The course will have hands -on activities for each module to understand practical nuances, quizzes and case studies.

• HR professionals and trainers.
• Managers.
• Content developers.
• Team leaders and supervisors.
• Business leaders.

DAY 4

• Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

1. Design and validate assessment and test strategies
2. Conduct security control testing
3. Collect security process data (e.g, management and operational controls)
4. Analyse and report test outputs (e.g. automated, manual)
5. Conduct or facilitate internal and third party audits

• Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)

1. Understand and support investigations
2. Understand requirements for investigation types
3. Conduct logging and monitoring activities
4. Secure the provisioning of resources
5. Understand and apply foundational security operations concepts
6. Employ resource protection techniques
7. Conduct incident management
8. Operate and maintain preventative measures
9. Implement and support patch and vulnerability management
10. Participate in and understand change management process (e.g., versioning, baselining, security impact analysis)
11. Implement recovery strategies
12. Implement disaster recovery processes
13. Test disaster recovery plans
14. Participate in business continuity planning and exercises
15. Implement and manage physical security
16. Participate in addressing personal safety concerns(e.g. Duress, travel, monitoring)

DAY 5

• Software Development Security (Understanding, Applying, and Enforcing Software Security) 

1. Understand and apply security in the software development lifecycle
2. Enforce security controls in development environments
3. Assess the effectiveness of software security
4. Assess security impact of acquired software

• MOCK TEST

Day 1

Day 2

Day 3

Day 4

Day 5

The Certified Information Security Manager (CISM) training aims to equip professionals with the knowledge and skills to manage, design, and assess enterprise information security programs. The main objectives include understanding information security governance, risk management, incident response, and business continuity. Additionally, participants learn how to align security strategies with business objectives, ensure compliance with regulatory requirements, evaluate and enhance security policies, and develop effective incident management plans. Ultimately, CISM training prepares professionals to become industry
recognized leaders in managing and protecting an organization’s critical information assets.

After completing Certified Information Security Manager (CISM) certification training, an individual can earn the following skills:

• Information security governance: Understand and establish a strong security governance framework, aligning it with business objectives and ensuring compliance with legal and regulatory requirements.
• Information risk management: Identify, assess, and manage information security risks in a systematic manner, prioritizing and mitigating them according to the business context.  Information security program development and management: Design, develop, and manage a comprehensive and agile information security program that supports the organization’s goals and objectives.
• Incident management and response: Develop and maintain an effective incident management strategy, including the capability to detect, respond to, and recover from security incidents in a timely manner.
• Policy development and management: Establish, communicate, and maintain the organization’s information security policies, procedures, guidelines, and standards.
• Security awareness and training: Develop and implement a security awareness and training program to ensure that employees, contractors, and other relevant parties understand their information security responsibilities.
• Business continuity and disaster recovery planning: Develop, implement, and maintain a business continuity and disaster recovery plan to ensure the organization’s resilience in case of a security incident, natural disaster, or other disruption.
• Third-party security management: Evaluate and manage the information security risks associated with third-party relationships, such as vendors, partners, and service providers.
• Security architecture and technology: Understand and apply principles of secure system design, data protection, and technology controls to protect the organization’s critical assets.
• Compliance and audit management: Ensure ongoing compliance with applicable laws, regulations, and industry standards, as well as internal policies and procedures, through regular audits and assessments.

By earning these skills, an individual becomes capable of effectively managing an organization’s information security program, thereby contributing to its overall success and resilience.

How to become Certified?

Taking and passing the CISM certification exam is just the first step in becoming certified. To become CISM certified, an individual must first meet the following requirements:

• Pass the certification exam.
• Pay the application processing fee.
• Submit application to demonstrate experience requirements.
• Adhere to the Code of Professional Ethics.
• Adhere to the Continuing Professional Education Policy.
• Candidates have 5 years from passing the exam to apply for CISM certification.

Module 1: Introduction

• Welcome to Certified Information Security Manager Course.
• Certification Overview.
• Skills Covered.

Module 2: Information Security Governance: Enterprise Governance

• Organizational Culture.
• Governance vs. Management.
• Legal Regulatory and Contractual Requirements.
• Data Security Frameworks.
• Data States.
• Organizational Structures Roles and Responsibilities.

Module 3: Information Security Governance: Information Security Strategy

• Information Security Strategy Development.
• Information Governance Frameworks and Standards.
• Strategic Planning.
• SWOT Analysis .
• Opex and Capex.
• KGI’s KPI’s and KRI’s.
• CIA Triad.
• Designing security into software.
• US Data Privacy Laws.
• GDPR.

