Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) is a widely-recognized IT Security certification for professionals across industry sectors globally. The CISM certification course is developed by ISACA and is ideal for anybody looking to pursue their career in the IT Security and Governance domain. This 4-day Certified Information Security Manager (CISM) certification course validates your knowledge and skill in risk management, information security, incident management, and more. Check out the dates below and enroll for the CISM training today!

Our accelerated 3 days course is designed to teach you the skills required to manage, design, oversee and assess and enterprise information security management program.

The course is completed in 3 days and covers the following domains:

• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management

Requirements

There are no prerequisites for attending the CISM course and sitting the exam. This is a practice accepted and encouraged by ISACA.In order to become CISM certified, you must meet the following requirements:

• Pass the CISM exam
• Adhere to ISACA’s Code of Professional Ethics
• Agree to comply with the Continuing Education Policy
• Accumulate enough work experience in the field of information security.
• Submit an Application for CISM Certification within 5 years of passing the exam

Who should attend?

This training course is for professionals who have 3-5 years of recent full-time professional work experience in information security management.

• CISOs
• CIOs
• CSOs
• Information security professionals
• Information security managers
• Those with management responsibilities
• Information security staff

What will I learn?

After completing this course, participants should be able to:

• Explain the relationship between executive leadership, enterprise governance and information security governance.
• Outline the components used to build an information security strategy.
• Explain how the risk assessment process influences the information security strategy.
• Articulate the process and requirements used to develop an effective information risk response strategy.
• Describe the components of an effective information security program.
• Explain the process to build and maintain an enterprise information security program.
• Outline techniques used to assess the enterprise’s ability and readiness to manage an information security incident.
• Outline methods to measure and improve response and recovery capabilities.

How will I benefit?

This course and professional certification will provide you and your organization a competitive advantage in the marketplace

• Provide business and enterprise with a deep understanding of the relationship and ensure alignment between information security programs and broader business goals and objectives while meeting the challenging need to integrate information security into business operations
• Understand how to establish and maintain the necessary frameworks that will ensure information security strategies are aligned with business objectives, and consistent with applicable laws and regulations
• Ensure the security and integrity of data and greater alignment between organizations’ information security programs and their broader goals and objectives.
• Get the right mix of critical technology, business skills and experience. CISMs understand the true nature of security threats and how to respond quickly and appropriately
• Confidently identify and manage information security risks to achieve business objectives
• Be familiar with industry accepted terminology and practices used by information security professionals
• Gain the necessary knowledge and skills required in order prepare for the ISACA CISM exam

CISM Course Outline:

Domain 1 – Information Security Governance

• Describe the role of governance in creating value for the enterprise.
• Explain the importance of information security governance in the context of overall enterprise governance.
• Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy.
• Identify the relevant legal, regulatory and contractual requirements that impact the enterprise.
• Describe the effects of the information security strategy on enterprise risk management.
• Evaluate the common frameworks and standards used to govern an information security strategy.
• Explain why metrics are critical in developing and evaluating the information security strategy.

Domain 2 – Information Security Risk Management

• Apply risk assessment strategies to reduce the impact of information security risk.
• Assess the types of threats faced by the enterprise.
• Explain how security control baselines affect vulnerability and control deficiency analysis.
• Differentiate between application of risk treatment types from an information security perspective.
• Describe the influence of risk and control ownership on the information security program.
• Outline the process of monitoring and reporting information security risk.

Domain 3 – Information Security Program

• Outline the components and resources used to build an information security program.
• Distinguish between common IS standards and frameworks available to build an information security program.
• Explain how to align IS policies, procedures and guidelines with the needs of the enterprise.
• Describe the process of defining an IS program road map.
• Outline key IS program metrics used to track and report progress to senior management.
• Explain how to manage the IS program using controls.
• Create a strategy to enhance awareness and knowledge of the information security program.
• Describe the process of integrating the security program with IT operations and third-party providers.
• Communicate key IS program information to relevant stakeholders.

Domain 4 – Incident Management

• Distinguish between incident management and incident response
• Outline the requirements and procedures necessary to develop an incident response plan.
• Identify techniques used to classify or categorize incidents.
• Outline the types of roles and responsibilities required for an effective incident management and response team
• Distinguish between the types of incident management tools and technologies available to an enterprise.
• Describe the processes and methods used to investigate, evaluate and contain an incident.
• Identify the types of communications and notifications used to inform key stakeholders of incidents and tests.
• Outline the processes and procedures used to eradicate and recover from incidents.
• Describe the requirements and benefits of documenting events.
• Explain the relationship between business impact, continuity and incident response.
• Describe the processes and outcomes related to disaster recovery.
• Explain the impact of metrics and testing when evaluating the incident response plan.