// OPERATION: MANAGER_PIVOT
TARGET: Certified Information Security Manager (CISM)
OBJECTIVE: Bridge Gap [Analyst -> Manager]
:: TACTICAL_TIMELINE (6 MONTHS) ::
PHASE 1 (Weeks 1-8)
Governance & Risk
>> LAY THE FOUNDATION
Governance & Risk
>> LAY THE FOUNDATION
PHASE 2 (Weeks 9-16)
Program Dev & Incidents
>> BUILD THE ENGINE
Program Dev & Incidents
>> BUILD THE ENGINE
PHASE 3 (Weeks 17-24)
“Hell Week” Drills
>> EXECUTE EXAM
“Hell Week” Drills
>> EXECUTE EXAM
:: STANDARD_OPERATING_PROCEDURE ::
- [05:00 – 06:30] Study Block (Before the world wakes up).
- [12:00 – 12:30] 20 Practice Questions (Mobile/Lunch).
- [WEEKENDS] 1 Full Domain Review + 100 Question Mock.
DOMAIN 01 :: GOVERNANCE (24%)
“Security exists to support the business, not block it.”
- [ ] Strategy Alignment: Mapping security goals to business revenue/objectives.
- [ ] Roles & Responsibilities: Defining the RACI chart for the enterprise.
- [ ] Policy Framework: Establishing the “Law of the Land” (Standards vs Procedures).
DOMAIN 02 :: RISK MANAGEMENT (30%)
“Identify the Crown Jewels. Quantify the threat.”
- [ ] Asset Valuation: What is worth protecting? (Classify: Confidential/Secret).
- [ ] Risk Assessment: Qualitative (Heatmaps) vs. Quantitative (SLE/ALE/ARO).
- [ ] Risk Treatment: Accept, Avoid, Mitigate, or Transfer (Insurance).
DOMAIN 03 :: PROGRAM DEVELOPMENT (27%)
“Building the fortress. Buying the tools. Hiring the team.”
- [ ] Resource Mgmt: Budgeting (CapEx/OpEx) and Personnel.
- [ ] Control Implementation: Selecting controls based on cost-benefit analysis.
- [ ] Metrics (KPIs/KRIs): Measuring success (e.g., “Time to Patch”).
DOMAIN 04 :: INCIDENT MANAGEMENT (19%)
“When the wall is breached, how do we fight back?”
- [ ] Incident Response Plan (IRP): Preparation, Detection, Eradication, Recovery.
- [ ] BCP/DR Alignment: RTO (Time) vs RPO (Data) targets.
- [ ] Post-Incident Review: Lessons learned and feedback loops.