Module 4: Information Security Risk Management Information Security: Risk Assessment

• Emerging Risk and Threat Landscape.
• Risk Identification.
• Risk Management.
• Vulnerability and Control Deficiency Analysis.
• Risk Assessment and Analysis.
• COBIT.
• Attackers and Phishing.
• ISO 27001.

Module 5: Information Security Risk Management Information Security: Risk Response

• Risk Treatment and Response.
• Risk and Control Ownership.
• Risk Monitoring and Reporting.

Module 6: Strategy Analysis

• Information Security Program Resources.
• Information Asset Identification and Classification.
• Information Security Policies Procedures and Guidelines.
• Information Security Program Metrics.

Module 7: Information Security Program Information Security: Program Management

• Information Security Control Design and Selection.
• Information Security Control Implementation and Integrations.
• Information Security Control Testing and Evaluation.
• Information Security Awareness and Training.
• Management of External Services.
• Information Security Program Communications and Reporting.
• Introduction to Access Control.
• Authentication and Authorization.
• Introduction to Cryptography.
• Overview of Encryption.
• Hashing.
• Social Engineering Attacks.

Module 8: Incident Management: Incident Management Readiness

• Incident Management Plan.
• Business Impact Analysis (BIA).
• Business Continuity Plan (BCP).
• Disaster Recovery Plan (DRP).
• Incident Classification and Categorization.
• Incident Management Training and Testing.

Module 9: Incident Management: Incident Management Operations

• Incident Management Tools and Techniques.
• Incident Containment Methods.
• Incident Response Communications.
• Incident Eradication and Recovery.
• Post incident Review Practices.

Architectural Concepts & Design Requirements – Cloud computing concepts & definitions based on the ISO/IEC 17788 standard; security concepts and principles relevant to secure cloud computing.

• Understand Cloud Computing Concepts.
• Describe Cloud Reference Architecture.
• Understand Security Concepts Relevant to Cloud Computing.
• Understand Design Principles of Secure Cloud Computing.
• Identify Trusted Cloud Services.

Cloud Data Security – Concepts, principles, structures, and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability in cloud environments.

• Understand Cloud Data Lifecycle.
• Design and Implement Cloud Data Storage Architectures.
• Design and Apply Data Security Strategies.
• Understand and Implement Data Discovery and Classification Technologies.
• Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII).
• Design and Implement Data Rights Management.
• Plan and Implement Data Retention, Deletion, and Archiving Policies.
• Design and Implement Auditability, Traceability and Accountability of Data Events.

Cloud Platform & Infrastructure Security – Knowledge of the cloud infrastructure components, both the physical and virtual, existing threats, and mitigating and developing plans to deal with those threats.

• Comprehend Cloud Infrastructure Components.
• Analyze Risks Associated to Cloud Infrastructure.
• Design and Plan Security Controls.
• Plan Disaster Recovery and Business Continuity Management.

Cloud Application Security – Processes involved with cloud software assurance and validation; and the use of verified secure software.

• Recognize the need for Training and Awareness in Application Security.
• Understand Cloud Software Assurance and Validation.
• Use Verified Secure Software.
• Comprehend the Software Development Life-Cycle (SDLC) Process.
• Apply the Secure Software Development Life-Cycle.
• Comprehend the Specifics of Cloud Application Architecture.
• Design Appropriate Identity and Access Management (IAM) Solutions.

Operations – Identifying critical information and the execution of selected measures that eliminate or reduce adversary exploitation of it; requirements of cloud architecture to running and managing that infrastructure; definition of controls over hardware, media, and the operators with access privileges as well as the auditing and monitoring are the mechanisms, tools and facilities.

• Support the Planning Process for the Data Center Design.
• Implement and Build Physical Infrastructure for Cloud Environment.
• Run Physical Infrastructure for Cloud Environment.
• Manage Physical Infrastructure for Cloud Environment.
• Build Logical Infrastructure for Cloud Environment.
• Run Logical Infrastructure for Cloud Environment.
• Manage Logical Infrastructure for Cloud Environment.
• Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1).
• Conduct Risk Assessment to Logical and Physical Infrastructure.
• Understand the Collection, Acquisition and Preservation of Digital Evidence.
• Manage Communication with Relevant Parties.

Legal & Compliance – Addresses ethical behavior and compliance with regulatory frameworks. Includes investigative measures and techniques, gathering evidence (e.g., Legal Controls, eDiscovery, and Forensics); privacy issues and audit process and methodologies; implications of cloud environments in relation to enterprise risk management.

• Understand Legal Requirements and Unique Risks within the Cloud Environment.
• Understand Privacy Issues, Including Jurisdictional Variation.
• Understand Audit Process, Methodologies, and Required Adaption’s for a Cloud Environment.
• Understand Implications of Cloud to Enterprise Risk Management.
• Understand Outsourcing and Cloud Contract Design.
• Execute Vendor Management.