Certified Information Security Manager (CISM)

40 Hours / 12 Months / Self-Paced

Course Overview:

The ISACA Certified Information Security Manager (CISM) exam is designed to certify the competency of security professionals to manage designs; oversee and assess an enterprise’s information security. The exam covers competency in the following domains: Information Security Governance; Information Security; Incident Management; Information Risk Management and Compliance; Information Security Program Development and Management.

This course prepares the student to take the ISACA Certified Information Security Manager (CISM) certification exam.

Course Outline:

Lesson 1: Information Security Governance
  • Security Strategy
  • Information Security Governance framework
  • Integrating security governance into corporate governance
  • Security Policies: standards, procedures, and guidelines
  • Business cases to support investments
  • Internal and external influences on information security strategy
  • Management and other stakeholder commitment
  • Roles and Responsibilities
  • Measuring the effectiveness of the information security strategy
Lesson 2: Information Risk Management and Compliance
  • Information asset classification
  • Risk management, assessments, vulnerability assessments and threat analyses
  • Risk treatment options
  • Manage risk of noncompliance
  • Information security controls
  • Current and desired risk levels: Gap analysis
  • Monitoring risk
Lesson 3: Information Security Program Development and Management
  • Alignment of IS program with information security strategy
  • Information security manager's role and responsibilities in alignment
  • Information security frameworks
  • Information security architectures
  • Evaluating the effectiveness and efficiency of the IS program
  • Integrating the IS program with IT processes
  • Integrating the IS program into contracts and activities of third parties
  • Controls and countermeasures
  • Security Program Metrics and Monitoring
Lesson 4: Information Security Incident Management
  • Organizational definition and severity hierarchy for security incidents
  • Incident response plan
  • Processes for timely identification
  • Testing and review
  • Investigating and documenting information security incidents
  • Integration of incident response plan, disaster recovery plan and business continuity plan
Lesson 5: Video Tutorials
  • Introduction
  • Information Security Threats, Management, And Protection
  • Security Compliance And Strategy
  • Business Functions And Policies
  • Security Standards, Activities, And Strategy Development
  • Information Security Governance Framework
  • Regulatory Requirements And Liability Management
  • Business Case, Budgetary Reporting Methods And Planning Strategy
  • Organizational Drivers And Their Impacts
  • Commitment To Info Security
  • Management Roles And Responsibilities
  • Reporting And Communicating
  • Risks Assessment
  • Information: Classification, Ownership, And Resource Valuation
  • Baseline And BIAs
  • Risk: Countermeasures, Mitigation Strategies, And Life Cycle
  • Risk: Management And Reporting
  • Information Security Strategies And Programs
  • Security Technologies, Cryptography, And Access Controls
  • Monitoring Tools, Security Programs And Controls
  • Business Assurance Function And SLAs
  • Resources, Services, And Skills
  • Security Architecture, Model, And Deployment
  • Info Security: Policies, Awareness And Training Programs
  • Documentation
  • Organizational Processes
  • Contracts, Joint Ventures, Business Partners And Customers
  • Third Parties, Suppliers, And Subcontractors
  • Info Security Metrics
  • Goals And Methods Of Evaluating Info Security Controls
  • Vulnerability
  • Assessment Tools And Tracking Info Security Awareness Training And Education Programs
  • Evaluation And Management Metrics
  • Data Collection, Reviews, And Measurement
  • Assurance Providers, Line Management, Budgeting, And Staff Management
  • Facilities And Program Resources
  • Security Policy, Administrative Processes, And Procedures
  • Access Control, Access Security Policy Principles, And Identity Management
  • Authentication, Remote Access And User Registration
  • Procurement And Enforcing Policy Standard and Compliance
  • Third Party Relationships
  • SLAs, SDLC, And Security Enforcement
  • Maintenance, Monitoring, And Configuration Management
  • Maintaining Info Security And Due Diligence Activities
  • Info Access, Security Advice, Guidance, And Awareness
  • Stakeholders
  • Testing Info Security Control
  • Noncompliance Issues And Security Baselines
  • Incident Response And Continuity Of Operations
  • Disaster Recovery And Business Continuity Plan
  • Incident Management And Response Plan
  • Processes, Requirements, And Plans
  • Incident Response, Disaster Recovery And Business Continuity Plans
  • Forensics Procedures And Incident Review Process
  • Conclusion

Certification(s):

This course prepares the student to take the ISACA Certified Information Security Manager (CISM) certification exam.


System Requirements:

Internet Connectivity Requirements:
  • Cable and DSL internet connections are recommended.
Hardware Requirements:
  • Minimum Pentium 400 Mhz CPU or G3 Macintosh. 1 GHz or greater CPU recommended.
  • 256MB RAM minimum. 1 GB RAM recommended.
  • 800x600 video resolution minimum. 1025x768 recommended.
  • Speakers/Headphones to listen to Dialogue steaming audio sessions.
  • A microphone to speak in Dialogue streaming audio sessions.
Operating System Requirements:
  • Windows Vista, 7, 8, 8.1, 9, 10
  • Mac OSX 10 or higher.
  • OpenSUSE Linux 9.2 or higher.
Web Browser Requirements:
  • Google Chrome is recommended.
  • Firefox 13.x or greater.
  • Internet Explorer 6.x or greater.
  • Safari 3.2.2 or greater.
Software Requirements:
  • Adobe Flash Player 6 or greater.
  • Oracle Java 7 or greater.
  • Adobe Reader 7 or greater.
Web Browser Settings:
  • Accept Cookies
  • Disable Pop-up Blocker.


** Outlines are subject to change, as courses and materials are updated. Software is not included with the purchase of the course, unless otherwise specified. Students are responsible for the purchase and installation of the necessary course software. **