CISM

Governance frameworks and strategy · Organizational culture and structure · Legal and regulatory requirements · Roles and responsibilities · Aligning security with business goals

Risk identification and assessment · Risk analysis and evaluation · Risk treatment and response options · Risk monitoring and reporting · Asset classification and valuation

Program development and resources · Security control design and implementation · Awareness and training · Metrics and program management · Third-party and vendor management

Incident response planning · Detection and classification · Containment, eradication, and recovery · Business continuity and disaster recovery · Post-incident review and forensics