Certified Information Security Manager (CISM)

COURSE OVERVIEW

The distinctively management-focused CISM certification honors the person in charge of managing, designing, supervising, and evaluating an organization’s information security while also promoting global security standards. The CISM certification program has been approved by the American National Standards Institute (ANSI) in accordance with ISO/IEC 17024:2012, General Requirements for Bodies Operating Certification Systems of Persons.

TARGET AUDIENCE

Information security managers with expertise and individuals with information security management duties, such as chief information officers, aspirant information security managers, IS/IT consultants, and information security managers, are the target audience for the CISM certification.

Course Prerequisites

A minimum of three years of information security management work experience in three or more of the job practice analysis areas, along with a minimum of five years of information security work experience.

Visit http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/How-to-Become-Certified/Pages/default.aspx for further information.

Expected Accomplishments

Upon finishing this course, the student will be capable of:

To guarantee that the information security strategy is in line with the aims and objectives of the company, establish and maintain an information security governance framework and related procedures.
In order to accomplish company goals and objectives, manage information risk to a manageable degree based on risk appetite.
Create and maintain an information security program that supports an efficient security posture by identifying, managing, and safeguarding the organization’s assets in accordance with information security strategy and business objectives.
To reduce the impact on company, plan, develop, and oversee the capacity to identify, look into, address, and recover from information security incidents.

COURSE OUTLINE

Domain 1: Governance of Information Security

Describe the purpose of a good information security plan and its necessary requirements.

Develop an information security plan that is in line with the aims and objectives of the company.

Utilize business arguments to win support from stakeholders.

Determine the essential roles and duties required to carry out an action plan.

Create metrics to track and evaluate security governance performance.

Domain 2: Information Risk Management.

Describe the value of risk management as a tool for achieving organizational goals and create a security management program to help achieve these goals.

Determine a risk’s identity, rank it, and take appropriate action in accordance with company guidelines.

Evaluate the suitability and efficiency of information security measures.

Effectively report information security risks

Domain 3: Development and Management of Information Security Programs?

Sync up the needs of your information security program with those of other corporate operations?

Oversee the resources of the information security program.

Create and put into place safeguards for information security?

Include information security clauses in agreements, contracts, and third-party management procedures.

Domain 4: Incident Management for Information Security

Recognize the principles and methods of incident management

Determine the elements of an incident response plan and assess the efficacy of the plan.

Recognize the fundamental ideas behind disaster recovery planning (DRP) and business continuity planning (BCP).

Know the methods that are frequently used to evaluate an incident response team’s capabilities.