Certified Information Security Manager (CISM)
Description
Course Overview
Designed for IT professionals with technical >Information risk management
- Information security program development
- Information security program management
- Incident management and response
- expertise and experience in IS/IT security and control looking to transition from team player to manager. CISM can add credibility and confidence to interactions with internal and external stakeholders, peers and regulators.
This certification indicates expertise in information security governance, program development and management, incident management and risk management. If you are a mid-career IT professional aspiring to senior management roles in IT security and control, CISM can get you the visibility you need.
Who Should Attend?
The intended audience for this course is information security and IT professionals, such as network administrators and engineers, IT managers, and IT auditors, and other individuals who want to learn more about information security, who are interested in learning in-depth information about information security management, who are looking for career advancement in IT security, or who are interested in earning the CISM certification.Course Prerequisites
CISM is intended for information security professionals with at least five years of relevant work experience and at least three years in the role of information security manager.
Agenda
Domain 1: Information Security Governance
- Enterprise Governance Overview
- Organizational Culture, Structures, Roles and Responsibilities
- Legal, Regulatory and Contractual Requirements
- Information Security Strategy
- Information Governance Frameworks and Standards
- Strategic Planning
Domain 2: Information Security Risk Management
- Risk and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Assessment, Evaluation and Analysis
- Information Risk Response
- Risk Monitoring, Reporting and Communication
Domain 3: Information Security Program
- IS Program Development and Resources
- IS Standards and Frameworks
- Defining an IS Program Road Map
- IS Program Metrics
- IS Program Management
- IS Awareness and Training
- Integrating the Security Program with IT Operations
- Program Communications, Reporting and Performance Management
Domain 4: Incident Management
- Incident Management and Incident Response Overview
- Incident Management and Response Plans
- Incident Classification/Categorization
- Incident Management Operations, Tools and Technologies
- Incident Investigation, Evaluation, Containment and Communication
- Incident Eradication, Recovery and Review
- Business Impact and Continuity
- Disaster Recovery Planning
- Training, Testing and Evaluation