ISSMP Training Course

ISSMP Training

Module 1: Leadership and Organizational Management

The heaviest domain at 21%. Establishing security's role in culture and governance, aligning strategy with organizational goals, building the policy framework, managing security in contracts, running awareness programs, defining metrics, owning the budget, and applying project management discipline to security programs.

  • 1 What the ISSMP is and who it's for 8 min Free preview
  • 2 Security's role in organizational culture, vision, and mission 9 min πŸ”’
  • 3 Aligning the security program with organizational governance 9 min πŸ”’
  • 4 Defining and implementing information security strategies 10 min πŸ”’
  • 5 Defining and maintaining the security policy framework 10 min πŸ”’
  • 6 Managing security requirements in contracts and agreements 9 min πŸ”’
  • 7 Managing security awareness and training programs 8 min πŸ”’
  • 8 Defining, measuring, and reporting security metrics 9 min πŸ”’
  • 9 Preparing, obtaining, and managing the security budget 8 min πŸ”’
  • 10 Managing security programs, teams, and cross-functional relationships 9 min πŸ”’
  • 11 Applying product development and project management principles to security 8 min πŸ”’

Module 2: Systems Lifecycle Management

The management view of the system life cycle: integrating security decision points across every phase, overseeing configuration management, absorbing emerging technologies into the architecture without breaking it, running the vulnerability management program at scale, and enforcing security within change control.

  • 1 Systems lifecycle management at the manager level 7 min πŸ”’
  • 2 Integrating security decision points and requirements throughout the life cycle 9 min πŸ”’
  • 3 Overseeing security configuration management (CM) processes 8 min πŸ”’
  • 4 Integrating organization initiatives and emerging technologies into the security architecture 9 min πŸ”’
  • 5 Designing a comprehensive vulnerability management program 9 min πŸ”’
  • 6 Managing security testing: scanning, pen testing, threat analysis 8 min πŸ”’
  • 7 Managing security aspects of change control 8 min πŸ”’
  • 8 MLSecOps: managing AI and ML in the system life cycle 8 min πŸ”’

Module 3: Risk Management

The second-heaviest domain at 20%. Building and running a risk management program, understanding tolerance and appetite, conducting assessments, treating risk, controlling supply chain and third-party exposure, and using modern frameworks including NIST AI RMF and ISO/IEC 42001.

  • 1 Building and managing the risk management program 9 min πŸ”’
  • 2 Risk tolerance, appetite, and organizational asset inventory 8 min πŸ”’
  • 3 Analyzing organizational risk and determining countermeasures 10 min πŸ”’
  • 4 Risk treatment options and cost-benefit analysis 9 min πŸ”’
  • 5 Documenting and managing agreed risks and treatments 8 min πŸ”’
  • 6 Managing security risks within the supply chain 9 min πŸ”’
  • 7 Conducting risk assessments: qualitative and quantitative 8 min πŸ”’
  • 8 Managing risk controls: effectiveness, coverage, monitoring 8 min πŸ”’
  • 9 Risk frameworks: NIST RMF, ISO 31000, FAIR, and how to choose 8 min πŸ”’
  • 10 AI risk management: NIST AI RMF and ISO/IEC 42001 8 min πŸ”’

Module 4: Security Operations

Standing up and running the security operations center, the threat intelligence program, and the incident management program β€” with the manager's view of documentation, ownership, tooling choices, and the operational integration of AI as both defense and attack surface.

  • 1 Establishing and running a Security Operations Center 9 min πŸ”’
  • 2 SOC documentation: runbooks, playbooks, standard operating procedures 7 min πŸ”’
  • 3 Establishing and maintaining a threat intelligence program 8 min πŸ”’
  • 4 Threat modeling and attack categorization at operational level 7 min πŸ”’
  • 5 Correlating security events and defining actionable alerts 7 min πŸ”’
  • 6 Establishing an incident management program: documentation and case management 9 min πŸ”’
  • 7 Incident response team, methodologies, and handling processes 8 min πŸ”’
  • 8 Investigation processes, quantifying impact, and root cause analysis 8 min πŸ”’
  • 9 AIOps and adversarial AI in security operations 8 min πŸ”’

Module 5: Contingency Management

The manager's view of business continuity, disaster recovery, and continuity of operations: BIA-driven planning, alternative recovery strategies, plan maintenance and testing, and executing response and recovery through a real disruption.

  • 1 Contingency planning fundamentals: BCP, DRP, COOP 9 min πŸ”’
  • 2 Business Impact Analysis and analyzing resiliency factors 8 min πŸ”’
  • 3 Crisis communications, roles, and third-party contingency dependencies 7 min πŸ”’
  • 4 Developing recovery strategies 8 min πŸ”’
  • 5 Maintaining and testing contingency plans 8 min πŸ”’
  • 6 Managing disaster response and recovery execution 8 min πŸ”’

Module 6: Law, Ethics, and Security Compliance Management

The legal, regulatory, and ethical framework the ISSMP navigates: jurisdictions and trans-border data flow, applicable laws and privacy regimes, intellectual property, the ISC2 Code of Ethics, compliance framework selection and implementation, working with auditors and regulators, and managing compliance exceptions.

  • 1 Legal jurisdictions and trans-border data flow 8 min πŸ”’
  • 2 Applicable security and privacy laws and regulations 9 min πŸ”’
  • 3 Intellectual property laws for information security 7 min πŸ”’
  • 4 The ISC2 Code of Ethics and organizational professional ethics 6 min πŸ”’
  • 5 Selecting, implementing, and monitoring compliance frameworks 8 min πŸ”’
  • 6 Coordinating with auditors and regulators 7 min πŸ”’
  • 7 Documenting and managing compliance exceptions and risk waivers 7 min πŸ”’