Certified Information Security Manager 

                                                          (CISM)

 

Why should you attend?
The Certified Information Security Manager (CISM®) qualification by ISACA promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security. This training course equips professionals with the knowledge and skills for proficiency in information security management. It also helps in passing the certification examination successfully.  

Learning Objective

Candidates should expect to gain competencies in the following areas after successful completion of the training course:

  • Information Security Governance 

  • Information Risk Management and Complia nce

  • Information Security Program Development and Management

  • Information Security Incident Management.



Course Agenda 

Instructor Profile

Syed Shahzad Tayyeb (CISM)

Who Should Attend ?

  1. Chief Information Officers

  2. Chief Information Security Officers

  3. Security Professionals who are taking or considering taking the CISM examination

  4. Anyone seeking an overall understanding of essential IT security risks and controls.


            Domain 1: Information Security Governance
              -
            Methods to develop an information security strategy
              - Relationship among information security and business goals, objectives, functions, processes and practices
              - Methods to implement an information security framework
              - Fundamental concepts of governance and how they relate to information security
              - Integrate information security into corporate governance
              - Develop security policies
              - Develop business cases with budgetary planning
              - Information security management roles and responsibilities
              - Methods to select, implement and interpret metrics
            Domain 2: Information Risk Management and Compliance
            -
            Methods to establish an information asset classification model consistent with business
            - Information asset valuation methodologies
            - Methods to assign the responsibilities for and ownership of information assets and risk
            - Risk assessment and analysis methodologies
            - Risk reporting and monitoring requirements
            - Risk treatment strategies and methods to apply them
            - Techniques for integrating risk management into business and IT processes
            - Compliance reporting processes and requirements
            Domain 3: Information Security Program Development and Management
            - Methods to align information security program requirements with other business functions
            - Methods to identify, acquire, manage and define requirements for internal and external resources
            - Methods to design information security controls
            - Methods to develop information security standards, procedures and guidelines
            - Methods to establish and maintain effective information security awareness and training programs
            - Methods to integrate information security requirements into organizational processes
            Domain 4: Information Security Incident Management- Incident management concepts and practices
            - Business continuity planning (BCP) and disaster recovery planning (DRP) and their relationship to the incident response plan
            - Incident classification, damage containment, and escalation processes
            - Forensic requirements and capabilities for collecting, preserving and presenting evidence
            - Post-incident review practices and investigative methods to identify root causes and determine corrective actions