2014年CISM学习计划书日历版.xls

2014 CISMCISM考考试试重重要要日日期期 2014年年CISM考考试试相相关关信信息息已已公公布布 早期报名费用 会员420美金 非会员600美金 标准报名费用 会员470美金 非会员650美金 考考试试时时间间 2014年6月考试时间2014年6月14日 早期报名截止日为2014年2月 12日 最终报名截止日2014年4月11日 2014年9月考试时间为2014年9月6日 早期报名截止日为2014年6 月11日 最终报名截止日2014年7月21日 2014年12月考试时间为2014年12月13日 早期报名截止日为2014 年8月20日 最终报名截止日2014年10月24日 考考试试信信息息变变更更相相关关时时限限和和费费用用 6月考试 4月11日之前办理免费 4月12日 25日之前办理50美金 25日之后不接受变更请求 9月考试 7月21日之前办理免费 7月22日 28日之前办理50美金 28日之后不接受变更请求 12月考试 10月24日之前办理免费 10月25日 31日之前办理50美 金 31日之后不接受变更请求 缓缓考考办办理理相相关关时时限限和和费费用用 6月考试 4月25日之前办理手续费为50美金 4月26日 5月23日之 间办理100美金 5月23日之后不接受缓考请求 9月考试 8月4日之前办理手续费为50美金 8月5日 22日之间办理 100美金 8月22日之后不接受缓考请求 12月考试 10月24日之前办理手续费为50美金 10月25日 11月28 日之间办理100美金 11月28日之后不接受变更请求 退退考考相相关关时时限限和和费费用用 6月考试 4月11日之前办理手续费为100美金 11日之后不接受退 考申请 9月考试 7月21日之前办理手续费为100美金 21日之后不接受退 考申请 12月考试 10月24日之前办理手续费为100美金 24日之后不接受 退考申请 官官方方会会员员和和非非会会员员的的区区别别 会员 会员需要向官方交取135美金 年会费 同时第一次报名的时 候注册费10美金 香港分会 70美金 年 这样你会成为官方的会员 享受优惠报名考试 不过需要每年交一次会费 共计215美金 非会员 考试费无优惠 联联系系汇汇哲哲 陆陆艳艳娇娇 Tel86 0 21 33663299 8003 Web E mail luyanjiao 2014年CISM备考群 119072577 一一月月二二月月 一一二二三三四四五五六六日日一一二二三三四四五五六六日日 2014 1 12014 1 22014 1 32014 1 42014 1 52014 2 12014 2 2 2014 1 62014 1 72014 1 82014 1 92014 1 102014 1 112014 1 122014 2 32014 2 42014 2 52014 2 62014 2 72014 2 82014 2 9 2014 1 132014 1 142014 1 152014 1 162014 1 172014 1 182014 1 192014 2 102014 2 112014 2 122014 2 132014 2 142014 2 152014 2 16 2014 1 202014 1 212014 1 222014 1 232014 1 242014 1 252014 1 262014 2 172014 2 182014 2 192014 2 202014 2 212014 2 222014 2 23 2014 1 272014 1 282014 1 292014 1 302014 1 312014 2 242014 2 252014 2 262014 2 272014 2 28 三三月月四四月月 一一二二三三四四五五六六日日一一二二三三四四五五六六日日 2014 3 12014 3 22014 4 12014 4 22014 4 32014 4 42014 4 52014 4 6 2014 3 32014 3 42014 3 52014 3 62014 3 72014 3 82014 3 92014 4 72014 4 82014 4 92014 4 102014 4 112014 4 122014 4 13 2014 3 102014 3 112014 3 122014 3 132014 3 142014 3 152014 3 162014 4 142014 4 152014 4 162014 4 172014 4 182014 4 192014 4 20 2014 3 172014 3 182014 3 192014 3 202014 3 212014 3 222014 3 232014 4 212014 4 222014 4 232014 4 242014 4 252014 4 262014 4 27 2014 3 242014 3 252014 3 262014 3 272014 3 282014 3 292014 3 302014 4 282014 4 292014 4 30 2014 3 31 五五月月六六月月 一一二二三三四四五五六六日日一一二二三三四四五五六六日日 2014 5 12014 5 22014 5 32014 5 42014 6 1 2014 5 52014 5 62014 5 72014 5 82014 5 92014 5 102014 5 112014 6 22014 6 32014 6 42014 6 52014 6 62014 6 72014 6 8 2014 5 122014 5 132014 5 142014 5 152014 5 162014 5 172014 5 182014 6 92014 6 102014 6 112014 6 122014 6 132014 6 142014 6 15 2014 5 192014 5 202014 5 212014 5 222014 5 232014 5 242014 5 252014 6 162014 6 172014 6 182014 6 192014 6 202014 6 212014 6 22 2014 5 262014 5 272014 5 282014 5 292014 5 302014 5 312014 6 232014 6 242014 6 252014 6 262014 6 272014 6 282014 6 29 2014 6 30 七七月月八八月月 一一二二三三四四五五六六日日一一二二三三四四五五六六日日 2014 7 12014 7 22014 7 32014 7 42014 7 52014 7 62014 8 12014 8 22014 8 3 2014 7 72014 7 82014 7 92014 7 102014 7 112014 7 122014 7 132014 8 42014 8 52014 8 62014 8 72014 8 82014 8 92014 8 10 2014 7 142014 7 152014 7 162014 7 172014 7 182014 7 192014 7 202014 8 112014 8 122014 8 132014 8 142014 8 152014 8 162014 8 17 2014 7 212014 7 222014 7 232014 7 242014 7 252014 7 262014 7 272014 8 182014 8 192014 8 202014 8 212014 8 222014 8 232014 8 24 2014 7 282014 7 292014 7 302014 7 312014 8 252014 8 262014 8 272014 8 282014 8 292014 8 302014 8 31 九九月月十十月月 一一二二三三四四五五六六日日一一二二三三四四五五六六日日 2014 9 12014 9 22014 9 32014 9 42014 9 52014 