Certified Information Security Manager - CISM Course

The Certified Information Security Manager® is the most prestigious global qualification available for information security managers today, and the fastest growing with nearly six thousand certifications since being introduced in 2002. CISM is more than an entry-level certification. It is specifically developed for the information security professional who has acquired experience working on the front lines of information security or managing those who do. Individuals with five years or more of experience managing information security will find CISM tailored to their expertise and the increasing global demand for high standards of certified professionalism.

Delegates will achieve 2 main objectives:

1) They will have the skills and knowledge of the core competencies required of a world class information security professional whether planning to sit for the examination or not, they will have gained this in a structured learning environment.

2) They will have gained the knowledge required for, and have thoroughly prepared for the certification examination in systematic way.

Security professionals with 3-5 years of front-line experience.

Topics covered on the 3 day Certified Information Security Manager - CISM course

Information Security Governance

• Develop information security strategy to align with business strategy and direction
• Obtain senior management commitment and support for information security across the entire enterprise
• Define information security governance roles and responsibilities
• Establish reporting and communication channels regarding information security governance activities

Risk Management

• Develop a systematic, analytical, and continuous risk management process
• Understand and implement risk identification, analysis, and mitigation activities
• Define and prioritize risk mitigation strategies
• Appropriately report changes in risk to the correct levels of management on a periodic and event-driven basis

Information Security Program Management

• Create and maintain plans for implementing a carefully designed information security governance framework
• Develop information security baselines from organizational needs, as well as international standards
• Develop guidelines and procedures for integrating security risk management into business processes
• Develop procedures and guidelines for the IT infrastructure that comply with senior-level information security policies
• Ensure security is effectively incorporated into the organizations established change management processes
• Effectively integrate information security policies, guidelines, procedures, and accountability into the organization’s culture

Legal Issues

• Manage security risk from contracts; transfer risk with contracts
• Understand information security compliance issues resulting from Sarbanes-Oxley

Information Technology Deployment Risks

• Properly align IT strategic planning with organizational strategic planning
• Control risk within software development or acquisition projects

IT Management Risks

• How to position information security management within the organization
• Control IT security risk relating to IT funding

IT Networks and Telecommunications Risks

• Manage risk associated with social engineering, physical infrastructure threats, malicious code, and software vulnerabilities

Integrating Information Security into Business Continuity, Disaster Recovery, and Incident Response

• Develop and implement processes for identifying, detecting, and analyzing security-related events procedures
• Organize, train, and properly equip response teams