Certified Information Security Manager (CISM) Course Description

The Certified Information Security Manager (CISM) certification is a globally recognized standard for individuals involved in information security management. This course provides a comprehensive review of the four CISM domains, equipping participants with the knowledge and skills needed to develop and manage an enterprise information security program. This rigorous program delves deep into the core competencies required for information security leadership, strategy, and governance.

Course Objectives

Upon completion of this course, participants will be able to:

• Understand and apply the principles of information security governance.
• Develop and manage an information risk management program.
• Develop and manage an information security program.
• Understand and manage incident response.

Target Audience

This course is designed for individuals who are responsible for managing, designing, overseeing, and/or assessing an enterprise's information security program. This includes, but is not limited to:

• Information Security Managers
• IT Managers
• Security Consultants
• Chief Information Security Officers (CISOs)
• Security Auditors
• Any professional seeking to advance their knowledge and skills in information security management.

Course Outline

Domain 1: Information Security Governance

This domain focuses on establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business goals and objectives.

• Establish and maintain information security governance framework
• Information security strategic alignment with business goals and objectives
• Organizational structure, roles, and responsibilities
• Information security policies, standards, and procedures
• Resource management
• Performance monitoring and reporting
• Compliance and legal requirements
• Ethical conduct

Domain 2: Information Risk Management

This domain covers the identification, assessment, evaluation, and response to information risks in a way that supports the organization's business objectives.

• Establish and maintain information risk management program
• Information risk identification
• Information risk assessment
• Risk response
• Risk monitoring and reporting
• Risk acceptance criteria
• Risk communication
• Risk appetite and tolerance

Domain 3: Information Security Program Development and Management

This domain deals with establishing and maintaining an information security program that identifies, manages, and protects the organization's assets while aligning with business goals.

• Establish and maintain information security program
• Information security architecture
• Security awareness and training
• Data security
• Asset management
• Access control
• Physical security
• Change management
• Configuration management
• Business continuity planning
• Disaster recovery planning

Domain 4: Incident Management and Response

This domain focuses on planning, establishing, and managing the organization's capability to detect, analyze, contain, eradicate, and recover from information security incidents.

• Establish and maintain incident management program
• Incident identification and detection
• Incident analysis
• Incident containment
• Incident eradication
• Incident recovery
• Post-incident activity
• Communication during incidents
• Incident reporting
• Incident response team
• Forensics

Benefits of CISM Certification

• Enhanced Career Prospects: The CISM certification is highly valued by employers and can significantly enhance career opportunities in the field of information security management.
• Increased Earning Potential: CISM-certified professionals often command higher salaries compared to their non-certified counterparts.
• Credibility and Recognition: The CISM certification demonstrates a high level of knowledge and competence in information security management, enhancing credibility among peers and employers.
• Improved Skills and Knowledge: The CISM certification process requires a thorough understanding of information security management principles and best practices, leading to improved skills and knowledge.
• Global Recognition: The CISM certification is recognized worldwide, making it a valuable asset for professionals seeking international career opportunities.
• Demonstrated Commitment: Achieving CISM certification demonstrates a commitment to the information security profession and a dedication to staying current with industry trends and best practices.
• Enhanced Leadership Abilities: The CISM curriculum equips professionals with the skills and knowledge needed to effectively lead and manage information security programs within their organizations.
• Improved Organizational Security: By implementing the principles and practices learned in the CISM certification process, organizations can significantly improve their overall security posture.
• Alignment with Business Goals: The CISM certification emphasizes the importance of aligning information security strategies with business goals, ensuring that security efforts are focused on supporting organizational objectives.
• Professional Network: Joining the CISM community provides access to a valuable network of professionals in the field of information security management.

Additional Information

This course is designed to provide participants with a strong foundation in information security management principles and practices. It covers the four domains of the CISM certification in detail, providing participants with the knowledge and skills needed to succeed in the exam and in their careers. The course emphasizes practical application of concepts, with real-world examples and case studies. Participants will have opportunities to apply their knowledge through interactive exercises and discussions.

The CISM certification demonstrates mastery of information security management practices and the ability to design, build and manage an enterprise security program. CISM holders help organizations protect critical information assets by implementing robust security policies, procedures and controls.