9 62014 9 72014 10 12014 10 22014 10 32014 10 42014 10 5 2014 9 82014 9 92014 9 102014 9 112014 9 122014 9 132014 9 142014 10 62014 10 72014 10 82014 10 92014 10 102014 10 112014 10 12 2014 9 152014 9 162014 9 172014 9 182014 9 192014 9 202014 9 21 2014 10 132014 10 142014 10 152014 10 162014 10 172014 10 182014 10 19 2014 9 222014 9 232014 9 242014 9 252014 9 262014 9 272014 9 28 2014 10 202014 10 212014 10 222014 10 232014 10 242014 10 252014 10 26 2014 9 292014 9 302014 10 272014 10 282014 10 292014 10 302014 10 31 十十一一月月十十二二月月 一一二二三三四四五五六六日日一一二二三三四四五五六六日日 2014 11 12014 11 22014 12 12014 12 22014 12 32014 12 42014 12 52014 12 62014 12 7 2014 11 32014 11 42014 11 52014 11 62014 11 72014 11 82014 11 92014 12 82014 12 92014 12 102014 12 112014 12 122014 12 132014 12 14 2014 11 102014 11 112014 11 122014 11 132014 11 142014 11 152014 11 16 2014 12 152014 12 162014 12 172014 12 182014 12 192014 12 202014 12 21 2014 11 172014 11 182014 11 192014 11 202014 11 212014 11 222014 11 23 2014 12 222014 12 232014 12 242014 12 252014 12 262014 12 272014 12 28 2014 11 242014 11 252014 11 262014 11 272014 11 282014 11 292014 11 30 2014 12 292014 12 302014 12 31 15周周计计划划通通过过CISM考考试试 三三月月周周月月三三月月 一一二二三三四四五五六六日日日日31 2014 3 12014 3 2W1周周5 2014 3 32014 3 42014 3 52014 3 62014 3 72014 3 82014 3 9W2 2014 3 10 2014 3 11 2014 3 12 2014 3 13 2014 3 14 2014 3 15 2014 3 16W3 2014 3 17 2014 3 18 2014 3 19 2014 3 20 2014 3 21 2014 3 22 2014 3 23W4 2014 3 24 2014 3 25 2014 3 26 2014 3 27 2014 3 28 2014 3 29 2014 3 30W5 2014 3 31CISM2014 24 四四月月领域领领域域 1 1 一一二二三三四四五五六六日日任务说明9 2014 4 12014 4 22014 4 32014 4 42014 4 52014 4 6W6知识点说明15 2014 4 72014 4 82014 4 9 2014 4 10 2014 4 11 2014 4 12 2014 4 13W7考试题48 2014 4 14 2014 4 15 2014 4 16 2014 4 17 2014 4 18 2014 4 19 2014 4 20W8 2014 4 21 2014 4 22 2014 4 23 2014 4 24 2014 4 25 2014 4 26 2014 4 27W9 三三月月 2014 4 28 2014 4 29 2014 4 30周 1KS1 5 五五月月周 2KS6 10 一一二二三三四四五五六六日日周 3KS11 15 2014 5 12014 5 22014 5 32014 5 4W10周 4KS16 21 2014 5 52014 5 62014 5 72014 5 82014 5 9 2014 5 10 2014 5 11W11周 5KS22 28 2014 5 12 2014 5 13 2014 5 14 2014 5 15 2014 5 16 2014 5 17 2014 5 18W122014年年CISM官官方方大大纲纲 2014 5 19 2014 5 20 2014 5 21 2014 5 22 2014 5 23 2014 5 24 2014 5 25W13 领领域域 1 信信息息安安全全治治理理 24 2014 5 26 2014 5 27 2014 5 28 2014 5 29 2014 5 30 2014 5 31 TASKS 六六月月 T1 1 Establish and maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and ongoing management of the information security program 一一二二三三四四五五六六日日 T1 2 Establish and maintain an information security governance framework to guide activities that support the information security strategy 2014 6 1W14 T1 3 Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program 2014 6 22014 6 32014 6 42014 6 52014 6 62014 6 72014 6 8W15 T1 4 Establish and maintain information security policies to communicate management s directives and guide the development of standards procedures and guidelines 2014 6 9 2014 6 10 2014 6 11 2014 6 12 2014 6 13 2014 6 14 2014 6 15 T1 5 Develop business cases to support investments in information security 2014 6 16 2014 6 17 2014 6 18 2014 6 19 2014 6 20 2014 6 21 2014 6 22 T1 6 Identify internal and external influences to the organization for example technology business environment risk tolerance geographic location legal and regulatory requirements to ensure that these factors are addressed by the information security strategy 2014 6 23 2014 6 24 2014 6 25 2014 6 26 2014 6 27 