|Course: CISM-CERTIFIED INFORMATION SECURITY MANAGER|
Duration: 40 Hours, including exams questions
Delivery: Mainly Classroom by INFOCLUB Ltd, partly online. In collaboration with SECURENET, The IT Security Professionals
Certifications: CISM, from ISACA
Domain 1—Information Security Governance – (24%)
Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.
Information security strategy and organizational goals and objectives
Information security governance framework
Information security policies
Investments in information security.
Commitment from senior leadership and other stakeholders
Information security responsibilities
Key information security metrics
Domain 2—Information Risk Management – (30%)
Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives.
Information asset classification
Legal, regulatory, organizational and other requirements
Risk assessments, vulnerability assessments and threat analyses
Risk treatment/response options
Information security controls
Integration of information risk management into business and IT processes
Internal and external factors
Risk management decision-making process.
Domain 3—Information Security Program Development and Management – (27%)
Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture.
The information security program
Internal and external resources to execute the information security program.
Information security processes and resources
Organizational information security standards, guidelines, procedures
Information security awareness and training
Integrate information security requirements into contracts and activities of third parties
Effectiveness and efficiency of the information security program.
Domain 4— Information Security Incident Management – (19%)
Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact.
Severity hierarchy for, information security incidents
Incident response plan
Incident notification and escalation processes
Respond to information security incidents
Test, review and revise (as applicable) the incident response plan
Communication plans and processes
Post-incident reviews to determine the root cause of information security incidents
Integration among the incident response plan, business continuity plan and disaster recovery plan.
A multi-pronged strategy is used to ensure the best preparation for the exams (this course is not just about doing some lectures):
(i) Lectures are conducted for each topic with the help of SECURENET, the IT Security Professionals
(ii) Each major topic culminates in a number of case studies for candidates to master the subject
(iii) Where appropriate, candidates perform hands-on practical labs
(iv) Candidates use our state of the art Knowledge Base System(KBS) to access our database of over 2500 questions on CISM exams multiple times until they are familiar with the subject. This is partly done online.
(v) A MOCK exams may be conducted before students take the actual exams
(vi) Course materials and additional reading notes are provided in soft copy
You must contact the centre for a an updated quote for this course. Registration and exams fees are also payable to ISACA.