Certified Information Security Manager (CISM) Training & Certification
Level: Intermediate
Course #: 2036
Course info - Prices, Enrollment
Key Features of this CISM Training:
Official ISACA Curriculum
After-course instructor coaching benefit
Course tuition includes an exam voucher from ISACA
You Will Learn How To:
Prepare for and pass the Certified Information Security Manager (CISM) exam
Develop an information security strategy and plan of action to implement the strategy
Manage and monitor information security risks
Build and maintain an information security plan both internally and externally
Implement policies and procedures to respond to and recover from disruptive and destructive information security events
Goals Live, Instructor-Led – Live, Online Training
4-day instructor-led training course
One-on-one after-course instructor coaching
Exam Voucher is included in tuition
Important CISM Course Information
Requirements
IT professionals must have at least 5 years of information security experience, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.
Exam Information
ISACA offers continuous Computer-Based Testing (CBT). With ISACA CBT exams, candidates will now receive a preliminary score report at the conclusion of their exam. Official scores will be sent to candidates via email within 10 working days of their exam.
The ISACA Exam Candidate Information Guide provides valuable information regarding exam day rules and information, as well as exam dates and deadlines.
Certification Information
This is an ISACA certification prep course.
CISM Course Outline
Information Security Governance
Establish and maintain an information security strategy, and align the strategy with corporate governance
Establish and maintain an information security governance framework
Establish and maintain information security policies
Develop a business case
Identify internal and external influences to the organization
Obtain management commitment
Define roles and responsibilities
Establish, monitor, evaluate, and report metrics
Information Risk Management and Compliance
Establish a process for information asset classification and ownership
Identify legal, regulatory, organizational, and other applicable requirements
Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted periodically Determine appropriate risk treatment options
Evaluate information security controls
Identify the gap between current and desired risk levels
Integrate information risk management into business and IT processes
Monitor existing risk
Report noncompliance and other changes in information risk
Information Security Program Development and Management
Establish and maintain the information security program
Ensure alignment between the information security program and other business functions
Identify, acquire, manage, and define requirements for internal and external resources
Establish and maintain information security architectures
Establish, communicate, and maintain organizational information security standards, procedures, and guidelines
Establish and maintain a program for information security awareness and training
Integrate information security requirements into organizational processes
Integrate information security requirements into contracts and activities of third parties
Establish, monitor, and periodically report program management and operational metrics
Information Security Incident Management
Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents
Establish and maintain an incident response plan
Develop and implement processes to ensure the timely identification of information security incidents
Establish and maintain processes to investigate and document information security incidents
Establish and maintain incident escalation and notification processes
Organize, train, and equip teams to effectively respond to information security incidents
Test and review the incident response plan periodically
Establish and maintain communication plans and processes Conduct post-incident reviews
Establish and maintain integration among the incident response plan, disaster recovery plan, and business continuity plan