2014 6 28 2014 6 29 T1 7 Obtain commitment from senior management and support from other stakeholders to maximize the probability of successful implementation of the information security strategy 2014 6 30 T1 8 Define and communicate the roles and responsibilities of information security throughout the organization to establish clear accountabilities and lines of authority 课课程程名名称称一一月月二二月月三三月月四四月月五五月月六六月月 T1 9 Establish monitor evaluate and report metrics for example key goal indicators KGIs key performance indicators KPIs key risk indicators KRIs to provide management with accurate information regarding the effectiveness of the information security strategy CISM国际注册信息 安全经理认证培训 课程 4天 17 20上 海 KNOWLEDGE STATEMENTS KS1 1 Knowledge of methods to develop an information security strategy KS1 2 Knowledge of the relationship among information security and business goals objectives functions and Practices 七七月月八八月月九九月月十十月月十十一一月月十十二二月月 KS1 3 Knowledge of methods to implement an information security governance framework 23 26上 海 22 25上 海 KS1 4 Knowledge of the fundamental concepts of governance and how they relate to information security KS1 5 Knowledge of methods to integrate information security governance into corporate governance KS1 6 Knowledge of internationally recognized standards frameworks and best practices related to information security governance and strategy development 联系我们 上上海海总总部部 网址 赞助 cisa org 商城 地址 上海市黄浦区西藏南路760号安基大厦1506 邮编 200021 电话 86 0 21 33663299 传真 86 0 21 33663299 8002 邮箱 huizhe KS1 7 Knowledge of methods to develop information security policies KS1 8 Knowledge of methods to develop business cases KS1 9 Knowledge of strategic budgetary planning and reporting methods KS1 10 Knowledge of the internal and external influences to the organization for example technology business environment risk tolerance geographic location legal and regulatory requirements and how they impact the information security strategy KS1 11 Knowledge of methods to obtain commitment from senior management and support from other stakeholders for information security KS1 12 Knowledge of information security management roles and responsibilities KS1 13 Knowledge of organizational structures and lines of authority KS1 15 Knowledge of methods to select implement and interpret metrics for example key goal indicators KGIs key performance indicators KPIs key risk indicators KRIs 领领域域 2 信信息息风风险险管管理理与与合合规规性性 33 T2 1 Establish and maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value T2 2 Identify legal regulatory organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels T2 3 Ensure that risk assessments vulnerability assessments and threat analyses are conducted periodically and consistently to identify risk to the organization s information T2 4 Determine appropriate risk treatment options to manage risk to acceptable levels T2 5 Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level T2 6 Identify the gap between current and desired risk levels to manage risk to an acceptable level T2 7 Integrate information risk management into business and IT processes for example development procurement project management mergers and acquisitions to promote a consistent and comprehensive information risk management process across the organization T2 8 Monitor existing risk to ensure that changes are identified and managed appropriately T2 9 Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision