Certified Information Security Manager (CISM)
- Description
- Curriculum
- Reviews
The ISACA Certified Information Security Manager (CISM) course is aimed at professionals responsible for managing, designing, overseeing, and assessing an enterprise’s information security. Training covers the four domains of CISM: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management. Participants will learn to establish and maintain a security governance framework, identify and manage information risk, develop and manage an information security program, and respond to and recover from incidents. The course also prepares attendees for the CISM certification exam with practice questions and real-world scenarios, equipping them with the skills to manage and optimize information security within their organizations.
-
1
Enterprise Governance- Organizational Culture
- Legal, Regulatory and Contractual Requirements
- Organizational Structures, Roles and Responsibilities
-
2
Information Security Strategy
- Information Security Strategy Development
- Information Governance Frameworks and Standards
- Strategic Planning (e.g., Budgets, Resources, Business Case)
-
5
Information Security Program Development
- Information Security Program Resources (e.g., People, Tools, Technologies)
- Information Asset Identification and Classification
- Industry Standards and Frameworks for Information Security
- Information Security Policies, Procedures and Guidelines
- Information Security Program Metrics
-
6
Information Security Program Management
- Information Security Control Design and Selection
- Information Security Control Implementation and Integrations
- Information Security Control Testing and Evaluation
- Information Security Awareness and Training
- Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)
- Information Security Program Communications and Reporting
-
7
Incident Management Readiness
- Incident Response Plan
- Business Impact Analysis (BIA)
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Incident Classification/Categorization
- Incident Management Training, Testing and Evaluation
-
8
Incident Management Operations
- Incident Management Tools and Techniques
- Incident Investigation and Evaluation
- Incident Containment Methods
- Incident Response Communications (e.g., Reporting, Notification, Escalation)
- Incident Eradication and Recovery
- Post-Incident Review Practices
