No products in the cart.
Why Should You Attend?
The Certified Information Security Manager (CISM®) validates your ability to assess risks, implement effective governance, and proactively respond to incidents. With a focus on emerging technologies such as AI (artificial intelligence) and blockchain, it ensures that your skill set addresses security threats and evolving industry requirements. Addressing top concerns such as data breaches and ransomware attacks, essential for IT professionals, this certification ensures that you stay ahead of the pace of change.
Target Audience
- Professionals preparing to become CISM certified.
- Individuals certified in CISA or CISSP looking to move into information security management.
- Professionals in general security management who wish to shift towards information security.
- Information security managers.
Learning Objectives
Upon completion of this course, you will be able to:
- Explain the relationship between executive leadership, enterprise governance, and information security governance.
- Outline the components used to build an information security strategy.
- Explain how the risk assessment process influences the information security strategy.
- Articulate the process and requirements used to develop an effective information risk response strategy.
- Describe the components of an effective information security program.
- Explain the process of building and maintaining an enterprise-level information security program.
- Outline the techniques used to assess the enterprise’s capability and readiness to manage an information security incident.
- Outline the methods of measuring and improving response and recovery capabilities.
Requirements for CISM Certification
To obtain the CISM certificate, you must have 5 years of experience in information system security within the last 10 years.
Content
Domain 1: Information Security Governance
Enterprise Governance
- Organizational Culture
- Legal, Regulatory, and Contractual Requirements
- Organizational Structures, Roles, and Responsibilities
Information Security Strategy
- Development of information security strategy
- Governance frameworks and standards for information
- Strategic planning (e.g., budgets, resources, business case)
Domain 2: Information Security Risk Management
Information Security Risk Assessment
- The emerging landscape of risks and threats
- Vulnerability and control deficiency analysis
- Risk assessment and analysis
Response to Information Security Risks
- Risk treatment/response options
- Risk and control ownership
- Risk monitoring and reporting
Domain 3: Information Security Program
Development of the Information Security Program
- Resources for the information security program (e.g., people, tools, technologies)
- Identification and classification of information assets
- Industry standards and frameworks for information security
- Information security policies, procedures, and guidelines
- Metrics for the information security program
Management of the Information Security Program
- Design and selection of information security controls
- Implementation and integration of information security controls
- Testing and evaluation of information security controls
- Awareness and training in information security
- Management of external services (e.g., vendors, suppliers, third parties, fourth parties)
- Communications and reporting of the information security program
Domain 4: Incident Management
Preparation for Incident Management
- Incident response plan
- Business impact analysis (BIA)
- Business continuity plan (BCP)
- Disaster recovery plan (DRP)
- Incident classification/categorization
- Training, testing, and evaluation of incident management
Incident Management Operations
- Tools and techniques for incident management
- Investigation and evaluation of incidents
- Incident isolation methods
- Communications in incident response (e.g., reporting, notification, escalation)
- Incident eradication and recovery
- Post-incident review practices
What is Included in The Course Fee
Official ISACA Training Materials:
- The Review Manual, which is a comprehensive reference guide designed to assist individuals in preparing for the CISM exam and to understand the roles and responsibilities of an information systems (IS) auditor.
- QAE (Questions, Answers, and Explanations), based on the exam questions, each set of questions and answers includes in-depth explanations for each answer choice, allowing the learner to fully understand the rationale behind each correct and incorrect answer choice.
Optional
- Examination: By successfully passing this exam, you demonstrate your understanding of the key concepts of the CRISC domains, and it is required to complete certification.
Exam Details
- Number of questions: 150 questions
- Duration of the exam: 4 hours
- Course duration: approximately 16 hours
For further information you can view the Exam Guide here
