Certified: The CISM Audio Course

Mature security programs improve over time. In this final episode, we explain how to lead post-incident reviews, implement lessons learned, and reassess risk in light of new data. This is where gover…

Managing risk doesn’t stop with one decision. In this episode, we explore how to supervise treatment activities (mitigation, transfer, acceptance) and establish ongoing monitoring to ensure sustained…

CISM-certified professionals must oversee—not just conduct—risk assessments. This episode covers how to supervise the process, validate results, and ensure assessments align with business priorities.…

Vendors, suppliers, and partners all affect your risk posture. This episode explores how to define, enforce, and monitor external security requirements. You’ll learn how to handle audits, compliance …

In this episode, we cover how to embed security into core business workflows—from procurement to development and beyond. You’ll learn how to ensure that security requirements become part of how the o…

Security must support the mission. This episode teaches you how to align your security initiatives with day-to-day business operations, process priorities, and performance expectations. This strategi…

Metrics turn performance into visibility. This episode shows you how to define, collect, and report information security metrics that support governance, justify decisions, and improve outcomes. You’…

CISM candidates must know how to report program results and risk insights to both executives and operational teams. This episode explains how to compile relevant data, translate it into actionable in…

Effective governance depends on clear roles and responsibilities. In this episode, we walk through how to assign, document, and communicate who owns what in your security program. From the board to f…

Security programs rise or fall on leadership support. This episode teaches you how to earn and sustain executive commitment, communicate risk in business terms, and align your initiatives with organi…

CISM leaders must champion security through influence, not just authority. In this episode, we cover how to build and communicate compelling business cases for security investments. Learn how to pres…

Budgeting is about more than asking for money—it’s about justifying value. This episode explains how to estimate costs, present return on investment, and align security spending with business priorit…

Security can’t operate in a silo. This episode covers how to embed information security into broader corporate governance, ensuring risk, compliance, and audit processes align with your program. Lear…

Frameworks turn strategy into structure. In this episode, we explain how to implement security governance frameworks like COBIT and ISO in ways that support accountability, transparency, and control.…

Security strategy must serve the business. This episode walks you through aligning your security vision, priorities, and investment with what the organization truly values—its mission, objectives, an…

Domain 1 isn’t just about governance—it’s about understanding what shapes strategy. This episode teaches you how to identify organizational drivers, market forces, regulatory shifts, and threat evolu…

CISM professionals must know how to lead structured post-incident reviews. This episode explains how to capture lessons learned, evaluate what went wrong (and right), and recommend improvements. You’…

After eradication comes recovery—and it must be secure. This episode shows you how to safely bring systems back online, validate their integrity, and ensure that no backdoors or residual threats rema…

Eradication is where you eliminate the root cause of an incident. This episode walks you through how to fully remove malware, close exploited vulnerabilities, and validate that threats are no longer …

Incident response is only effective if the right people are informed at the right time. In this episode, we explore how to build a communication plan that includes internal reporting, external notifi…