Course Code: 19318

CISM Certified Information Security Manager Training

Class Dates:
11/25/2024
9/4/2024
Length:
3 Days
Cost:
$2495.00
Class Time:
Technology:
Security
Delivery:
Instructor-Led Training, Virtual Instructor-Led Training

Overview

  • Course Overview
  • Designed to be the most clear cut path to obtaining the prestigious CISM certification; this three-day Tactical Security CISM Exam Preparation course offers a comprehensive review of the ISACA CISM topic areas without a lot of "off topic" discussions. Not just CISM test prep – We build real-world security management skills. The course specifically covers the task statements and knowledge statements contained within the four major content areas of CISM including: Information Security Governance (24%), Information Risk Management and Compliance (33%), Information Security Program Development and Management (25%), Information Security Incident Management (18%) After completion of this preparation course, you will be ready to take the internationally-acclaimed CISM certification exam.
  • Audience
  • Who Can Benefit
    Information security managers
    Information security practitioners
    Security auditors
    Security consultants
    Chief Information Security Officers (CISOs)
    Chief Security Officers (CSOs)
    Privacy officers
    Security administrators
    IT managers

Prerequisites

Course Details

  • About CISM, Requirements for certification
  • Experience
  • Passing the exam
  • The ISACA Code of Ethics
  • Maintaining certification
  • Information Security Governance
  • Overview, Information is a valuable resource in all of its formats
  • Not just IT related, We need to converge information security into the business
  • Effective information security governance
  • Business drivers, Business support, Provide assurance to management
  • Risk objectives, Operational risk management, We must be able to meet our desired state
  • Build an information security strategy, Business model for information security (BMIS), Strategy
  • Controls, Types of controls, IT controls, Non-IT controls
  • Countermeasures, Example defense in depth
  • Provide assurance to management, ISO 27001, Security Metrics
  • Extend security knowledge to everyone
  • Awareness, Training, Education
  • Action plan to implement strategy, Projects, Gap analysis, Critical success factors
  • Information Risk Management & Compliance
  • Overview, Information classification, Why should information be classified
  • Developing the program, Ownership, Responsibilities
  • Methods to evaluate impact of adverse events, Business impact analysis
  • Legal and regulatory requirements, Emerging threats and vulnerabilities, Sources of information
  • Risk management, Elements of risk, Risk assessment, Prioritizing risk, Reporting risk, Monitoring Risk,
  • Risk handling, Control baseline modeling, Controls
  • Gap analysis, Integrate risk management into business and IT processes
  • Compliance, Re-assessing risk and changing security program elements
  • Risk management is a cyclic process,
  • Triggers to re-assess
  • Information Security Program Development & Management
  • Overview, Align information security program to business function
  • Resource requirements definition, Internal, External
  • Identify, acquire and manage, Emerging trends in information security
  • Cloud computing, Mobile computing
  • Security control design, Security architectures, BSIM
  • Methods to develop, Standards, Procedures, Guidelines
  • Methods to implement and communicate
  • Policies, Standards, Procedures, Guidelines
  • Security awareness and training, Methods to establish, ,Methods to maintain
  • Methods to integrate security requirements into organizational processes
  • Methods to incorporate security requirements, Contracts
  • 3rd party management processes, Security metrics, Design, Implement, Report, Testing security controls, Effectiveness , Applicability
  • Information Security Incident Management
  • Overview, Definition, Distinction between IR, BCP and DRP
  • Senior management commitment, Policy, Personnel, Objectives
  • Intended outcomes, Incident management, Incident handling, Incident response, Incident systems and tools
  • What technologies must an IRT know?, Vulnerabilities/Weaknesses
  • Networking, Operating systems, Malicious software, Programming languages
  • Defining incident management procedures, Plan for management , Current state of incident response plan
  • Gap analysis, Develop a plan, Plan elements, Notification process
  • Escalation process, Help desk process for identifying incidents, Response teams
  • Challenges in developing a plan, BCP/DRP, Recovery operations,
  • Recovery strategies, Recovery sites, Basis for recovery site selection
  • Notification requirements, Supplies, Communication structure, Testing the plan
  • Recovery test metrics, Test results, Post-incident activities and investigations