Certified Information Security Manager (CISM)
Duration: 4 Days (32 Hours)
Certified Information Security Manager (CISM) Course Overview:
The Certified Information Security Manager (CISM) training is a comprehensive program designed to equip information security professionals with the knowledge and skills required to excel in the field of information security management. The CISM certification, offered by ISACA (Information Systems Audit and Control Association), validates the expertise of individuals in managing, designing, and assessing an enterprise’s information security program.
This training focuses on the key domains of information security management as defined by ISACA, namely Information Security Governance, Risk Management, Information Security Program Development and Management, and Information Security Incident Management. Participants will gain an in-depth understanding of these domains and learn how to apply industry-leading practices to protect valuable information assets and support organizational objectives.
The CISM training is ideal for professionals involved in the management, design, and assessment of enterprise information security programs. It is suitable for information security managers, IT consultants, security auditors, risk management professionals, and individuals aspiring to pursue a career in information security management.
CISM Course Objectives:
- Understand the role of an information security manager and the importance of effective information security governance.
- Gain knowledge of risk management principles and techniques to identify, assess, and mitigate information security risks.
- Learn how to develop and implement an information security program aligned with organizational goals and compliance requirements.
- Acquire the skills to manage and respond to information security incidents effectively.
- Understand the various aspects of information security governance, including policies, procedures, and frameworks.
- Explore the key components of information security program development, such as security architecture, awareness training, and resource management.
- Gain insights into establishing and maintaining an information security risk management framework within an organization.
- Learn about incident response and recovery processes, including incident handling, investigation, and reporting.
- Prepare for the CISM certification exam by understanding the exam domains, question types, and exam-taking strategies.
- Develop a practical understanding of real-world challenges and best practices in information security management.
Module 1: INFORMATION SECURITY GOVERNANCE
- Organizational Culture
- Legal, Regulatory and Contractual Requirements
- Organizational Structures, Roles and Responsibilities
- Information Security Strategy Development
- Information Governance Frameworks and Standards
- Strategic Planning (e.g., Budgets, Resources, Business Case)
Module 2: INFORMATION SECURITY RISK MANAGEMENT
- Emerging Risk and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Assessment and Analysis
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Risk Monitoring and Reporting
Module 3: INFORMATION SECURITY PROGRAM
- Industry Standards and Frameworks for Information Security
- Information Security Policies, Procedures and Guidelines
- Information Security Program Metrics
- Information Security Control Design and Selection
- Information Security Control Implementation and Integrations
- Information Security Control Testing and Evaluation
- Information Security Awareness and Training
- Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)
- Information Security Program Communications and Reporting
- Information Security Program Resources (e.g., People, Tools, Technologies)
- Information Asset Identification and Classification
Module 4: INCIDENT MANAGEMENT
- Incident Response Plan
- Business Impact Analysis (BIA)
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Incident Classification/Categorization
- Incident Management Training, Testing and Evaluation
- Incident Management Tools and Techniques
- Incident Investigation and Evaluation
- Incident Containment Methods
- Incident Response Communications (e.g., Reporting, Notification, Escalation)
- Incident Eradication and Recovery
- Post-Incident Review Practices
CISM Course Prerequisites:
1. Knowledge of information security: Candidates should have a solid understanding of information security concepts, such as confidentiality, integrity, and availability. This knowledge can be gained through formal education, self-study, or work experience.
2. IT/security work experience: It is recommended that candidates have at least five years of work experience in the IT or security fields before pursuing CISM certification. This experience should include a minimum of three years in an information security management role.
3. Familiarity with relevant frameworks and standards: Candidates should be familiar with frameworks and standards such as ISO/IEC 27001, NIST SP 800-53, and the COBIT framework.
4. Basic understanding of risk management and business continuity: Candidates should understand risk management concepts, such as risk identification, assessment, and mitigation, as well as the importance of business continuity planning.
5. Membership with ISACA: Some training providers may require candidates to be a member of ISACA, the organization responsible for the CISM certification, before enrolling in a CISM training course. Membership in ISACA can provide access to a variety of resources and benefits, including discounted exam fees and study materials.
6. English language proficiency: Since most CISM training courses are conducted in English, candidates should have strong reading, writing, and oral communication skills in English.
7. Exam eligibility: To take the CISM exam, candidates must meet specific work experience requirements set by ISACA. It is essential to ensure you meet these requirements before investing in a CISM training course.
Q: What is CISM?
A: CISM stands for Certified Information Security Manager. It is a globally recognized certification offered by ISACA that validates the expertise of individuals in managing and overseeing an enterprise’s information security program.
Q: Who is the CISM training suitable for?
A: The CISM training is ideal for professionals involved in information security management, including information security managers, IT consultants, security auditors, and risk management professionals. It is also beneficial for individuals aspiring to pursue a career in information security management.
Q: What are the benefits of obtaining the CISM certification?
A: The CISM certification demonstrates your knowledge and skills in information security management, enhancing your professional credibility and career prospects. It validates your ability to manage and assess an organization’s information security program and enables you to contribute effectively to the protection of critical information assets.
Q: What topics are covered in the CISM training?
A: The CISM training covers the four domains of information security management as defined by ISACA: Information Security Governance, Risk Management, Information Security Program Development and Management, and Information Security Incident Management. The training provides a comprehensive understanding of these domains and their practical application.
Q: Can this training be customized for specific organizational needs?
A: This training can be customized to address specific organizational needs. We can discuss customization options based on your requirements.
Discover the perfect fit for your learning journey
Choose Learning Modality
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!