Course Code: 5759

CISSM Certified Information Systems Security Manager

Class Dates:
4 Days
Class Time:
Virtual Instructor-Led Training, Instructor-Led Training


  • Course Overview
  • Today, when it comes to identifying critical issues and providing effective IS management solutions, companies are leaning on IS managers to create solutions for tomorrow’s problems. The knowledge and course content provided in the Certified Information Systems Security Manager - C)ISSM will not only cover ISACA®’s CISM exam but will provide a measurable certification that demonstrates proficiency in the IS Management Field.

    The Certified Information Systems Security Manager covers the skills and knowledge to assess threat analysis and risks, Risk & incident management, Security programs and CISO roles, IS security strategy and frameworks, Audit and Risk management creation of policies, compliance and awareness, as well as DR and BCP development, deployment and maintenance.
  • Audience
    • Penetration Testers
    • Microsoft Administrators
    • Security Administrators
    • Active Directory Administrators
    • Anyone looking to learn more about security


  • A minimum of 1 year in Information Systems

Course Details

  • Module 1 Introduction
  • CISM
  • CISM Exam Review Course Overview
  • CISM Qualifications
  • The Learning Environment
  • Daily Format
  • Domain Structure
  • Course Structure
  • Logistics
  • Module 2 Information Security Governance
  • Selling the Importance of Information Security
  • The First Priority for the CISM
  • Business Goals and Objectives
  • Benefits and Outcomes of Information Security Governance
  • Performance and Governance
  • Information Security Strategy
  • Objectives of Security Strategy
  • Business Linkages & Case Development
  • Security Program Priorities & Objectives
  • Security Integration & Architecture
  • Information Security Frameworks
  • The Maturity of the Security Program Using CMM
  • Module 3 Security Governance Applied
  • The ISO27001:2013 Framework
  • Constraints and Considerations for a Security Program
  • Elements of Risk, Security, and Management of each
  • Roles and Responsibilities of All Involved Departments
  • Centralized versus Decentralized Security
  • Effective Security Metrics & Key Performance Indicators (KPIs)
  • End to End Security
  • Correlation Tools
  • Reporting and Compliance
  • Regulations and Standards
  • Reporting and Analysis
  • Ethical Standards & Responsibility
  • Module 4 Information Risk Management and Compliance
  • Information Asset Classification & Considerations
  • Roles and Responsibilities
  • Regulations and Legislation
  • Asset Valuation
  • Information Asset Protection
  • Risk Management Definition, Objective, and Overview
  • Defining the Risk & Threats to the Environment
  • Aggregate and Cascading Risks
  • Identification of Vulnerabilities
  • The Effect and Impact of Risk
  • Risk Management and Assesment Methodology Process
  • Annualized Loss Expectancy (ALE)
  • Module 5 Information Risk Management and Compliance Applied
  • Qualitative Risk Assessment & Results
  • Data Gathering Techniques
  • Alignment of Risk Assessment and BIA
  • Risk Treatment, Mitigation, and Controls
  • Cost Benefit Analysis of Controls
  • Risk Mitigation Schematic
  • Control Types and Categories
  • Security Control Baselines & Ongoing Risk Assessment
  • Measuring Control Effectiveness
  • Ongoing Risk Management Monitoring and Analysis
  • Audit and Risk Managemen
  • Risk in Business Process Re-Engineering
  • Module 6 Managements Risk Mitigation
  • Risk in Project Management
  • Risk During Employment Process
  • New Employee Initiation
  • Risk During Employment
  • Risk at Termination of Employment
  • Risks During Procurement
  • Reporting to Management & Documentation
  • Training and Awareness
  • Training for End Users
  • Module 7 Information Security Program Development and Management
  • Security Strategy and Program Relationship
  • Importance and Effective Security Management
  • Security Program Development & Outcomes
  • Role of the Information Security Manager
  • (Agenda), Strategy, Creating Effective Policy, Awareness, Implementation, Monitoring & Compliance
  • Developing an Information Security Road Map
  • Inventory of Information Systems
  • Security Program and Project Planning and Development
  • Common Control Practices
  • Module 8 Security Program Elements (Agenda)
  • Acceptable Use & Other Polices
  • Standards, Procedures, Guidelines, Technology, and Personnel Security
  • Training and Skills Matrix
  • Organizational Structure
  • Outsourced & Third-Party Security Providers
  • Facilities & Enviromental Security
  • Module 9 Information Security Concepts
  • Access Control
  • Identification, Authentication, & Authorization
  • Accounting / Auditability
  • Criticality, Sensitivity, and Trust Models
  • Technology-based Security
  • Module 10 Security in Technical Components
  • Operations Security
  • Technologies –Access Control Lists
  • Filtering and Content Management
  • Technologies -SPAM, Databases, and DBMS Encryption
  • Cryptography, Encryption, and Hashing Algorithms
  • Communications OSI Model and TCP/IP
  • Operating Systems & Firewalls
  • Emerging Technologies
  • Intrusion Detection Policies, Processes, and Systems
  • IDS / IPS
  • Module 11 Security Procedures
  • Password Cracking
  • Vulnerability Assessments
  • Penetration Testing
  • Third Party Security Reviews
  • Integration into Life Cycle Processes
  • Security in External Agreements
  • Security Program Implementation
  • Phased Approach
  • Challenges During Implementation
  • Measuring Information Security Risk and Loss
  • Measuring Effectiveness of Technical Security Program and Management
  • Security Project Management
  • Module 12 Information Security Incident Management
  • Goals of Incident Management and Response
  • What is an Intentional & Unintentional Incident
  • History of Incidents
  • Developing Response and Recovery Plans
  • Incident Management and Response
  • Importance of Incident Management and Response
  • Incident Response Functions & Manager Responsibilities
  • Detailed Plan of Action for Incident Management Prepare, Protect, Detect, Triage, Response
  • Elements of an Incident Response Plan
  • Crisis Communications
  • Challenges in Developing an Incident Management Plan
  • Module 13 Testing Response and Recovery Plans
  • Types of Tests
  • Test Results
  • Plan Maintenance Activities
  • BCP and DRP Training
  • Module 14 Informaiton Security Management
  • Personnel
  • Team Member Skills
  • Security Concepts and Technologies
  • Organizing, Training and Equipping the Response Staff
  • Performance Measurement
  • Reviewing the Current State of Incident Response Capability
  • Audits and Gap Analysis –Basis for an Incident Response Plan When an Incident Occurs
  • Containment Strategies & The Battle Box
  • Evidence Identification, Preservation, and Post Event Reviews
  • Disaster Recovery Planning (DRP) and Business Recovery Processes
  • Development of BCP and DRP
  • Plan Development, Recovery Strategies, Disaster Recovery Sites, Recovery of Communications, & Notification Requirements