Certified Information Security Manager (CISM)

Introduction

The Certified Information Security Manager (CISM) is a globally recognized certification designed for information security professionals who are responsible for managing, developing, and overseeing information security programs within an organization. This certification is awarded by the Information Systems Audit and Control Association (ISACA).

The CISM certification validates the knowledge and skills required to design, implement, and manage effective information security programs. It covers four domains: Information Security Governance, Risk Management, Information Security Program Development and Management, and Information Security Incident Management.

Course Objectives

• Understand the importance of information security governance and the key components of an effective information security governance framework.
• Identify and assess information security risks, and develop and implement risk management strategies.
• Design and implement effective information security programs, including security controls, technologies, and awareness training.
• Develop and implement an incident management plan, and respond to security incidents.
• Understand legal and regulatory requirements for reporting security incidents, forensic investigation techniques, and business continuity and disaster recovery planning.

Course Outlines

Day 1: Introduction to Information Security Governance

• Understanding the importance of information security governance.
• Key components of an effective information security governance framework.
• Roles and responsibilities of key stakeholders in information security governance.
• Design, Implement, and Oversee.

Day 2: Information Risk Management

• Identifying and assessing information security risks.
• Developing and implementing risk management strategies.
• Monitoring and reporting on information security risks.
• Time management techniques.
• Strategies and tips.

Day 3: Information Security Program Development and Management

• Designing and implementing information security programs.
• Conducting security awareness training.
• Managing security resources.
• Review of key concepts and domains.

Day 4: Information Security Program Development and Management (continued)

• Implementing security controls and technologies.
• Conducting security audits and assessments.
• Managing third-party security risks.
• IT security practices.

Day 5: Information Security Incident Management

• Developing and implementing an incident management plan.
• Responding to security incidents.
• Conducting post-incident reviews and analysis.
• Legal and regulatory requirements for reporting security incidents.
• Forensic investigation techniques.
• Business continuity and disaster recovery planning.