Training Course: Certified Information Security Manager (CISM)

Introduction

The Certified Information Security Manager (CISM) training course is a comprehensive program designed to provide participants with the knowledge and skills required to excel in the field of information security management. The course covers essential concepts, best practices, and techniques necessary for effective information security governance, risk management, program development, and incident management.

Course Objectives

• Understand the core principles and concepts of information security management.
  • Acquire knowledge of the four domains covered in the course:
  • Information Security Governance
  • Risk Management
  • Information Security Program Development and Management
  • Information Security Incident Management.
• Learn how to establish and maintain an information security governance framework and supporting processes.
• Develop the skills to identify and manage information security risks to achieve business objectives.
• Gain insights into the development, implementation, and management of information security programs aligned with organizational goals and compliance requirements.
• Learn effective incident response and management techniques to mitigate the impact of security incidents.

Course Outlines

Day 1

• Introduction to Information Security Management:
  • Overview of information security management principles, frameworks, and Standards.
• Information Security Governance:
  • Establishing and maintaining an information security governance framework, roles and responsibilities, and organizational structures.
• Information Risk Management:
  • Identification, assessment, and mitigation of information security risks.
• Information Security Program Development and Management:
  • Developing and managing the information security program lifecycle, including security policies, standards, procedures, and guidelines.
• Review and Practice:
  • Review of key concepts covered on the first day and practice exercises.

Day 2

• Information Security Program Development and Management (Continued):
  • Implementation of information security controls, performance measurement, and assurance techniques.
• Information Security Incident Management:
  • Planning, establishing, and managing the capability to respond and recover from information security incidents.
• Incident Response and Handling:
  • Processes and procedures for effectively responding to and managing security incidents.
• Business Continuity Planning and Disaster Recovery Planning:
  • Ensuring the continuity of business operations in the event of a security incident or disaster.
• Review and Practice:
  • Review of key concepts covered on the second day and practice exercises.

Day 3

• Information Security Governance (Continued):
  • Oversight, compliance, and assurance of the information security governance framework.
• Information Risk Management (Continued):
  • Risk assessment methodologies, risk treatment options, and risk communication techniques.
• Regulatory and Legal Compliance:
  • Understanding and complying with applicable laws, regulations, and contractual requirements.
• Security Metrics and Monitoring:
  • Development and use of security metrics to measure the effectiveness of information security management.
• Review and Practice:
  • Review of key concepts covered on the third day and practice exercises.

Day 4

• Information Security Program Development and Management (Continued):
  • Information security program implementation, operation, and management.
• Information Security Incident Management (Continued):
  • Incident response planning, execution, and coordination.
• Incident Investigation and Analysis:
  • Techniques for investigating and analyzing information security incidents.
• User Awareness and Training:
  • Strategies for promoting information security awareness and providing training to employees.
• Review and Practice:
  • Review of key concepts covered on the fourth day and practice exercises.

Day 5

• Mock Exam:
  • A simulated exam to assess participants' knowledge and readiness for the certification exam.
• Question and Answer Session:
  • Addressing any remaining doubts or questions regarding the course content.
• Course Conclusion:
  • Recap of the key takeaways.