Course Description

This Certified Information Security Manager (CISM) training course focuses on the construction, development, and governance of information security operations. Possession of this certification displays precise knowledge, practice, and copious amounts of experience in the realm of information security management. This CISM training course takes into account practical issues, like the creation of information security programs, and incident management, whilst promoting security practices used globally. CISM teaches delegates how to tailor ever-changing technology to their enterprises. This enables the enterprises to emerge as a valuable organization and may expand their clientele due to their implementation of CISM certified individuals.

The demand for skilled information security management professionals is increasing, hence this CISM certification fulfills business needs. CISM has been accepted as the universal standard to strive towards within the sphere of information security, thus depicting the qualification as a prominent representation of expertise and commitment. This causes CISM holders to be identified as the most certified professionals in the information security realm and means delegates can recognize the link between information security programs and the larger goals of the organization.

The four domains are as follows:

1. Information Security Governance
2. Information Risk Management and Compliance
3. Information Security Program Development and Management
4. Information Security Incident Management

Course Outline

Domain 1 – Information Security Governance

• Introduction to Information Security Governance
• Effective Information Security Governance
• Governance and Third Party Relationships
• Information Security Metrics
• Information Security Governance Metrics
• Information Security Strategy
• Information Security Strategy Development
• Strategy Resources and Constraints
• Other Frameworks
• Compliances
• Action Plans to Implement Strategy
• Governance of Enterprise IT

Domain 2 – Information Risk Management and Compliance

• Information Risk Management
• Risk Management Overview
• Risk Assessment
• Information Asset Classification
• Assessment Management
• Information Resource Valuation
• Recovery Time Objectives
• Security Control Baselines
• Risk Monitoring
• Training and Awareness
• Information Risk Management Documentation

Domain 3 – Information Security Program Development and Management

• Information Security Program Management Overview
• Information Security Program Objectives
• Information Security Program Concepts
• Information Security Program Technology Resources
• Information Security Program Development
• Information Security Program Framework
• Information Security Program Roadmap
• Enterprise Information Security Architecture (EISA)
• Security Program Management and Administration
• Security Program Services and Operational Activities
• Controls
• Security Program Metrics and Monitoring
• Measuring Operational Performance
• Common Information Security Program Challenges

Domain 4 – Information Security Incident Management

• Incident Management Overview
• Incident Management Procedures
• Incident Management Resources
• Incident Management Objectives
• Incident Management Metrics and Indicators
• Defining Incident Management Procedures
• Business Continuity and Disaster Recovery Procedures
• Post Incident Activities and Investigation
• ISACA Code of Professional Ethics
• Laws and Regulations
• Policy Versus Law Within an Organisation
• Ethics and the Internet IAB
• Certified Information Security Manager

Learner Outcomes

This CISM course will give you the requisite skillsets to design, deploy and manage security architecture for your organization. The course is aligned with ISACA best practices and is designed to help you pass the CISM exam on your first attempt. Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification, and it is considered essential to ongoing education and career development. This course will see that you are well-equipped to manage the ongoing security, compliance and governance of your IT organization.

At the end of this training, the learner will be able to:

• Identify critical issues and customize company-specific practices to support the governance of information and related technologies
• Bring credibility to the enterprise for which they are employed
• Take a comprehensive view of information systems security management and their relationship to organizational success
• Demonstrate to enterprise customers their commitment to compliance, security and integrity; ultimately contributing to the attraction and retention of customers
• Ensure that there is improved alignment between the organization's information security program and its broader goals and objectives
• Provide the enterprise with a certification for Information security management that is recognized by multinational clients and enterprises, lending credibility to the enterprise

Notes

Recommendations

CISM certification is a globally recognized professional requirement in the IT Security domain. This certification is best suited for:

• Security consultants and managers
• IT directors and managers
• Security auditors and architects
• Security systems engineers
• Chief Information Security Officers (CISOs)
• Information security managers
• IS/IT consultants
• Chief Compliance/Privacy/Risk Officers

The above list is a suggestion only; individuals may wish to attend based on their own career aspirations, personal goals or objectives.

Accrediting Associations

• Information Systems Audit and Control Association (ISACA) 30.0 CPE