Certified Information
Security Manager (CISM)
Overview
Course Objective
In-depth coverage of the four domains required to pass the CISM exam:
• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management
Who Should Attend
Prerequisites
Training Calendar
Intake
Duration
Program Fees
Module
Module 1 - Information Security Governance
• Develop an information security strategy, aligned with business
goals and directives.
• Establish and maintain an information security governance
framework.
• Integrate information security governance into corporate
governance.
• Develop and maintain information security policies.
• Develop business cases to support investments in information
security.
• Identify internal and external influences to the organization.
• Gain ongoing commitment from senior leadership and other
stakeholders.
• Define, communicate and monitor information security
responsibilities
• Establish internal and external reporting and communication
channels.
Module 2 - Information Risk Management
• Establish and/or maintain a process for information asset
classification to ensure that measures taken to protect assets are
proportional to their business value.
• Identify legal, regulatory, organizational and other applicable
requirements to manage the risk of noncompliance to acceptable
levels.
• Ensure that risk assessments, vulnerability assessments and
threat analyses are conducted consistently, and at appropriate
times, to identify and assess risk to the organization’s
information.
• Identify,
recommend or implement appropriate risk
treatment/response options to manage risk to acceptable levels
based on organizational risk appetite.
• Determine whether information security controls are appropriate
and effectively manage risk to an acceptable level.
• Facilitate the integration of information risk management into
business and IT processes to enable a consistent and
comprehensive information risk management program across the
organization.
• Monitor for internal and external factors (e.g., threat landscape,
cybersecurity, geopolitical, regulatory change) that may require
reassessment of risk to ensure that changes to existing or new
risk scenarios are identified and managed appropriately.
• Report noncompliance and other changes in information risk to
facilitate the risk management decision-making process.
• Ensure that information security risk is reported to senior
management to support an understanding of potential impact on
the organizational goals and objectives
Module 3 - Information Security Program Development & Management
• Develop a security program, aligned with information security
strategy
• Ensure alignment between the information security program and
other business functions
• Establish and maintain requirements for all resources to execute
the IS program
• Establish and maintain IS architectures to execute the IS program
• Develop documentation that ensures compliance with policies
• Develop a program for information security awareness and
training
• Integrate information security requirements into organizational
processes
• Integrate information security requirements into contracts and
activities of third parties
• Develop procedures (metrics) to evaluate the effectiveness and
efficiency of the IS program
• Compile reports to key stakeholders on overall effectiveness of
the IS program and the underlying business processes in order to
communicate security performance
Module 4 - Information Security Incident Management
• Define (types of) information security incidents
• stablish an incident response plan
• Develop processes for timely identification of information security
incidents
• Develop processes to investigate and document information
security incidents
• Develop incident escalation and communication processes
• Establish teams that effectively respond to information security
incidents
• Test and review the incident response plan
• Establish communication plans and processes
• Determine the root cause of IS incidents
• Align incident response plan with DRP and BCP
FAQs
General Questions:
Q: What is the Certified Information Security Manager (CISM) course about?
A: The CISM course, developed by ISACA, is designed for experienced information security professionals who manage, design, and assess enterprise information security programs. The course focuses on aligning information security with broader business goals. It prepares participants for the CISM certification exam, covering governance, risk management, program development, and incident response in-depth.
Q: Who should attend this course?
A: This course is intended for professionals with responsibilities in information security management, such as information security managers, IT consultants, IT auditors, network administrators, security engineers, security policy writers, privacy officers, information security officers, and security device administrators.
Q: What are the prerequisites for this course?
A: Candidates should have five years of verified work experience in information security, including at least three years in information security management across at least three of the four CISM domains. This experience must be obtained within 10 years prior to application or within five years after passing the exam.
Q: How long is the course?
A: The course runs for 4 days.
Q: What key topics are covered in this course?
A: The course offers in-depth training across the four CISM domains: Information Security Governance, covering strategy development, policy creation, stakeholder engagement, and governance integration; Information Risk Management and Compliance, focusing on risk identification, assessment, treatment, and integration into business processes; Information Security Program Development and Management, which involves building and managing a security program aligned with business goals, including architecture, documentation, training, and performance metrics; and Information Security Incident Management, which covers incident identification, response planning, root cause analysis, communication, and alignment with disaster recovery and business continuity plans.
Q: Will I receive a certification after completing the course?
A: Upon successful completion of the course and passing the official CISM exam, participants will earn the internationally recognized Certified Information Security Manager (CISM) certification, accredited by ANSI under ISO/IEC 17024:2003.
Program Content & Skills:
Q: What foundational information security concepts will I learn in this course?
A: You will learn how to develop an information security strategy aligned with business goals, establish a governance framework, create and maintain policies, and integrate security governance into corporate processes.
Q: How does the course prepare me to manage information security risks?
A: The course covers asset classification, legal and regulatory compliance, consistent risk and vulnerability assessments, and how to select and implement risk treatment strategies based on organizational risk appetite.
Q: What security program management skills will I develop?
A: You’ll gain skills in building a security program aligned with business functions, developing documentation and awareness training, integrating security into business operations and third-party activities, and measuring program effectiveness.
Q: Will I learn how to respond to security incidents?
A: Yes, you’ll learn how to define and identify security incidents, develop an incident response plan, set up escalation and communication processes, perform root cause analysis, and align incident response with disaster recovery and business continuity.
Q: How does the course address compliance and stakeholder communication?
A: It emphasizes monitoring for regulatory changes, reporting noncompliance and risks to senior management, ensuring integration of compliance requirements, and maintaining communication channels to support governance and decision-making.
Submit your interest today !
