CISM - Certified Information Security Manager

Certified Information Security Manager (CISM®) Certification


Course Specifications

Course length: 5.0 day(s)

Course Description

Course Objective: You will establish processes to ensure that information security measures align with established business needs.

Target Student: The intended audience for this course is information security and IT professionals, such as network administrators and engineers, IT managers, and IT auditors, and other individuals who want to learn more about information security, who are interested in learning in-depth information about information security management, who are looking for career advancement in IT security, or who are interested in earning the CISM certification.

Prerequisites: To ensure your success, we recommend that students taking this course should have professional experience in information security in at least one of the following areas:

  • Information security governance
  • Information risk management
  • Information security program development
  • Information security program management
  • Incident management and response

Course Objectives

Upon successful completion of this course, students will be able to:

  • establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
  • identify and manage information security risks to achieve business objectives.
  • create a program to implement the information security strategy.
  • implement an information security program.
  • oversee and direct information security activities to execute the information security program.
  • plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents.

Course Content

Lesson 1: Information Security Governance

Topic 1A: Develop an Information Security Strategy

Topic 1B: Align Information Security Strategy with Corporate Governance

Topic 1C: Identify Legal and Regulatory Requirements

Topic 1D: Justify Investment in Information Security

Topic 1E: Identify Drivers Affecting the Organization

Topic 1F: Obtain Senior Management Commitment to Information Security

Topic 1G: Define Roles and Responsibilities for Information Security

Topic 1H: Establish Reporting and Communication Channels

 Lesson 2: Information Risk Management

Topic 2A: Implement an Information Risk Assessment Process

Topic 2B: Determine Information Asset Classification and Ownership

Topic 2C: Conduct Ongoing Threat and Vulnerability Evaluations

Topic 2D: Conduct Periodic BIAs

Topic 2E: Identify and Evaluate Risk Mitigation Strategies

Topic 2F: Integrate Risk Management into Business Life Cycle Processes

Topic 2G: Report Changes in Information Risk

 Lesson 3: Information Security Program Development

Topic 3A: Develop Plans to Implement an Information Security Strategy

Topic 3B: Security Technologies and Controls

Topic 3C: Specify Information Security Program Activities

Topic 3D: Coordinate Information Security Programs with Business Assurance Functions

Topic 3E: Identify Resources Needed for Information Security Program Implementation

Topic 3F: Develop Information Security Architectures

Topic 3G: Develop Information Security Policies

Topic 3H: Develop Information Security Awareness, Training, and Education Programs

Topic 3I: Develop Supporting Documentation for Information Security Policies

 Lesson 4: Information Security Program Implementation

Topic 4A: Integrate Information Security Requirements into Organizational Processes

Topic 4B: Integrate Information Security Controls into Contracts

Topic 4C: Create Information Security Program Evaluation Metrics

 Lesson 5: Information Security Program Management

Topic 5A: Manage Information Security Program Resources

Topic 5B: Enforce Policy and Standards Compliance

Topic 5C: Enforce Contractual Information Security Controls

Topic 5D: Enforce Information Security During Systems Development

Topic 5E: Maintain Information Security Within an Organization

Topic 5F: Provide Information Security Advice and Guidance

Topic 5G: Provide Information Security Awareness and Training

Topic 5H: Analyze the Effectiveness of Information Security Controls

Topic 5I: Resolve Noncompliance Issues

 Lesson 6: Incident Management and Response

Topic 6A: Develop an Information Security Incident Response Plan

Topic 6B: Establish an Escalation Process

Topic 6C: Develop a Communication Process

Topic 6D: Integrate an IRP

Topic 6E: Develop IRTs

Topic 6F: Test an IRP

Topic 6G: Manage Responses to Information Security Incidents

Topic 6H: Perform an Information Security Incident Investigation

Topic 6I: Conduct Post-Incident Reviews

 Appendix A: ISACA® CISM® Certification Process


Contact Information

3295 River Exchange Drive
Suite 212
Sandy Springs, Georgia 30092


(678) 752-7542 x104


This email address is being protected from spambots. You need JavaScript enabled to view it.

Stay Connected

Be sure to stay connected for the latest news and updates :)

 Facebook Twitter Google+ RSS Dribbble


Join Our Email List