Skip to main Content

Certified Information Security Manager + Examen

  • Course Code CISM
  • Duration 4 days

Additional Payment Options

  • GTC 43 inc. VAT

    GTC, Global Knowledge Training Credit, please contact Global Knowledge for more details

Public Classroom Price

eur3.995,00

excl. VAT

Request Group Training Add to Cart

Course Delivery

This course is available in the following formats:

  • Class Connect HD

    Connect to a class in HD

  • Company Event

    Event at company

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

Request this course in a different delivery format.

Course Overview

Top

The CISM certification program was developed by ISACA for experienced information security management professionals who have experience developing and managing information security programs and who understand the programs relationship to the overall business goals. The CISM exam consists of 200 multiple-choice questions that cover the four CISM domains. The American National Standards Institute (ANSI) has accredited the CISM certification program under ISO/IEC 17024:2003, General Requirements for Bodies Operating Certification Systems of Persons.

Course Schedule

Top
    • Delivery Format: Virtual Learning
    • Date: 15-18 June, 2020

      Guaranteed  To Run

    • Location: Virtual
    • Language: NL
    • Delivery Format: Virtual Learning
    • Date: 06-09 July, 2020
    • Location: Virtual
    • Language: NL
    • Delivery Format: Public Classroom
    • Date: 27-30 July, 2020
    • Location: Zoetermeer (Scheglaan 12)
    • Language: NL
    • Delivery Format: Virtual Learning
    • Date: 27-30 July, 2020
    • Location: Virtual
    • Language: NL

Target Audience

Top

Experienced information security managers and those who have information security management responsibilities, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.

Course Objectives

Top

In-depth coverage of the four domains required to pass the CISM exam:

  • Information Security Governance
  • Information Risk Management and Compliance
  • Information Security Program Development and Management
  • Information Security Incident Management

Course Content

Top

Domain 1: Information Security Governance

  • Develop an information security strategy, aligned with business goals and directives.
  • Establish and maintain an information security governance framework.
  • Integrate information security governance into corporate governance.
  • Develop and maintain information security policies.
  • Develop business cases to support investments in information security.
  • Identify internal and external influences to the organization.
  • Gain ongoing commitment from senior leadership and other stakeholders.
  • Define, communicate and monitor information security responsibilities
  • Establish internal and external reporting and communication channels.

Domain 2: Information Risk Management

  • Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
  • Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
  • Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and at appropriate times, to identify and assess risk to the organization’s information.
  • Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
  • Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
  • Facilitate the integration of information risk management into business and IT processes to enable a consistent and comprehensive information risk management program across the organization.
  • Monitor for internal and external factors (e.g., threat landscape, cybersecurity, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately.
  • Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
  • Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.

Domain 3: Information Security Program Development & Management

  • Develop a security program, aligned with information security strategy
  • Ensure alignment between the information security program and other business functions
  • Establish and maintain requirements for all resources to execute the IS program
  • Establish and maintain IS architectures to execute the IS program
  • Develop documentation that ensures compliance with policies
  • Develop a program for information security awareness and training
  • Integrate information security requirements into organizational processes
  • Integrate information security requirements into contracts and activities of third parties
  • Develop procedures (metrics) to evaluate the effectiveness and efficiency of the IS program
  • Compile reports to key stakeholders on overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.

Domain 4: Information Security Incident Management

  • Define (types of) information security incidents
  • Establish an incident response plan
  • Develop processes for timely identification of information security incidents
  • Develop processes to investigate and document information security incidents
  • Develop incident escalation and communication processes
  • Establish teams that effectively respond to information security incidents
  • Test and review the incident response plan
  • Establish communication plans and processes
  • Determine the root cause of IS incidents
  • Align incident response plan with DRP and BCP.

Test Certification

Top

To be eligible for the CISM certification you have to meet the following requirements:

  • successfully pass the CISM-exam
  • have at least 5 years relevant experience in 2 CISM-domains

The exam consists of 150 Multiple Choice questions (UK) and the duration is 4 hours.

The exam fee is included.

Follow on Courses

Top

GK9840- CISSP Certification Preparation

CISAU - CISA, Certified Information Systems Auditor

Further Information

Top

Cookie Control toggle icon