Certified Information Security Manager (CISM®

Gain knowledge and experience to demonstrate your understanding of the relationship between an information security program and broader business goals and objectives as you prepare for the Certified Information Security Manager (CISM) certification. 

It distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program.

The uniquely management-focused CISM certification promotes international security practices and recognises the individual who manages, designs, oversees and assesses an enterprise’s information security. 

This course is an intensive, four-day review program designed to prepare professionals for the Certified Information Security Manager exam.

This course includes a digital courseware manual and access to the CISM Questions, Answers and Explanations (QAE) database for 12 months.

What You’ll Learn

After completing this course, participants should be able to:

• Explain the relationship between executive leadership, enterprise governance and information security governance

• Outline the components used to build an information security strategy

• Explain how the risk assessment process influences the information security strategy

• Articulate the process and requirements used to develop an effective information risk response strategy

• Describe the components of an effective information security program

• Explain the process to build and maintain an enterprise information security program

• Outline techniques used to assess the enterprise’s ability and readiness to manage an information security incident

• Outline methods to measure and improve response and recovery capabilities

Who Is The Course For?

This course is designed for IT professionals with technical expertise and experience in IS/IT security and control looking to transition from team player to manager, including:

• Senior Executives

• IT Managers

• Information Security Professionals

• IT Software System and Application Developers

• IT Auditors

We can also deliver and customise this training course for larger groups – saving your organisation time, money and resources. 

Course Subjects

Domain 1: Information Security Governance

• Enterprise Governance Overview

• Organisational Culture, Structures, Roles and Responsibilities

• Legal, Regulatory and Contractual Requirements

• Information Security Strategy

• Information Governance Frameworks and Standards

• Strategic Planning

Domain 2: Information Security Risk Management

• Risk and Threat Landscape

• Vulnerability and Control Deficiency Analysis

• Risk Assessment, Evaluation and Analysis

• Information Risk Response

• Risk Monitoring, Reporting and Communication

Domain 3: Information Security Program Development and Management

• IS Program Development and Resources

• IS Standards and Frameworks

• Defining an IS Program Road Map

• IS Program Metrics

• IS Program Management

• IS Awareness and Training

• Integrating the Security Program with IT Operations

• Program Communications, Reporting and Performance Management

Domain 4: Information Security Incident Management

• Incident Management and Incident Response Overview

• Incident Management and Response Plans

• Incident Classification/Categorisation

• Incident Management Operations, Tools and Technologies

• Incident Investigation, Evaluation, Containment and Communication

• Incident Eradication, Recovery and Review

• Business Impact and Continuity

• Disaster Recovery Planning

• Training, Testing and Evaluation

Prerequisites

• It is recommended that you have 3-5 years of information security experience.
• To earn the CISM certification, students must pass the CISM Exam and also meet the additional criteria as determined by ISACA.