CISM Certification Course

Certified Information Security Manager (CISM) is a certification for information security managers awarded by ISACA (formerly the Information Systems Audit and Control Association).

The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security.

It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.

The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance.

Benefits:

• The advantages of being a CISM: Being a certified ISM, you are bound to enjoy the perks, prestige and benefits associated with the job. Some of  them are the following:
• As what most candidates desire, being a part of an elite group comes so easily. Being a CISM can put you into a position that IT professionals would want to be part of. Not all IT professionals belong to this network, so being certified is such a big recognition.
• As part of the CISM network, you will be recognized as an information security expert and experienced personnel with information security programs. With that, you will be looked up to by many.
• As a CISM, you will benefit in three important ways: delivering value to enterprises, ongoing education and career improvement.
• As an expert in the field, you can showcase your understanding between the connection between business goals and information security program. Moreover, you will be able to reconcile both that can drive success.

To aim for the CISM position is a tough and challenging journey. However, it is rewarding and fulfilling at the end of the day. The road may not be  easy, but it is worth taking.

Outline:

• Information Security Governance: 17%
• A–Enterprise Governance
• 1.    Organizational Culture
• 2.    Legal, Regulatory and Contractual Requirements
• 3.    Organizational Structures, Roles and Responsibilities
• B–Information Security Strategy
• 1.    Information Security Strategy Development
• 2.    Information Governance Frameworks and Standards
• 3.    Strategic Planning (e.g., Budgets, Resources, Business Case)
• Information Security Risk Management:20%
• A–Information Security Risk Assessment
• 1.    Emerging Risk and Threat Landscape
• 2.    Vulnerability and Control Deficiency Analysis
• 3.    Risk Assessment and Analysis
• B–Information Security Risk Response
• 1.    Risk Treatment / Risk Response Options
• 2.    Risk and Control Ownership
• 3.    Risk Monitoring and Reporting
• Information Security Program: 33%
• A–Information Security Program Development
• 1.    Information Security Program Resources (e.g., People, Tools, Technologies)
• 2.    Information Asset Identification and Classification
• 3.    Industry Standards and Frameworks for Information Security
• 4.    Information Security Policies, Procedures and Guidelines
• 5.    Information Security Program Metrics
• B–INFORMATION SECURITY PROGRAM MANAGEMENT
• 1.    Information Security Control Design and Selection
• 2.    Information Security Control Implementation and Integrations
• 3.    Information Security Control Testing and Evaluation
• 4.    Information Security Awareness and Training
• 5.    Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)
• 6.    Information Security Program Communications and Reporting
• Incident Management: 33%
• A–Incident Management Readiness
• 1.    Incident Response Plan
• 2.    Business Impact Analysis (BIA)
• 3.    Business Continuity Plan (BCP)
• 4.    Disaster Recovery Plan (DRP)
• 5.    Incident Classification/Categorization
• 6.    Incident Management Training, Testing and Evaluation
• and more

Learning Objectives:

• Understand the broad requirements for effective information security governance
• Learn the elements and actions required to develop an information security strategy
• Formulate a plan of action to implement an information security strategy
• Learn to manage information security risks
• Develop an information security plan
• Manage information security within an organization
• Develop policies and procedures to respond to and recover from disruptive and destructive information security events