

CISM: Certified Information Security Manager
Course Information

Course Name
CISM: Certified Information Security Manager

Exam code
CISM

Duration
4 Days
Certification
Overview
Designed for IT professionals with technical expertise and experience in IS/IT security and control looking to transition from team player to manager. CISM can add credibility and confidence to interactions with internal and external stakeholders, peers and regulators.
This certification indicates expertise in information security governance, program development and management, incident management and risk management. If you are a mid-career IT professional aspiring to senior management roles in IT security and control, CISM can get you the visibility you need.
Audience Profile
- Professionals preparing to become CISM certified
- CISA or CISSP-certified individuals looking to move into information security management
- General security management professionals looking to move into information security
- Information security managers
- Mid-level career change
Prerequisites
The CISM exam is open to anyone who has an interest in information security. You can still take the CISM exam even if you haven’t met the experience requirements yet, although you’ll have to meet those before getting certified. When you take the CISM exam, we’ll send you your results, and if you passed, the details you need to apply for your CISM certification. Candidates have five years from the passing date to apply for certification.
A minimum of 5-years of professional information security management work experience within the CISM job practice areas—as described in the CISM job practice areas—is required for certification. Work experience for the CISM certification must be gained within the 10-year period preceding the application date for certification. Candidates have 5-years from the passing date to apply.
At Course Completion
- Explain the relationship between executive leadership, enterprise governance and information security governance.
- Outline the components used to build an information security strategy.
- Explain how the risk assessment process influences the information security strategy.
- Articulate the process and requirements used to develop an effective information risk response strategy.
- Describe the components of an effective information security program.
- Explain the process to build and maintain an enterprise information security program.
- Outline techniques used to assess the enterprise’s ability and readiness to manage an information security incident.
- Outline methods to measure and improve response and recovery capabilities.
Course Outline
- Describe the role of governance in creating value for the enterprise.
- Explain the importance of information security governance in the context of overall enterprise governance.
- Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy.
- Identify the relevant legal, regulatory and contractual requirements that impact the enterprise.
- Describe the effects of the information security strategy on enterprise risk management.
- Evaluate the common frameworks and standards used to govern an information security strategy.
- Explain why metrics are critical in developing and evaluating the information security strategy.
- Apply risk assessment strategies to reduce the impact of information security risk.
- Assess the types of threats faced by the enterprise.
- Explain how security control baselines affect vulnerability and control deficiency analysis.
- Differentiate between application of risk treatment types from an information security perspective.
- Describe the influence of risk and control ownership on the information security program.
- Outline the process of monitoring and reporting information security risk.
- Outline the components and resources used to build an information security program.
- Distinguish between common IS standards and frameworks available to build an information security program.
- Explain how to align IS policies, procedures and guidelines with the needs of the enterprise.
- Describe the process of defining an IS program road map.
- Outline key IS program metrics used to track and report progress to senior management.
- Explain how to manage the IS program using controls.
- Create a strategy to enhance awareness and knowledge of the information security program.
- Describe the process of integrating the security program with IT operations and third-party providers.
- Communicate key IS program information to relevant stakeholders.
- Distinguish between incident management and incident response
- Outline the requirements and procedures necessary to develop an incident response plan.
- Identify techniques used to classify or categorize incidents.
- Outline the types of roles and responsibilities required for an effective incident management and response team
- Distinguish between the types of incident management tools and technologies available to an enterprise.
- Describe the processes and methods used to investigate, evaluate and contain an incident.
- Identify the types of communications and notifications used to inform key stakeholders of incidents and tests.
- Outline the processes and procedures used to eradicate and recover from incidents.
- Describe the requirements and benefits of documenting events.
- Explain the relationship between business impact, continuity and incident response.
- Describe the processes and outcomes related to disaster recovery.
- Explain the impact of metrics and testing when evaluating the incident response plan.
Overview
Overview
Designed for IT professionals with technical expertise and experience in IS/IT security and control looking to transition from team player to manager. CISM can add credibility and confidence to interactions with internal and external stakeholders, peers and regulators.
This certification indicates expertise in information security governance, program development and management, incident management and risk management. If you are a mid-career IT professional aspiring to senior management roles in IT security and control, CISM can get you the visibility you need.
Audience Profile
Audience Profile
- Professionals preparing to become CISM certified
- CISA or CISSP-certified individuals looking to move into information security management
- General security management professionals looking to move into information security
- Information security managers
- Mid-level career change
Prerequisities
Prerequisites
The CISM exam is open to anyone who has an interest in information security. You can still take the CISM exam even if you haven’t met the experience requirements yet, although you’ll have to meet those before getting certified. When you take the CISM exam, we’ll send you your results, and if you passed, the details you need to apply for your CISM certification. Candidates have five years from the passing date to apply for certification.
A minimum of 5-years of professional information security management work experience within the CISM job practice areas—as described in the CISM job practice areas—is required for certification. Work experience for the CISM certification must be gained within the 10-year period preceding the application date for certification. Candidates have 5-years from the passing date to apply.
At Course Completion
At Course Completion
- Explain the relationship between executive leadership, enterprise governance and information security governance.
- Outline the components used to build an information security strategy.
- Explain how the risk assessment process influences the information security strategy.
- Articulate the process and requirements used to develop an effective information risk response strategy.
- Describe the components of an effective information security program.
- Explain the process to build and maintain an enterprise information security program.
- Outline techniques used to assess the enterprise’s ability and readiness to manage an information security incident.
- Outline methods to measure and improve response and recovery capabilities.
Course Outline
Course Outline
- Describe the role of governance in creating value for the enterprise.
- Explain the importance of information security governance in the context of overall enterprise governance.
- Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy.
- Identify the relevant legal, regulatory and contractual requirements that impact the enterprise.
- Describe the effects of the information security strategy on enterprise risk management.
- Evaluate the common frameworks and standards used to govern an information security strategy.
- Explain why metrics are critical in developing and evaluating the information security strategy.
- Apply risk assessment strategies to reduce the impact of information security risk.
- Assess the types of threats faced by the enterprise.
- Explain how security control baselines affect vulnerability and control deficiency analysis.
- Differentiate between application of risk treatment types from an information security perspective.
- Describe the influence of risk and control ownership on the information security program.
- Outline the process of monitoring and reporting information security risk.
- Outline the components and resources used to build an information security program.
- Distinguish between common IS standards and frameworks available to build an information security program.
- Explain how to align IS policies, procedures and guidelines with the needs of the enterprise.
- Describe the process of defining an IS program road map.
- Outline key IS program metrics used to track and report progress to senior management.
- Explain how to manage the IS program using controls.
- Create a strategy to enhance awareness and knowledge of the information security program.
- Describe the process of integrating the security program with IT operations and third-party providers.
- Communicate key IS program information to relevant stakeholders.
- Distinguish between incident management and incident response
- Outline the requirements and procedures necessary to develop an incident response plan.
- Identify techniques used to classify or categorize incidents.
- Outline the types of roles and responsibilities required for an effective incident management and response team
- Distinguish between the types of incident management tools and technologies available to an enterprise.
- Describe the processes and methods used to investigate, evaluate and contain an incident.
- Identify the types of communications and notifications used to inform key stakeholders of incidents and tests.
- Outline the processes and procedures used to eradicate and recover from incidents.
- Describe the requirements and benefits of documenting events.
- Explain the relationship between business impact, continuity and incident response.
- Describe the processes and outcomes related to disaster recovery.
- Explain the impact of metrics and testing when evaluating the incident response plan.
