CIS Event Management Certification is a professional certification program offered by the Center for Internet Security (CIS) that validates the knowledge and skills of individuals in managing events related to cybersecurity incidents.
The program focuses on developing the skills necessary for handling cybersecurity incidents and events, including preparation, identification, containment, analysis, eradication, and recovery. It also covers topics such as communication and coordination with stakeholders, incident response planning, and best practices for incident management.
CIS-Event Management Certification Glossary
Here is a glossary of terms related to CIS-Event Management certification:
- CIS: The Center for Internet Security is a non-profit organization that provides guidelines and best practices for securing information systems and networks.
- Event Management: The process of monitoring and analyzing events that occur within an information system or network, and taking appropriate actions to respond to those events.
- Incident: An unplanned event that disrupts or threatens to disrupt the normal operation of an information system or network.
- Incident Response: The process of detecting, investigating, and resolving security incidents in an information system or network.
- Threat: Any activity, circumstance, or event that has the potential to cause harm to an information system or network.
- Vulnerability: A weakness or flaw in an information system or network that can be exploited by a threat actor to gain unauthorized access or cause harm.
- Risk: The potential for loss, damage, or harm to an information system or network resulting from a threat exploiting a vulnerability.
- Understanding Risk Assessment: The process of identifying, analyzing, and evaluating risks to an information system or network.
- Risk Management: The process of identifying, assessing, and prioritizing risks to an information system or network, and taking appropriate actions to mitigate or eliminate those risks.
- Security Controls: Measures put in place to protect an information system or network from security threats, vulnerabilities, and risks.
- Understanding Security Incident: An event that compromises the confidentiality, integrity, or availability of an information system or network.
- Security Policy: A set of rules and guidelines that define how an organization will protect its information systems and networks from security threats.
How to Prepare for CIS-Event Management Certification?
Preparing for the CIS-Event Management certification requires a good understanding of the concepts and best practices related to event management. The following are some steps to help you prepare for the exam:
- Review the Exam Guide: The first step in preparing for the exam is to review the exam guide provided by the Center for Internet Security (CIS). The exam guide outlines the topics covered in the exam and the skills and knowledge required to pass the exam. Make sure to review the guide thoroughly and take note of any areas where you need to focus your studies.
- Get Familiar with CIS Controls: The CIS Controls are a set of best practices for securing computer systems and networks. The CIS-Event Management certification exam is based on these controls, so make sure to become familiar with them. You can find the CIS Controls on the CIS website.
- Study Relevant Standards: The CIS-Event Management certification exam covers various standards related to event management, such as ISO 27001, ITIL, and COBIT. Make sure to study these standards and understand how they relate to event management.
- Gain Hands-on Experience: The best way to prepare for the exam is to gain practical experience working with event management tools and techniques. Set up a lab environment and practice using event management tools such as Splunk, LogRhythm, and IBM QRadar. Implement different event management solutions and gain hands-on experience in designing, building, and deploying event management systems.
- Take Training Courses: The CIS offers training courses on event management that can help you prepare for the exam. You can find these courses on the CIS website. Other training providers, such as SANS Institute, also offer courses on event management.
