Certified Information Security Manager (CISM)

Register Now

The Certified Information Security Manager (CISM) training aims to equip professionals with the knowledge and skills to manage, design, and assess enterprise information security programs. The main objectives include understanding information security governance, risk management, incident response, and business continuity. Additionally, participants learn how to align security strategies with business objectives, ensure compliance with regulatory requirements, evaluate and enhance security policies, and develop effective incident management plans. Ultimately, CISM training prepares professionals to become industry
recognized leaders in managing and protecting an organization’s critical information assets.

After completing Certified Information Security Manager (CISM) certification training, an individual can earn the following skills:

• Information security governance: Understand and establish a strong security governance framework, aligning it with business objectives and ensuring compliance with legal and regulatory requirements.
• Information risk management: Identify, assess, and manage information security risks in a systematic manner, prioritizing and mitigating them according to the business context.  Information security program development and management: Design, develop, and manage a comprehensive and agile information security program that supports the organization’s goals and objectives.
• Incident management and response: Develop and maintain an effective incident management strategy, including the capability to detect, respond to, and recover from security incidents in a timely manner.
• Policy development and management: Establish, communicate, and maintain the organization’s information security policies, procedures, guidelines, and standards.
• Security awareness and training: Develop and implement a security awareness and training program to ensure that employees, contractors, and other relevant parties understand their information security responsibilities.
• Business continuity and disaster recovery planning: Develop, implement, and maintain a business continuity and disaster recovery plan to ensure the organization’s resilience in case of a security incident, natural disaster, or other disruption.
• Third-party security management: Evaluate and manage the information security risks associated with third-party relationships, such as vendors, partners, and service providers.
• Security architecture and technology: Understand and apply principles of secure system design, data protection, and technology controls to protect the organization’s critical assets.
• Compliance and audit management: Ensure ongoing compliance with applicable laws, regulations, and industry standards, as well as internal policies and procedures, through regular audits and assessments.

By earning these skills, an individual becomes capable of effectively managing an organization’s information security program, thereby contributing to its overall success and resilience.

How to become Certified?

Taking and passing the CISM certification exam is just the first step in becoming certified. To become CISM certified, an individual must first meet the following requirements:

• Pass the certification exam.
• Pay the application processing fee.
• Submit application to demonstrate experience requirements.
• Adhere to the Code of Professional Ethics.
• Adhere to the Continuing Professional Education Policy.
• Candidates have 5 years from passing the exam to apply for CISM certification.

Module 1: Introduction

• Welcome to Certified Information Security Manager Course.
• Certification Overview.
• Skills Covered.

Module 2: Information Security Governance: Enterprise Governance

• Organizational Culture.
• Governance vs. Management.
• Legal Regulatory and Contractual Requirements.
• Data Security Frameworks.
• Data States.
• Organizational Structures Roles and Responsibilities.

Module 3: Information Security Governance: Information Security Strategy

• Information Security Strategy Development.
• Information Governance Frameworks and Standards.
• Strategic Planning.
• SWOT Analysis .
• Opex and Capex.
• KGI’s KPI’s and KRI’s.
• CIA Triad.
• Designing security into software.
• US Data Privacy Laws.
• GDPR.

Module 4: Information Security Risk Management Information Security: Risk Assessment

• Emerging Risk and Threat Landscape.
• Risk Identification.
• Risk Management.
• Vulnerability and Control Deficiency Analysis.
• Risk Assessment and Analysis.
• COBIT.
• Attackers and Phishing.
• ISO 27001.

Module 5: Information Security Risk Management Information Security: Risk Response

• Risk Treatment and Response.
• Risk and Control Ownership.
• Risk Monitoring and Reporting.

Module 6: Strategy Analysis

• Information Security Program Resources.
• Information Asset Identification and Classification.
• Information Security Policies Procedures and Guidelines.
• Information Security Program Metrics.

Module 7: Information Security Program Information Security: Program Management

• Information Security Control Design and Selection.
• Information Security Control Implementation and Integrations.
• Information Security Control Testing and Evaluation.
• Information Security Awareness and Training.
• Management of External Services.
• Information Security Program Communications and Reporting.
• Introduction to Access Control.
• Authentication and Authorization.
• Introduction to Cryptography.
• Overview of Encryption.
• Hashing.
• Social Engineering Attacks.

Module 8: Incident Management: Incident Management Readiness

• Incident Management Plan.
• Business Impact Analysis (BIA).
• Business Continuity Plan (BCP).
• Disaster Recovery Plan (DRP).
• Incident Classification and Categorization.
• Incident Management Training and Testing.

Module 9: Incident Management: Incident Management Operations

• Incident Management Tools and Techniques.
• Incident Containment Methods.
• Incident Response Communications.
• Incident Eradication and Recovery.
• Post incident Review Practices.