Certified Information Security Manager (CISM)

 This course is aimed at Security professionals with 3-5 years of front-line experience; Information security managers or those with management responsibilities; Information security staff, information security assurance providers who require an in-depth understanding of information security management including: CISO's, CIO's, CSO's, privacy officers, risk managers, security auditors and compliance personnel, BCP / DR personnel, executive and operational managers responsible for assurance functions.

 After you complete this course you will be able to:

• Use the knowledge gained in a practical manner beneficial to your organization
• Establish and maintain information security architectures (people, your organisation process, technology)
• Establish and maintain an Information security governance and framework to achieve your organizations goals and objectives
• Integrate information security requirements into contracts and framework to achieve your organization goals and objectives activities of third parties/ suppliers
• Manage Information risk to an acceptable level to meet the business and compliance requirements
• Plan, establish and manage the capability to detect, investigate, business and compliance requirements respond to and recover from information security incidents to minimize business impact

 

Module 1 Information Security Governance 17%

A Enterprise Governance

1A1 Organizational Culture

1A2 Legal, Regulatory, and Contractual Requirements

1A3 Organizational Structures, Roles, and Responsibilities

B Information Security Strategy

1B1 Information Security Strategy Development

1B2 Information Governance Frameworks and Standards

1B3 Strategic Planning (e.g., budgets, resources, business case).

Module 2 Information Security Risk Management 20%

A Information Security Risk Assessment

2A1 Emerging Risk and Threat Landscape

2A2 Vulnerability and Control Deficiency Analysis

2A3 Risk Assessment and Analysis

B Information Security Risk Response

2B1 Risk Treatment / Risk Response Options

2B2 Risk and Control Ownership

2B3 Risk Monitoring and Reporting

Module 3 Information Security Program 33%

A Information Security Program Development

3A1 Information Security Program Resources (e.g., people, tools, technologies)

3A2 Information Asset Identification and Classification

3A3 Industry Standards and Frameworks for Information Security

3A4 Information Security Policies, Procedures, and Guidelines

3A5 Information Security Program Metrics

B Information Security Program Management

3B1 Information Security Control Design and Selection

3B2 Information Security Control Implementation and Integrations

3B3 Information Security Control Testing and Evaluation

3B4 Information Security Awareness and Training/td>

3B5 Management of External Services (e.g., providers, suppliers, third parties, fourth parties)

3B6 Information Security Program Communications and Reporting

Module 4 Incident Management 30%

A Incident Management Readiness

4A1 Incident Response Plan

4A2 Business Impact Analysis (BIA)

4A3 Business Continuity Plan (BCP)

4A4 Disaster Recovery Plan (DRP)

4A5 Incident Classification/Categorization

4A6 Incident Management Training, Testing, and Evaluation

B Incident Management Operations

4B1 Incident Management Tools and Techniques

4B2 Incident Investigation and Evaluation

4B3 Incident Containment Methods

4B4 Incident Response Communications (e.g., reporting, notification, escalation)

4B5 Incident Eradication and Recovery

4B6 Post-incident Review Practices

•  There is no set pre requisite for this course.
• ISACA do require a minimum of five years' professional information security work experience to qualify for full certification.
• You can take the for CISM exam prior to meeting ISACA’s experience requirements, but the CISM qualification is awarded after you meet the experience requirements.
• However, there is no restriction in getting yourself certified in early stages of your career and start practicing globally accepted Information Security Management practices.