All Episodes
Displaying 31 - 60 of 71 in total
Episode 31: Writing Actionable Procedures and Guidelines
Policies set direction—but procedures make things happen. This episode teaches you how to translate security policies into actionable procedures and practical guidelin...
Episode 32: Developing and Using Information Security Program Metrics
If you can’t measure it, you can’t manage it. In this episode, we cover how to create meaningful metrics for tracking the effectiveness of your security program. You’l...
Episode 33: Designing and Selecting Effective Information Security Controls
Controls are at the heart of any security program. This episode shows you how to choose the right controls based on risk assessments, business impact, and regulatory r...
Episode 34: Implementing and Integrating Information Security Controls
CISM candidates must know how to implement controls—not just select them. This episode covers how to plan, deploy, and integrate security controls across the enterpris...
Episode 35: Techniques for Information Security Control Testing and Evaluation
Testing controls is how you validate effectiveness—and it’s a must-know area for the exam. In this episode, we walk through test design, performance validation, and ho...
Episode 36: Developing Engaging Information Security Awareness and Training Programs
Security programs fail without user participation. This episode explores how to build training and awareness initiatives that promote secure behavior and reinforce gov...
Episode 37: Vendor Risk Assessment and Selection
Third-party vendors can expand capabilities—or introduce serious risk. This episode explains how to evaluate vendors before selection by conducting security assessment...
Episode 38: Contractual Security Requirements and Ongoing Vendor Monitoring
Once a vendor is onboarded, the work doesn’t stop. This episode covers how to include security clauses in contracts, define SLAs, and monitor vendor compliance over ti...
Episode 39: Communications and Reporting for the Information Security Program
Strong security programs communicate effectively. In this episode, we explain how to report program performance, risks, and control status to senior leaders, stakehold...
Episode 40: Designing and Documenting the Incident Response Plan
Domain 4 begins here. This episode walks you through how to design a comprehensive incident response plan—from defining roles and escalation paths to documenting proce...
Episode 41: Maintaining and Updating Your Incident Response Plan
An outdated incident response plan is a liability. This episode teaches you how to maintain IR documentation over time, incorporate lessons learned, and update plans t...
Episode 42: Conducting Business Impact Analysis (BIA
CISM Domain 4 expects you to know how to conduct a business impact analysis. In this episode, we walk through how to identify critical functions, assess downtime impac...
Episode 43: Building Your Business Continuity Plan (BCP)
Business continuity is broader than disaster recovery—and the CISM exam knows it. This episode explains how to build a BCP that supports organizational resilience, con...
Episode 44: Designing Your Disaster Recovery Plan (DRP)
Disaster recovery planning ensures technology and data availability during a crisis. In this episode, we break down how to design and document a DRP that complements y...
Episode 45: Testing, Maintenance, and Improvement of Your DRP
A DRP must be tested, maintained, and improved over time to remain effective. This episode explains how to schedule recovery tests, evaluate outcomes, and implement im...
Episode 46: Incident Classification and Categorization Methods
Classifying incidents accurately enables proper response. In this episode, we discuss how to build an incident classification system based on impact, type, and severit...
Episode 47: Training, Testing, and Evaluating Your Incident Management Capabilities
Your incident response plan is only as strong as your ability to execute it. This episode covers how to train staff, conduct simulations, and evaluate performance to e...
Episode 48: Incident Management Tools and Techniques
Tools can streamline detection, coordination, and resolution during incidents. In this episode, we explore common technologies used in incident management, from SIEM p...
Episode 49: Incident Investigation Methodologies
CISM candidates must understand how to manage an incident investigation. This episode covers how to gather evidence, document timelines, identify root causes, and foll...
Episode 50: Digital Forensics and Evidence Collection Basics
You don’t have to be a forensic analyst—but you do need to understand the basics. This episode explains how evidence is collected, preserved, and documented during an ...
Episode 51: Effective Incident Containment Methods
Containment is a critical phase in incident response—and a highly tested concept in Domain 4. This episode covers the strategies and decision points for containing inc...
Episode 52: Incident Response Communications: Reporting, Notification, and Escalation
Incident response is only effective if the right people are informed at the right time. In this episode, we explore how to build a communication plan that includes int...
Episode 53: Techniques for Incident Eradication
Eradication is where you eliminate the root cause of an incident. This episode walks you through how to fully remove malware, close exploited vulnerabilities, and vali...
Episode 54: Techniques for Secure Recovery and Restoration
After eradication comes recovery—and it must be secure. This episode shows you how to safely bring systems back online, validate their integrity, and ensure that no ba...
Episode 55: Conducting Meaningful Post-Incident Reviews
CISM professionals must know how to lead structured post-incident reviews. This episode explains how to capture lessons learned, evaluate what went wrong (and right), ...
Episode 56: Identifying Internal and External Influences on Security Strategy
Domain 1 isn’t just about governance—it’s about understanding what shapes strategy. This episode teaches you how to identify organizational drivers, market forces, reg...
Episode 57: Establishing Information Security Strategy Aligned with Organizational Goals
Security strategy must serve the business. This episode walks you through aligning your security vision, priorities, and investment with what the organization truly va...
Episode 58: Implementing Information Security Governance Frameworks
Frameworks turn strategy into structure. In this episode, we explain how to implement security governance frameworks like COBIT and ISO in ways that support accountabi...
Episode 59: Integrating Information Security into Corporate Governance
Security can’t operate in a silo. This episode covers how to embed information security into broader corporate governance, ensuring risk, compliance, and audit process...
Episode 60: Building Effective Security Budgets and ROI Analysis
Budgeting is about more than asking for money—it’s about justifying value. This episode explains how to estimate costs, present return on investment, and align securit...
