Certified Information Security Manager (CISM) Training
The CISM certification, which is internationally acknowledged, is aimed at professionals looking to
deepen their expertise in the management of information security practices and systems.
REASONS TO CHOOSE
✔ World-Class Training Sessions from Experienced Instructors
✔ CISM Boot Camp Attendance Certificate
✔ Digital Delegate Pack
Certified Information Security Manager (CISM) Course Details
.png)
Certified Information Security Manager (CISM) Training Course Outline
Domain 1: Information Security Governance
Module 1: Introduction to Information Security Governance
-
About Information Security Governance
-
Reason for Security Governance
-
Security Governance Activities and Results
-
Risk Appetite
-
Organization Culture
Module 2: Legal, Regulatory and Contractual Requirements
-
Introduction
-
Requirements for Content and Retention of Business Records
Module 3: Organizational Structures, Roles and Responsibilities
-
Roles and Responsibilities
-
Monitoring Responsibilities
Module 4: Information Security Strategy Development
-
Introduction
-
Business Goals and Objectives
-
Information Security Strategy Objectives
-
Ensuring Objective and Business Integration
-
Avoiding Common Pitfalls and Bias
-
Desired State
-
Elements of a Strategy
Module 5: Information Governance Frameworks and Standards
-
Security Balanced Scorecard
-
Architectural Approaches
-
Enterprise Risk Management Framework
-
Information Security Management Frameworks and Models
Module 6: Strategic Planning
-
Workforce Composition and Skills
-
Assurance Provisions
-
Risk Assessment and Management
-
Action Plan to Implement Strategy
-
Information Security Program Objectives
Domain 2: Information Security Risk Management
Module 7: Emerging Risk and Threat Landscape
-
Risk Identification
-
Threats
-
Defining a Risk Management Framework
-
Emerging Threats
-
Risk, Likelihood and Impact
-
Risk Register
Module 8: Vulnerability and Control Deficiency Analysis
-
Introduction
-
Security Control Baselines
-
Events Affecting Security Baselines
Module 9: Risk Assessment and Analysis
-
Introduction
-
Determining the Risk Management Context
-
Operational Risk Management
-
Risk Management Integration with IT Life Cycle Management Processes
-
Risk Scenarios
-
Risk Assessment Process
-
Risk Assessment and Analysis Methodologies
-
Other Risk Assessment Approaches
-
Risk Analysis
-
Risk Evaluation
-
Risk Ranking
Module 10: Risk Treatment or Risk Response Options
-
Risk Treatment/Risk Response Options
-
Determining Risk Capacity and Acceptable Risk
-
(Risk Appetite)
-
Risk Response Options
-
Risk Acceptance Framework
-
Inherent and Residual Risk
-
Impact
-
Controls
-
Legal and Regulatory Requirements
-
Costs and Benefits
Module 11: Risk and Control Ownership
-
Risk Ownership and Accountability
-
Risk Owner
-
Control Owner
Module 12: Risk Monitoring and Reporting
-
Risk Monitoring
-
Key Risk Indicators
-
Reporting Changes in Risk
-
Risk Communication, Awareness and Consulting
-
Documentation
Domain 3: Information Security Program Development and Management
Module 13: Information Security Program Resources
-
Introduction
-
Information Security Program Objectives
-
Information Security Program Concepts
-
Common Information Security Program Challenges
-
Common Information Security Program Constraints
Module 14: Information Asset Identification and Classification
-
Information Asset Identification and Valuation
-
Information Asset Valuation Strategies
-
Information Asset Classification
-
Methods to Determine Criticality of Assets and Impact of Adverse Events
Module 15: Industry Standards and Frameworks for Information Security
-
Enterprise Information Security Architectures
-
Information Security Management Frameworks
-
Information Security Frameworks Components
Module 16: Information Security Policies, Procedures, and Guidelines
-
Policies
-
Standards
-
Procedures
-
Guidelines
Module 17: Information Security Program Metrics
-
Introduction
-
Effective Security Metrics
-
Security Program Metrics and Monitoring
-
Metrics Tailored to Enterprise Needs
Module 18: Information Security Control Design and Selection
-
Introduction
-
Managing Risk Through Controls
-
Controls and Countermeasures
-
Control Categories
-
Control Design Considerations
-
Control Methods
Module 19: Security Program Management
-
Risk Management
-
Risk Management Program
-
Risk Treatment
-
Audit and Reviews
-
Third-Party Risk Management
Module 20: Security Program Operations
-
Event Monitoring
-
Vulnerability Management
-
Security Engineering and Development
-
Network Protection
-
Endpoint Protection and Management
-
Identity and Access Management
-
Security Incident Management
-
Security Awareness Training
-
Managed Security Service Providers
-
Data Security
-
Cryptography
-
Symmetric Key Algorithms
Module 21: IT Service Management
-
Service Desk
-
Incident Management
-
Problem Management
-
Change Management
-
Configuration Management
-
Release Management
-
Service Levels Management
-
Financial Management
-
Capacity Management
-
Service Continuity Management
-
Availability Management
-
Asset Management
Module 22: Controls
-
Internal Control Objectives
-
Information Systems Control Objectives
-
General Computing Controls
-
Control Frameworks
-
Controls Development
-
Control Assessment
Module 23: Metrics and Monitoring
-
Types of Metrics
-
Audiences
-
Continuous Improvement
Domain 4: Information Security Incident Management
Module 24: Security Incident Response Overview
-
Phases of Incident Response
Module 25: Incident Response Plan Development
-
Objectives
-
Maturity
-
Resources
-
Roles and Responsibilities
-
Gap Analysis
-
Plan Development
Module 26: Responding to Security Incidents
-
Detection
-
Initiation
-
Evaluation
-
Recovery
-
Remediation
-
Closure
-
Post-Incident Review
Module 27: Business Continuity and Disaster Recovery Planning
-
Business Continuity Planning
-
Disaster
-
Disaster Recovery Planning
-
Testing BC and DR Planning
