5 Incident Eradication and Recovery
4B6 Post-incident Review Practices
Updated CISM Exam Content Outline Effective Beginning 1 June 2022
To learn more go Here