The Information Security Management Professional course and exam are based on the following Intended Learning Outcomes (ILOs):

1 Information security perspective
1.1 Business interest of information security
The candidate can…
1.1.1 distinguish types of information based on their business value.
1.1.2 explain the characteristics of a management system for information security.
1.2 Customer perspective on governance
The candidate can…
1.2.1 explain the importance of information governance when outsourcing.
1.2.2 recommend a supplier based on security controls.
1.3 Supplier’s responsibilities in security assurance
The candidate can…
1.3.1 distinguish security aspects in service management processes.
1.3.2 support compliance activities.
2 Risk management
2.1 Principles of risk management
The candidate can…
2.1.1 explain principles of analyzing risks.
2.1.2 identify risks for classified assets.
2.1.3 calculate risks for classified assets.
2.2 Control risks
The candidate can…
2.2.1 categorize controls based on confidentiality, integrity, and availability.
2.2.2 choose controls based on incident cycle stages.
2.2.3 choose relevant guidelines for applying controls.
2.3 Deal with residual risks
The candidate can…
2.3.1 distinguish risk strategies.
2.3.2 produce business cases for controls.
2.3.3 produce reports on risk analyses.
3 Information security controls
3.1 Organizational controls
The candidate can…
3.1.1 write policies and procedures for information security.
3.1.2 implement information security incident handling.
3.1.3 perform an awareness campaign in the organization.
3.1.4 implement roles and responsibilities for information security.
3.1.5 support the development and testing of a business continuity plan.
3.2 Technological controls
The candidate can…
3.2.1 explain the purpose of security architectures.
3.2.2 explain the purpose of security services.
3.2.3 explain the importance of security elements in the IT infrastructure.
3.3 Physical controls and people controls
The candidate can…
3.3.1 recommend controls for physical access.
3.3.2 recommend security controls for employment life cycle.

You will need to use a special browser that uses camera proctoring while you take the exam. The exam consists of forty (40) multiple choice questions. Each question has three (3) answer options, exactly one (1) of which is correct. You should answer all questions, since there is no penalty for questions answered incorrectly, but you will not get any points for questions left unanswered.  To pass, you must answer at least 27 questions correctly. You will have 60 minutes to take the exam.

Ordering the exam entitles you to sit for one (1) exam attempt.

This is one of the eight exams you need to pass to earn the CCISO® diploma.