making process KNOWLEDGE STATEMENTS KS2 1 Knowledge of methods to establish an information asset classification model consistent with business objectives KS2 2 Knowledge of methods used to assign the responsibilities for and ownership of information assets and risk KS2 3 Knowledge of methods to evaluate the impact of adverse events on the business KS2 4 Knowledge of information asset valuation methodologies KS2 5 Knowledge of legal regulatory organizational and other requirements related to information security KS2 6 Knowledge of reputable reliable and timely sources of information regarding emerging information security threats and vulnerabilities KS2 7 Knowledge of events that may require risk reassessments and changes to information security program elements KS2 8 Knowledge of information threats vulnerabilities and exposures and their evolving nature KS2 9 Knowledge of risk assessment and analysis methodologies KS2 10 Knowledge of methods used to prioritize risk KS2 11 Knowledge of risk reporting requirements for example frequency audience components KS2 12 Knowledge of methods used to monitor risk KS2 13 Knowledge of risk treatment strategies and methods to apply them KS2 14 Knowledge of control baseline modeling and its relationship to risk based assessments KS2 15 Knowledge of information security controls and countermeasures and the methods to analyze their effectiveness and efficiency KS2 16 Knowledge of gap analysis techniques as related to information security KS2 17 Knowledge of techniques for integrating risk management into business and IT processes KS2 18 Knowledge of compliance reporting processes and requirements KS2 19 Knowledge of cost benefit analysis to assess risk treatment options 领领域域 3 信信息息安安全全计计划划开开发发与与管管理理 25 T3 1 Establish and maintain the information security program in alignment with the information security strategy T3 2 Ensure alignment between the information security program and other business functions for example human resources HR accounting procurement and IT to support integration with business processes T3 3 Identify acquire manage and define requirements for internal and external resources to execute the information security program T3 4 Establish and maintain information security architectures people process technology to execute the information security program T3 5 Establish communicate and maintain organizational information security standards procedures guidelines and other documentation to support and guide compliance with information security policies T3 6 Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture 国际注册信息系统审计师 CISA培培训训讲讲义义 汇哲科技 国国际际信信息息安安全全学学习习联联盟盟 信息安全通报 汇哲科技 国际注册信息系统审计师 中英文对照题目解析合集 CISA红红宝宝书书 汇哲科技 国际注册信息系统审计师 CISA中中文文教教材材 汇哲科技 COBIT5 0 过过程程推推动动中中文文版版 汇哲科技 COBIT5 0 企企业业IT治治理理和和管管理理 业业务务框框架架中中文文版版 汇哲科技 国国际际信信息息安安全全学学习习联联盟盟 学习月刊 汇哲科技 COBIT5 0 实实施施指指南南中中文文版版 汇哲科技 国际注册信息安全经理 CISM中中文文教教材材 汇哲科技 国际注册信息安全经理 CISM培培训训讲讲义义 汇哲科技 国际注册信息系统审计师 CISA历年出现题目手册 CISA源源题题集集 汇哲科技 国际注册软件生命周期安 全师 CSSLP培培训训讲讲义义 汇哲科技 国国际际信信息息安安全全学学习习联联盟盟 信息安全意识手册 汇哲科技 联系我们 上上海海总总部部 网址 赞助 cisa org 商城 地址 上海市黄浦区西藏南路760号安基大厦1506 邮编 200021 电话 86 0 21 33663299 传真 86 0 21 33663299 8002 邮箱 huizhe T3 7 Integrate information security requirements into organizational processes for example change control mergers and acquisitions development business continuity disaster recovery to maintain the organization s security baseline