Course Description

Course Overview

The CISM certification is highly regarded in the industry and is widely recognized as a mark of excellence in information security management. It demonstrates an individual’s commitment to maintaining a high standard of professionalism and expertise in the field. Upon successful completion of the course and passing the CISM certification exam, participants will join a global community of professionals who are recognized as experts in information security management.

The ISACA Certified Information Security Manager (CISM) certification course is designed to provide participants with a comprehensive understanding of information security management principles and practices. It is an internationally recognized certification that validates the expertise and knowledge required to develop and manage an enterprise’s information security program. Throughout the course, participants will delve into the core domains of information security management, including information security governance, risk management, incident management, and program development and management. They will learn how to align information security initiatives with business goals, effectively manage risks, respond to and recover from security incidents, and establish and maintain an information security program that meets organizational objectives.

Prerequisites

To pursue the ISACA Certified Information Security Manager (CISM) certification, candidates are required to meet specific prerequisites. These include a minimum of five years of work experience in information security management, with at least three years of experience in three or more of the CISM job practice domains. Alternatively, candidates can substitute a maximum of three years of work experience with specific educational or professional certifications.

Methodology

The CISM certification course follows a comprehensive and structured approach to cover the key domains of information security management. The methodology involves a combination of theoretical instruction, practical case studies, interactive discussions, and real-world examples. Experienced instructors guide participants through the course material, helping them understand and apply the concepts to real-world scenarios. Participants will also have access to study materials, practice exams, and online resources to support their learning journey.

Course Outline 

Introduction to Information Security Management

Understanding Information Security Management

Principles of Information Security Management

The role of security in business and IT

Information Risk Management and Compliance

Elements of Risk Management

The risk management process

Security regulations and laws

Compliance frameworks

Information Security Governance

Governance models and frameworks

Developing information security policies

Establishing information security management systems

The role of the CISM in governance

Information Security Program Development and Management

The CISM role in security program management and development

Strategies for developing and implementing information security programs

Evaluating and managing information security risks and threats

Information security program metrics and reporting practices

Information Security Incident Management

Importance of incident management

Incident management frameworks and standards

Developing an incident response plan

Incident management procedures and practices

Information Security Management Metrics and Reporting

Management information security metrics and outcomes

Measuring and reporting security program performance

Creating effective security reports

Presenting security metrics and outcomes to stakeholders

Outcome

Upon completing the CISM certification course, participants will have gained a deep understanding of information security management principles and practices. They will be equipped with the necessary knowledge and skills to design, implement, and manage an enterprise’s information security program effectively. The certification validates their expertise in key areas such as information security governance, risk management, incident management, and program development and management. CISM-certified professionals are recognized as experts in information security management, capable of addressing complex security challenges and providing strategic guidance to organizations.

This program is designed to prepare learners to become competent Certified Information Security Managers. Completion of this course will enable learners to implement effective strategies for developing and managing information security programs. They will gain knowledge and skills to manage security risks and threats, governance models, incident management, and report security metrics. Overall, the CISM program is a comprehensive training program that equips learners with the knowledge, skills, and abilities needed to successfully manage information security risks and threats. 

Labs

The CISM course may include practical lab exercises that allow participants to apply their knowledge and skills in a simulated environment. The labs cover various aspects of information security management and provide hands-on experience in developing security strategies, conducting risk assessments, and managing security incidents. The specific labs may vary based on the training provider and curriculum, but some examples of lab activities may include:

• Developing an information security governance framework
• Creating an incident response plan and conducting simulated incident response exercises
• Analyzing and evaluating security controls and their effectiveness

Developing and implementing security policies and procedures