About this course

While information has become more easily accessible and readily available, the associated risks and security threats have not only increased in number, but also complexity.  As a result, the importance of ensuring that an enterprise’s information is protected has also increased.  It is now more important than ever for executives to ensure that their IT security managers have the expertise needed to reduce risk and protect the enterprise.

Designed specifically for information security professionals who are preparing to sit for the CISM exam, the course focuses on the four content areas of the Certified Information Security Manager (CISM) job practice:  information security governance, risk management and compliance, information security program development and management, information security incident management. Sample exam items will be used throughout the course to reinforce content and familiarize attendees with the CISM exam question format.

Course Benefits

Upon the completion of our CISM Exam Prep, students will be familiar with the following concepts:
• Information Security Governance
• An information security steering group function
• Legal and regulatory issues associated with Internet businesses, global transmissions and transborder data flows
• Common insurance policies and imposed conditions
• Information security process improvement
• Recovery time objectives (RTO) for information resources
• Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
• Security metrics design, development and implementation.
• Information security management due diligence activities and reviews of the infrastructure.
• Events affecting security baselines that may require risk reassessments
• Changes to information security requirements in security plans, test plans and reperformance
• Disaster recovery testing for infrastructure and critical business applications.
• The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence.
• External vulnerability reporting sources
• The key components of cost benefit analysis and enterprise migration plans
• Privacy and tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security
• CISM information classification methods
• Life-cycle-based risk management principles and practices.
• Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
• Security baselines and configuration management in the design and management of business applications and the infrastructure.
• Acquisition management methods and techniques
• Evaluation of vendor service level agreements, preparation of contracts)
• CISM question and answer review

Who should attend?

CISM is more than an entry-level certification. This credential is geared towards Information Security managers and those who have information security management responsibilities. It is specifically developed for the information security professional who has acquired experience working on the front lines of information security.

The CISM designation is for Information Security professionals who have 3-5 years of front-line experience with the security of information. Individuals with three years or more of experience managing the information security function of an enterprise or performing such duties will find CISM tailored to their knowledge and skills

Course Contents

Information Security Governance
1. Introduction
• Definition
• Objectives
• Tasks
• Overview

2. Topics
• Effective Security Governance Overview
• Effective Information Security Governance
• Key Information Security
• Concepts and Technologies
• Scope and Charter of IS Governance
• IS Governance Metrics
• IS Strategy Overview
• Developing an IS Strategy – Common Pitfalls
• IS Strategy Objectives
• Determining Current State of Security
• Information Security Strategy Development
• Strategy Resources
• Strategy Constraints
• Action Plan to implement strategy
• Action Plan Intermediate Goals
• IS Program Objectives

Information Risk Management and Compliance
1. Introduction
• Definition
• Objective
• Tasks
• Overview

2. Topics
• Risk Management Overview
• Risk Management Strategy
• Effective Information Security Risk Management
• IS Risk Management Concepts
• Implementing Risk Management
• Risk Assessment and Analysis Methodologies
• Risk assessment
• Information Resource Valuation
• Recovery Time Objectives
• Integration with Life Cycle Processes
• Security Control Baselines
• Risk Monitoring and Communications
• Training and Awareness

Information Security Programme Development and Management
1. Introduction
• Definition
• Objectives
• Tasks
• Overview

2. Topics
• IS Program Management Overview
• IS Program Management Objectives
• IS Program Management Concepts
• Scope and Charter of IS Program
• The IS Management Framework
• Defining an IS Program Roadmap
• IS Infrastructure and Architecture
• Architecture Implementation
• Security Program Management and Administrative Activities
• Security Program Services and Operational Activities
• Controls and Countermeasures
• Security Program Metrics and Monitoring
• Common IS Program Challenges

Information Security Incident Management
1. Introduction
• Definition
• Objective
• Tasks
• Overview

2. Topics
• Incident Management Overview
• Incident Response Procedures
• IS Manager
• Incident Management Resources
• Incident Management Objectives
• Incident Management Metrics and Indicators
• Defining Incident Management Procedures
• Current State of Incident Response Capability
• Developing an Incident Response Plan
• Business Continuity and Disaster Recovery Procedures
• Testing Incident Response and BC/DR Plans
• Executing Response and Recovery Plans
• Post Incident Activities and Investigation

Certification and Accreditation

To become a CISM, an applicant must:
• Achieve a passing score on the CISM exam.
• Submit an application with verified evidence of three years of work experience as described below.
• Agree to abide by the ISACA Code of Professional Ethics, which can be viewed at www.isaca.org/ethics.
• Agree to abide by the CRISC continuing professional education (CPE) policy, which can be viewed at ISACA CISM Maintenance Page.


• Computer based Examination
• 4 Hours
• 200 Multiple Choices Questions
• Minimum score of 450 out of a possible maximum of 800

Training info
Email : [email protected]