T3 8 Integrate information security requirements into contracts and activities of third parties for example joint ventures outsourced providers business partners customers to maintain the organization s security baseline T3 9 Establish monitor and periodically report program management and operational metrics to evaluate the effectiveness and efficiency of the information security program KNOWLEDGE STATEMENTS KS3 1 Knowledge of methods to align information security program requirements with those of other business functions KS3 2 Knowledge of methods to identify acquire manage and define requirements for internal and external resources KS3 3 Knowledge of information security technologies emerging trends for example cloud computing mobile computing and underlying concepts KS3 4 Knowledge of methods to design information security controls KS3 5 Knowledge of information security architectures for example people process technology and methods to apply them KS3 6 Knowledge of methods to develop information security standards procedures and guidelines KS3 7 Knowledge of methods to implement and communicate information security policies standards procedures and guidelines KS3 8 Knowledge of methods to establish and maintain effective information security awareness and training programs KS3 9 Knowledge of methods to integrate information security requirements into organizational processes KS3 10 Knowledge of methods to incorporate information security requirements into contracts and third party management processes KS3 11 Knowledge of methods to design implement and report operational information security metrics KS3 12 Knowledge of methods for testing the effectiveness and applicability of information security controls 领领域域 4 信信息息安安全全事事故故管管理理 18 TASKS T4 1 Establish and maintain an organizational definition of and severity hierarchy for information security incidents to allow accurate identification of and response to incidents T4 2 Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents T4 3 Develop and implement processes to ensure the timely identification of information security incidents T4 4 Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal regulatory and organizational requirements T4 5 Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management T4 6 Organize train and equip teams to effectively respond to information security incidents in a timely manner T4 7 Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities T4 8 Establish and maintain communication plans and processes to manage communication with internal and external entities T4 9 Conduct postincident reviews to determine the root cause of information security incidents develop corrective actions reassess risk evaluate response effectiveness and take appropriate remedial actions T4 10 Establish and maintain integration among the incident response plan disaster recovery plan and business continuity plan KNOWLEDGE STATEMENTS KS4 1 Knowledge of the components of an incident response plan KS4 2 Knowledge of incident management concepts and practices KS4 3 Knowledge of business continuity planning BCP and disaster recovery planning DRP and their relationship to the incident response plan KS4 4 Knowledge of incident classification methods KS4 5 Knowledge of damage containment methods KS4 6 Knowledge of notification and escalation processes KS4 7 Knowledge of the roles and responsibiliti