Modules of the CIS-Event Management Exam
The 5 key domains of the exam syllabus are further divided into subtopics to provide you a clear understanding of the exam. The Course Outline is the most important part of your preparations as all CIS Event Management Questions originate from it. The Course Outline has been Updated for Tokyo Release, October 2022. Following domains are covered in this exam:
Topic 1: Event Management Overview
• Understanding IT Operations Management (ITOM) solution (Documentation: IT Operations Management)
• Define customer challenges (ServiceNow Documentation: Customer Service Management)
• Learn Event Management key features and capabilities (Documentation: Event Management)
• Graphical user interfaces (operator workspace, an alert intelligence, dependency maps) (Documentation: Workspace, Now Platform user interface, Alert intelligence, Dependency Views map)
• Common Service Data Model (business, application, and technical services) (Documentation: Common Service Data Model)
Topic 2: Architecture and Discovery
• Firstly Discovery and MID server architecture (ServiceNow Documentation: Introducing the MID Server, Discovery)
• Understanding Event Management architecture and CMDB (ServiceNow Documentation: Configuration Management and the CMDB)
•Learning The monitoring process (ServiceNow Documentation: Monitor service health)
• Install a MID server (ServiceNow Documentation: MID Server installation)
Topic 3: Event Configuration and Use
• Event setup (event processing, event rules, event filter, event thresholds, operator workspace) (ServiceNow Documentation: Event rules, Filter the events that an event rule applies to, Operator Workspace service monitor)
• Understanding Event Management process flow (event table, message key, event processing jobs, event field mapping, CI binding, best practices) (ServiceNow Documentation: Event process flow, Event Management configuration preferences)
• Connectors (preconfigured, customized) (ServiceNow Documentation: Create a custom pull connector)
• Scripting (Regex, JavaScript, PowerShell) (ServiceNow Documentation: Using regular expressions in scripts, Create a PowerShell activity)
Topic 4: Alerts and Tasks
• Alert defined (alert record attributes, scheduled jobs) (ServiceNow Documentation: View alert information, Manage alerts)
• Alerts process flow (alert management rules, CI binding, priority scores, priority groups, incidents, best practices) (ServiceNow Documentation: Alert management rules for resolving alerts, Alert binding to CIs with event rules, Alert priority, Priority group)
• Alert grouping (correlation rules, alert aggregation) (ServiceNow Documentation: Alert correlation rules, Alert aggregation)
• Alert Intelligence (ServiceNow Documentation: Alert intelligence)
• Alert impact profile (impact tree, impact rules, cluster example, SLAs) (ServiceNow Documentation: View the impact tree, Alert impact calculation)
Topic 5: Event Sources
• Identify event sources (ServiceNow Documentation: View events)
• Push vs. pull methods (ServiceNow Documentation: Pulls and pushes)
• Use inbound actions
• Configure a monitoring connector (ServiceNow Documentation: Connectors and listeners)
CIS-Event Management Certification Exam Tips and Tricks
Preparing for the CIS (Center for Internet Security) Event Management certification exam can be challenging, but with a focused approach and the right resources, you can increase your chances of success. Here are some tips to help you prepare:
- Familiarize yourself with event management: As an event management professional, you will be responsible for monitoring and responding to security events. Make sure you have a good understanding of event management concepts and tools.
- Study relevant documentation: CIS provides extensive documentation on its event management standards and best practices. Read through relevant documentation to understand the recommended approaches to event management.
- Review practice questions and sample exams: There are many resources available online that provide practice questions and sample exams for the CIS Event Management certification. Take advantage of these resources to test your knowledge and get a feel for the exam format.
- Take a training course: CIS offers several training courses for the Event Management certification. These courses cover the exam objectives in detail and provide hands-on experience with event management tools.
Remember, the key to success in any certification exam is consistent and focused study. Develop a study plan, stay organized, and prioritize your time effectively. Good luck with your preparations!
On the exam day:
The exam day can be really stressful. It will bring waves of nervousness in you. But try staying calm as an anxious mind can affect your exam. Have faith in your preparations and believe in your instincts. Some tips for the exam day-
- Firstly, go in well rested. No need to add fatigue to the mix. The questions are challenging enough.
- Then, answer everything you know for certain at first. Don’t waste your time in the beginning on questions you’re unsure of.
- Next, Use the method for elimination among the options to make an educated guess and have a higher possibility of getting it right.
- Subsequently, concentrate on your exam and avoid distractions as you only have 90 minutes to complete.
- Also, Always remember to submit the exam. If you do not submit, the exam will not be evaluated and you will lose the exam attempt.
Let’s Summarise
A career in the field of event management can be very rewarding. The exam is an investment in your career. The two main things that will help you be successful in the event industry are hands-on experience and relevant industry education We hope this guide will be useful and help you to advance your career prospects.