CISM Examination Preparation (Thai) Exam Excluded

Date/Time: 03/03/2020 - 06/03/2020 9:30 am - 4:30 pm


About this course

The CISM (Certified Information Security Manager) certification is the primary certification for information security professionals who manage, design, oversee and/or assess an enterprise’s information security.

In comparison to other certifications, CISM covers a wide body of knowledge. It is therefore recommended by the sponsoring organization, ISACA, that those sitting for the CISM certification attend a training session.
We offers a most comprehensive CISM review course in 4 day boot camp format for those wishing to thoroughly prepare for the CISM exam. Every student attending the CISM Boot Camp progresses through a number of skill checks to ensure knowledge is retained. The instructors for the CISM Boot Camp are certified with the CISM designation. Our Exam Preparation workshops are specifically designed to cover the new material that will be on the 2012 exams

Course Benefits

Upon the completion of our CISM Exam Prep, students will be familiar with the following concepts:
• Information Security Governance
• An information security steering group function
• Legal and regulatory issues associated with Internet businesses, global transmissions and transborder data flows
• Common insurance policies and imposed conditions
• Information security process improvement
• Recovery time objectives (RTO) for information resources
• Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
• Security metrics design, development and implementation.
• Information security management due diligence activities and reviews of the infrastructure.
• Events affecting security baselines that may require risk reassessments
• Changes to information security requirements in security plans, test plans and reperformance
• Disaster recovery testing for infrastructure and critical business applications.
• The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence.
• External vulnerability reporting sources
• The key components of cost benefit analysis and enterprise migration plans
• Privacy and tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security
• CISM information classification methods
• Life-cycle-based risk management principles and practices.
• Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
• Security baselines and configuration management in the design and management of business applications and the infrastructure.
• Acquisition management methods and techniques
• Evaluation of vendor service level agreements, preparation of contracts)
• CISM question and answer review

Who should attend?

• CISM is more than an entry-level certification. This credential is geared towards Information Security managers and those who have information security management responsibilities. It is specifically developed for the information security professional who has acquired experience working on the front lines of information security. The CISM designation is for Information Security professionals who have 3-5 years of front-line experience with the security of information. Individuals with three years or more of experience managing the information security function of an enterprise or performing such duties will find CISM tailored to their knowledge and skills

Course Contents

Information Security Governance
1. Introduction
• Definition
• Objectives
• Tasks
• Overview

2. Topics
• Effective Security Governance Overview
• Effective Information Security Governance
• Key Information Security
• Concepts and Technologies
• Scope and Charter of IS Governance
• IS Governance Metrics
• IS Strategy Overview
• Developing an IS Strategy – Common Pitfalls
• IS Strategy Objectives
• Determining Current State of Security
• Information Security Strategy Development
• Strategy Resources
• Strategy Constraints
• Action Plan to implement strategy
• Action Plan Intermediate Goals
• IS Program Objectives

Information Risk Management and Compliance
1. Introduction
• Definition
• Objective
• Tasks
• Overview

2. Topics
• Risk Management Overview
• Risk Management Strategy
• Effective Information Security Risk Management
• IS Risk Management Concepts
• Implementing Risk Management
• Risk Assessment and Analysis Methodologies
• Risk assessment
• Information Resource Valuation
• Recovery Time Objectives
• Integration with Life Cycle Processes
• Security Control Baselines
• Risk Monitoring and Communications
• Training and Awareness

Information Security Programme Development and Management
1. Introduction
• Definition
• Objectives
• Tasks
• Overview

2. Topics
• IS Program Management Overview
• IS Program Management Objectives
• IS Program Management Concepts
• Scope and Charter of IS Program
• The IS Management Framework
• Defining an IS Program Roadmap
• IS Infrastructure and Architecture
• Architecture Implementation
• Security Program Management and Administrative Activities
• Security Program Services and Operational Activities
• Controls and Countermeasures
• Security Program Metrics and Monitoring
• Common IS Program Challenges

Information Security Incident Management
1. Introduction
• Definition
• Objective
• Tasks
• Overview

2. Topics
• Incident Management Overview
• Incident Response Procedures
• IS Manager
• Incident Management Resources
• Incident Management Objectives
• Incident Management Metrics and Indicators
• Defining Incident Management Procedures
• Current State of Incident Response Capability
• Developing an Incident Response Plan
• Business Continuity and Disaster Recovery Procedures
• Testing Incident Response and BC/DR Plans
• Executing Response and Recovery Plans
• Post Incident Activities and Investigation

Certification and Accreditation

To become a CISM, an applicant must:
• Achieve a passing score on the CISM exam.
• Submit an application with verified evidence of three years of work experience as described below.
• Agree to abide by the ISACA Code of Professional Ethics, which can be viewed at
• Agree to abide by the CRISC continuing professional education (CPE) policy, which can be viewed at ISACA CISM Maintenance Page.


  • Computer-based examination
  • 4 hours
  • 150 multiple-choice question exam
  • ISACA uses a 200 – 800 point scale with 450 as the passing mark for the exams

Training Info

Duration:  4 Days
Date:  March 3 – 6, 2020
Time:  9.30 am. – 16.30 pm.
Venue:  ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fees: 34,000 Baht (ex.vat7%)
Tel. 02 670 8980-3
E-mail.[email protected]

Course Registration

Terms & Conditions for Course Registration

Please read the following terms & conditions for course registration carefully. Upon clicking submit button, it is demonstrated that I/We understand and accept the registration and cancellation policies and procedures.

  • Full payment is required in advance prior to course commencement date.

Cancellation Policy

  • Payment is due upon registration
  • Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given
  • A replacement is always welcome

Disclaimer: ACinfotec reserves the right to change, postpone or cancel. Any part of its published programme due to unforeseen circumstances.