Courses Details
Certified Information Security Manager (CISM)
Course Code CISM
Duration 5 Days
Request Group Training
Quick Links
Course Overview
The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages, designs, and oversees and assesses an enterprise’s information security. The American National Standards Institute (ANSI) has accredited the CISM certification program under ISO/IEC 17024:2012, General Requirements for Bodies Operating Certification Systems of Persons.
Course Schedule
Request Group Training
Target Audience
The CISM certification was developed specifically for experienced information security managers and those with information security management responsibilities who include: • Information Security Managers • Aspiring Information Security Managers • IS/IT Consultants • Chief Information Officers

Course Prerequisites
minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas .

Find more details here  http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/How-to-Become-Certified/Pages/default.aspx
Expected Accomplishments

At the completion of this course the learner will be able to:

  • Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.
  • Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives.
  • Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture.
  • Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact
Course Outline
The job practice domains and task and knowledge statements are as follows:
Domain 1—Information Security Governance (24%)
Domain 2—Information Risk Management (30%)
Domain 3—Information Security Program Development and Management (27%) 
Domain 4—Information Security Incident Management (19%)
 Domain 1 –  Information Security Governance
  • Explain the need for and the desired outcomes of an effective information security strategy
  • Create an information security strategy aligned with organizational goals and objectives
  • Gain stakeholder support using business cases
  • Identify key roles and responsibilities needed to execute an action plan
  • Establish metrics to measure and monitor the performance of security governance

Domain 2 – Information Risk Management

  • Explain the importance of risk management as a tool to meet business needs and develop a security management program to support these needs
  • Identify, rank, and respond to a risk in a way that is appropriate as defined by organizational directives
  • Assess the appropriateness and effectiveness of information security controls
  • Report information security risk effectively 

Domain 3-  Information Security Program Development and Management?

  • Align information security program requirements with those of other business functions ?
  • Manage the information security program resources
  • Design and implement information security controls ?
  • Incorporate information security requirements into contracts, agreements and third-party management processes

Domain 4 – Information Security Incident Management

  • Understand the concepts and practices of Incident Management
  • Identify the components of an Incident Response Plan and evaluate its effectiveness
  • Understand the key concepts of Business Continuity Planning, or BCP and Disaster Recovery Planning, or DRP
  • Be familiar with techniques commonly used to test incident response capabilities
CopyRight 2024 © Etisalat Academy All Right Reserved.