Course Code: 19318

CISM Certified Information Security Manager Training

Class Dates:
3 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • Designed to be the most clear cut path to obtaining the prestigious CISM certification; this three-day Tactical Security CISM Exam Preparation course offers a comprehensive review of the ISACA CISM topic areas without a lot of "off topic" discussions. Not just CISM test prep – We build real-world security management skills. The course specifically covers the task statements and knowledge statements contained within the four major content areas of CISM including: Information Security Governance (24%), Information Risk Management and Compliance (33%), Information Security Program Development and Management (25%), Information Security Incident Management (18%) After completion of this preparation course, you will be ready to take the internationally-acclaimed CISM certification exam.
  • Audience
  • Who Can Benefit
    Information security managers
    Information security practitioners
    Security auditors
    Security consultants
    Chief Information Security Officers (CISOs)
    Chief Security Officers (CSOs)
    Privacy officers
    Security administrators
    IT managers


Course Details

  • About CISM, Requirements for certification
  • Experience
  • Passing the exam
  • The ISACA Code of Ethics
  • Maintaining certification
  • Information Security Governance
  • Overview, Information is a valuable resource in all of its formats
  • Not just IT related, We need to converge information security into the business
  • Effective information security governance
  • Business drivers, Business support, Provide assurance to management
  • Risk objectives, Operational risk management, We must be able to meet our desired state
  • Build an information security strategy, Business model for information security (BMIS), Strategy
  • Controls, Types of controls, IT controls, Non-IT controls
  • Countermeasures, Example defense in depth
  • Provide assurance to management, ISO 27001, Security Metrics
  • Extend security knowledge to everyone
  • Awareness, Training, Education
  • Action plan to implement strategy, Projects, Gap analysis, Critical success factors
  • Information Risk Management & Compliance
  • Overview, Information classification, Why should information be classified
  • Developing the program, Ownership, Responsibilities
  • Methods to evaluate impact of adverse events, Business impact analysis
  • Legal and regulatory requirements, Emerging threats and vulnerabilities, Sources of information
  • Risk management, Elements of risk, Risk assessment, Prioritizing risk, Reporting risk, Monitoring Risk,
  • Risk handling, Control baseline modeling, Controls
  • Gap analysis, Integrate risk management into business and IT processes
  • Compliance, Re-assessing risk and changing security program elements
  • Risk management is a cyclic process,
  • Triggers to re-assess
  • Information Security Program Development & Management
  • Overview, Align information security program to business function
  • Resource requirements definition, Internal, External
  • Identify, acquire and manage, Emerging trends in information security
  • Cloud computing, Mobile computing
  • Security control design, Security architectures, BSIM
  • Methods to develop, Standards, Procedures, Guidelines
  • Methods to implement and communicate
  • Policies, Standards, Procedures, Guidelines
  • Security awareness and training, Methods to establish, ,Methods to maintain
  • Methods to integrate security requirements into organizational processes
  • Methods to incorporate security requirements, Contracts
  • 3rd party management processes, Security metrics, Design, Implement, Report, Testing security controls, Effectiveness , Applicability
  • Information Security Incident Management
  • Overview, Definition, Distinction between IR, BCP and DRP
  • Senior management commitment, Policy, Personnel, Objectives
  • Intended outcomes, Incident management, Incident handling, Incident response, Incident systems and tools
  • What technologies must an IRT know?, Vulnerabilities/Weaknesses
  • Networking, Operating systems, Malicious software, Programming languages
  • Defining incident management procedures, Plan for management , Current state of incident response plan
  • Gap analysis, Develop a plan, Plan elements, Notification process
  • Escalation process, Help desk process for identifying incidents, Response teams
  • Challenges in developing a plan, BCP/DRP, Recovery operations,
  • Recovery strategies, Recovery sites, Basis for recovery site selection
  • Notification requirements, Supplies, Communication structure, Testing the plan
  • Recovery test metrics, Test results, Post-incident activities and investigations