Certified Information Security Manager (CISM)
The components of the training program include:
• 5 Days (40 Hours)
Organizations increasingly reliant on complex information systems to conduct their business must ensure information security officers have the expertise to adequately manage growing IT threats and risks. The CISM certification helps address this issue by ensuring recipients have the breadth and depth of knowledge to plan, implement and maintain a security program that will adequately protect the organization at an acceptable cost.
Until recently, effective security management has been low on the list of priorities of most organizations but the advent of increasingly costly and troublesome security compromises coupled with a host of new regulations has started to reverse the situation. This has led to recognition that security management must be an integral part of overall organizational governance and can’t be merely an afterthought.
Traditionally, security has been treated as a set of specialties with little consideration given to strategy or management. Operational processes have generally evolved organically over time with little integration or thought of security. To the extent these processes have been designed, the focus has been to expedite the process, not ensure it’s security, robustness or manageability. Ad hoc, reactionary tactical solutions to security issues have been the norm. With growing awareness that these solutions of the past are inadequate to deal with evolving and ever more sophisticated threats, ISACA has paved the way toward improving security management by initiating the CISM program. Developed specifically for experienced information security managers and those who have information security management responsibilities, this course provides intense comprehensive training focused on competently preparing you to successfully complete the CISM exam. Thoroughly test your knowledge as you learn to apply it to real-world scenarios.
Check back often for updates or send us an email at training@TASCManagement.com so we can notify you of upcoming courses.
Experienced information security managers and those who have information security management responsibilities. Individuals who are currently, or will be, working in an IS security position such as Departmental/Corporate or functional Information System Security Officers, IS security advisors, System Security Certifiers, System Security Accreditors, System Security Auditors, or security practitioner.
Knowledge needed to manage, design, oversee, and assess an information security function within an organization.
• Required Prerequisite(s): None
Information Security Governance
Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
• Information Security Strategy
• Management Commitment
• Roles and Responsibilitieshttps://www.tascmanagement.com/staging/wp-admin/media-upload.php?post_id=5734&type=image&TB_iframe=1
• Communication Channels
• Legal and Regulatory Issues
• Security Policies and Standards
• Procedures and Guidelines
• Value Analysis
Identify and manage information security risks to achieve business objectives.
Risk Management and Information Security
• Integration into Life Cycle Processes
• Risk Identification and Analysis Methods
• Mitigation Strategies and Prioritization
• Reporting Changes to Management
• Information Security Program Management
Design and develop an information security program to implement the information security governance framework.
• Security Baselines
• Business Processes
• Infrastructure – Key Concepts for Architectures and Technologies
• Life Cycles
• Impact on End Users
• Security Metrics
• Managing Internal and External Resources
• Information Security Management
Oversee and direct information security activities to execute the information security program.
• Security Policies
• Security Procedures
• Trading Partners and Service Providers
• Security Metrics and Monitoring
• The Change Management Process
• Vulnerability Assessments
• Resolution of Non-Compliance Issues
• Culture, Behavior, and Security Awareness
• Response Management
Develop and manage a capability to respond to and recover from disruptive and destructive information security events.
• Response Processes
• Developing Response and Recovery Plans
• Testing Response and Recovery Plans
• Executing Response and Recovery Plans
• Documenting Events
• Post Event Reviews
The review course covers the core sections and a series of sample exam questions that provides participants with a “feel” of the format and the types of questions encountered on the CISM exam. The correct answers of each question are also reviewed for a better understanding of expectations of the ISACA Certification Board. This intensive course is an ideal way to prepare for the exam. Participants gain valuable experience reviewing these core sections and answering sample exam questions with an experienced instructor while strengthening their skills and building confidence.
The CISM certification requires passing the Certified Information Security Manager Exam� (CISM) and proof of at least five years of information security work experience, with at least three years of information security management work experience in three or more of the job practice analysis areas.