Certified Information Security Manager

Course Overview

Our ISACA CISM course provides a common body of knowledge for information security management. This course reviews information risk management as the basis of information security, information security governance, the development and management of an information security program, and incident response.

The focus of this 5-day course is on information risk management as the basis of information security. Additionally, material on broader issues are included, such as how to govern information security and information on practical issues, including developing and managing an information security program and responding when incidents arise. This hands-on training course is designed to prepare students with the skills they need both to pass the CISM certification exam and excel within their IS careers.

The United States Department of Defense has listed CISM as an approved certification for its Information Assurance Workforce Improvement Program (8570 Directive).

Course Outline

Information Security (IS) Governance

  • Identifying assets
  • Assessing risk and vulnerabilities
  • Managing assets

Information Risk Management

  • Clarifying assets and establishing ownership
  • Structuring the information risk assessment process
  • Assessing business impacts
  • Managing change

Developing an IS Program

  • IS Strategy
  • Aligning other programs for assurance functions
  • Developing IS architectures
  • Security awareness, training, and education
  • Communication and maintaining standards, procedures, and other documents
  • Controlling change
  • Lifecycle activities and security metrics

IS Program Management

  • Fundamentals of Planning and Managing a Security Program
  • Security Baselines and Business Processes
  • Security Program Infrastructure
  • Lifecycle Policies
  • Security Impact on Users and Accountability
  • Security Metrics
  • Resource Management

Incident Management and Response

  • Fundamentals and Importance of response management
  • Business impact analysis
  • Response and recovery plan development
  • Incident response process
  • Response and recovery plan implementation
  • Documenting responses
  • Post-Event procedures

Leave a Reply