CISM: Certified Information Security Manager

Name: CISM: Certified Information Security Manager
Brand: ISACA

RM9,000.00

The Certified Information Security Manager (CISM) certification from ISACA certifies a person's knowledge of information security governance, program development and management, incident management, and risk management.

If you're a mid-career IT professional looking to advance to senior management roles in IT security and control, CISM is definitely for you.

Training Duration: 4 Days

Certificate Of Completion Available
Group Private Class
VILT Class Available
SBL-Khas Claimable

Download Course Outline

Designed for IT professionals with technical expertise and experience in IS/IT security and control looking to transition from team player to manager. the CISM credential can add credibility and confidence to interactions with internal and external stakeholders, peers, and regulators.

This certification indicates expertise in information security governance, program development and management, incident management and risk management.

Content in this course is:

Aligned with the CISM job practice.

Adapted from the CISM Review Manual 16th Edition.

Reviewed by subject matter experts that hold the CISM certification.

The course features an enhanced facilitator guide, additional participant resources, knowledge check questions from the CISM Questions, Answers and Explanations (QAE) database along with scenario-based activities and enrichment materials (articles, podcasts and whitepapers) selected from the ISACA website to provide learners with an opportunity to go deeper into specific areas related to the course content.
After completing this course, participants should be able to:

Explain the relationship between executive leadership, enterprise governance and information security governance.

Outline the components used to build an information security strategy.

Explain how the risk assessment process influences the information security strategy.

Articulate the process and requirements used to develop an effective information risk response strategy.

Describe the components of an effective information security program.

Explain the process to build and maintain an enterprise information security program.

Outline techniques used to assess the enterprise’s ability and readiness to manage an information security incident.
Module 1: Information Security Governance
Session Topics:

Enterprise Governance Overview

Organizational Culture, Structures, Roles and Responsibilities

Legal, Regulatory and Contractual Requirements

Information Security Strategy

Information Governance Frameworks and Standards

Strategic Planning

Learning Objectives:

Describe the role of governance in creating value for the enterprise.

Explain the importance of information security governance in the context of overall enterprise governance.

Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy.

Identify the relevant legal, regulatory and contractual requirements that impact the enterprise

Describe the effects of the information security strategy on enterprise risk management.

Evaluate the common frameworks and standards used to govern an information security strategy

Explain why metrics are critical in developing and evaluating the information security strategy

Resources:

Information Security Program Governance Objectives and Outcomes

Common Roles in the Enterprise

Example RACI Chart

Module 2: Information Security Risk Management
Session Topics:

Risk and Threat Landscape

Vulnerability and Control Deficiency Analysis

Risk Assessment, Evaluation and Analysis

Information Risk Response

Risk Monitoring, Reporting and Communication

Learning Objectives:

Apply risk assessment strategies to reduce the impact of information security risk.

Assess the types of threats faced by the enterprise.

Explain how security control baselines affect vulnerability and control deficiency analysis

Differentiate between application of risk treatment types from an information security perspective

Describe the influence of risk and control ownership on the information security program.

Outline the process of monitoring and reporting information security risk.

Resources:

Vulnerabilities and Threats

Operational Risk Categories

Risk Register Example

Risk Report Example

Risk Scenario Technique Main Issues

Typical Risk Management Documentation

Risk Communication Plan

Module 3: Information Security Program Development and Management
Session Topics:

IS Program Development and Resources

IS Standards and Frameworks

Defining an IS Program Road Map

IS Program Metrics

IS Program Management

IS Awareness and Training

Integrating the Security Program with IT Operations

Program Communications, Reporting and Performance Management

Learning Objectives:

Outline the components and resources used to build an information security program.

Distinguish between common IS standards and frameworks available to build an information security program.

Explain how to align IS policies, procedures and guidelines with the needs of the enterprise

Describe the process of defining an IS program road map.

Outline key IS program metrics used to track and report progress to senior management.

Explain how to manage the IS program using controls.

Create a strategy to enhance awareness and knowledge of the information security program

Describe the process of integrating the security program with IT operations and third-party providers.

Communicate key IS program information to relevant stakeholders.

Resources:

Information Security Program Governance Objectives and Outcomes

Alternate Enterprise Architecture Frameworks

Policies, Standards, Procedures and Guidelines

Security Program Components Checklist

Information Security Framework Components

Technical Control Components and Architecture

Contract Points

Information Security Liaison Responsibilities

Types of Security Issues

Measuring Information Security Program Performance

Information Security Program Management Evaluation Questions

Module 4: Information Security Incident Management
Session Topics:

Incident Management and Incident Response Overview

Incident Management and Response Plans

Incident Classification/Categorization

Incident Management Operations, Tools and Technologies

Incident Investigation, Evaluation, Containment and Communication

Incident Eradication, Recovery and Review

Business Impact and Continuity

Disaster Recovery Planning

Training, Testing and Evaluation

Learning Objectives:

Distinguish between incident management and incident response

Outline the requirements and procedures necessary to develop an incident response plan

Identify techniques used to classify or categorize incidents.

Outline the types of roles and responsibilities required for an effective incident management and response team

Distinguish between the types of incident management tools and technologies available to an enterprise.

Describe the processes and methods used to investigate, evaluate and contain an incident

Identify the types of communications and notifications used to inform key stakeholders of incidents and tests.

Outline the processes and procedures used to eradicate and recover from incidents.

Describe the requirements and benefits of documenting events.

Explain the relationship between business impact, continuity and incident response.

Describe the processes and outcomes related to disaster recovery.

Explain the impact of metrics and testing when evaluating the incident response plan.

Resources:

Incident Management Action Plan Phases

Developing an Incident Response Plan

SEU-CMU Action Plan Phases

Types of Insurance and Coverage

Types of Recovery Sites

Legal Aspects of Forensic Evidence
CSX-P: Certified Cybersecurity Practitioner

The CSX-P: Certified Cybersecurity Practitioner was named 2016 Top Professional Certification program by the SC Magazine Awards and remains the first and only comprehensive performance certification testing one’s ability to perform globally validated cybersecurity skills spanning five security functions – Identify, Protect, Detect, Respond, and Recover.

CRISC: Certified in Risk and Information Systems Control

This credential demonstrates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls. CRISC can enhance your IT team’s credibility with stakeholders and clients.

CISA: Certified Information Systems Auditor

In this course, you’ll cover all five domains of the Certified Information Systems Auditor (CISA) exam and gain the knowledge and technical concepts required to obtain CISA certification.

CGEIT: Certified in the Governance of Enterprise IT

The Certified in the Governance of Enterprise IT® (CGEIT®) program supports increasing business demands and recognizes the wide range of professionals whose knowledge and application of IT governance principles are key to managing the forces of transition.

CDPSE: Certified Data Privacy Solutions Engineer

The CDPSE: Certified Data Privacy Solutions Engineer course is an intensive, four-day examination preparation program to prepare individuals who are planning to sit for the Certified Data Privacy Solutions Engineer (CDPSE) exam.

CT-CASP: CompTIA Advanced Security Practitioner

The CompTIA Advanced Security Practitioner (CASP+) is an advanced-level cybersecurity certification for security architects and senior security engineers who are responsible for leading and improving an enterprise's cybersecurity readiness. It is the ideal certification for technical professionals who want to stay immersed in technology rather than strictly manage it.

CISM: Certified Information Security Manager

OVERVIEW

OBJECTIVES

PREREQUISITES

AUDIENCE

COURSE MODULE

Recommended Courses Upon Completion

For a private in-house, please ask us for a quotation.

Get Ahead of the Competition with a FREE 1-Day Training for Your Company with our GRC-X Premium