IT1742: Certified Information Security Manager (CISM)

Course Length: 40 hrs

Prerequisites: Five years of experience with audit, IT systems, and security of information systems; systems administration experience; familiarity with TCP/IP; and an understanding of UNIX, Linux, and Windows.

Price: $2595

Format: Onsite, online

The ISACA CISM (Certified Information Security Manager) certification is the primary certification for information security professionals who manage, design, oversee and/or assess an enterprise’s information security.

CISM has earned accreditation by ANSI, signifying that ISACA's procedures meet ANSI's essential requirements for openness, balance, consensus and due process in accordance with the ISO 17024 standard. Obtaining ANSI certification under ISO/IEC 17024:2003 is a key requirement for certifications approved under Directive 8570.1

The certification exam is offered three times a year at ISACA sponsored public events, in June, September, and December.

Topics Covered:

• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management

Course Outline:

1. Information Security Governance

• Effective Information Security Governance
• Information Security Concepts and Issues
• Business Objectives
• Roles & Responsibilities
• Business Model for Information Security
• The IS Manager
• Scope and Charter of Information Security Governance
• IS Governance Metrics
• Developing an IS Strategy – Common Pitfalls
• IS Strategy Objectives
• Strategy Development
• Determining Current State of Security
• Strategy Resources
• Strategy Constraints
• Action Plan Intermediate Goals

2. Information Risk Management and Compliance

• Effective Information Security Risk Management
• Risk Management Concepts
• Technologies
• Integration into Life Cycle Processes
• Implementing Risk Management
• Risk Identification and Analysis Methods
• Mitigation Strategies and Prioritisation
• Reporting Changes to Management
• Mitigation Strategies and Prioritisation
• Reporting Changes to Management

3. Information Security Program Development and Management

• Program objectives
• Security Program Concepts
• Management Framework
• Business Processes
• Infrastructure & Architecture
• Management/Administration
• Business cases
• Program Budgeting
• Vendor Management
• Ethics
• Culture
• Program Services
• Management of Technology
• Security Reviews and Audits
• Due Diligence
• Compliance Monitoring
• Outsourcing & Service Providers
• Cloud Computing
• Controls and Countermeasures
• Controls Design & Methods
• Controls Testing
• Program Metrics & Monitoring
• Metrics Development
• Monitoring Approaches
• Common Program Challenges

4. Information Security Incident Management

• Performing a Business Impact Analysis
• Developing Response and Recovery Plans
• Incident Response Processes
• Testing the Response and Recovery Plans
• Executing Response and Recovery Plans
• Documenting Events
• Post Event Reviews

5. Review and Q&A Session

• Final Review and Test Prep

Notes: Out-of-cycle US Government test events can be arranged with ISACA, with a minimum of 25 participants, outside of the public testing months of June, September, and December.