Certified Information Security Manager (CISM)

Learn the key skills and areas for a Certified Information Security Manager and prepare for the exam component of this sought-after qualification.

This course is intended to prepare delegates for the Certified Information Security Manager exam and exposes them to the job practices associated with this challenging role. 

It covers the key areas prescribed by the syllabus for the exam and discusses the concepts and process that someone performing this job would be expected to understand.

You Will Learn How To:

• Understand and use the four job practices:
• Governance setting
• Risk management
• Information security program management
• Information security incident management

Prerequisites:

• Possessing and understanding of the core concepts and practices associated with Information Security is essential as this is not a beginners course in Information Security. 
• Attending an introductory course such as Quanta's Cyber Matters, the CompTIA Security+, RESILIA Foundation or equivalents is strongly advised for those new to the sector prior to attending this course.

Course Content:

• Introducing the Certified Information Security Manager
• Role of the Certified Information Security Manager.
• Purpose of the job practices.
• Information Security Governance
• Understand the following regarding governance:
• Purpose of information security governance.
• Understand its make up and how to achieve it.
• Purpose of the information security strategy.
• Understand the objectives, content and creation of the strategy.
• Understand the meaning, content and creation of policies, standards, procedures and guidelines.
• Development of business cases and gaining commitment from senior management for the information security program.
• Define governance metrics requirements, selection of them and their creation.
• Information Security Risk Management
• Understand the following regarding governance:
• Recognise the importance of risk management in meeting business needs.
• Supporting the development of an information security program to align with business needs.
• Understand methods of identifying, prioritising and responding appropriately to risk.
• Evaluate and assess information security controls and assure fitness for purpose.
• Report effectively on the status of risks within the organisation.
• Managing Information Security Incidents
• Understand the following regarding the management of security incidents:
• The lifecycle of information incident management: Identifying, analysing, managing and responding to unexpected negative information security events.
• Identify the components of an incident response plan.
• Evaluate the effectiveness of an incident response plan.
• Recognise the relationship between incident response, disaster recovery and business continuity planning.