Certified Information Security Manager
Why should you attend?
The Certified Information Security Manager (CISM®) qualification by ISACA promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security. This training course equips professionals with the knowledge and skills for proficiency in information security management. It also helps in passing the certification examination successfully.
Candidates should expect to gain competencies in the following areas after successful completion of the training course:
Information Security Governance
Information Risk Management and Complia nce
Information Security Program Development and Management
Information Security Incident Management.
Syed Shahzad Tayyeb (CISM)
Who Should Attend ?
Chief Information Officers
Chief Information Security Officers
Security Professionals who are taking or considering taking the CISM examination
Anyone seeking an overall understanding of essential IT security risks and controls.
- Methods to develop an information security strategy
- Relationship among information security and business goals, objectives, functions, processes and practices
- Methods to implement an information security framework
- Fundamental concepts of governance and how they relate to information security
- Integrate information security into corporate governance
- Develop security policies
- Develop business cases with budgetary planning
- Information security management roles and responsibilities
- Methods to select, implement and interpret metrics
- Methods to establish an information asset classification model consistent with business
- Information asset valuation methodologies
- Methods to assign the responsibilities for and ownership of information assets and risk
- Risk assessment and analysis methodologies
- Risk reporting and monitoring requirements
- Risk treatment strategies and methods to apply them
- Techniques for integrating risk management into business and IT processes
- Compliance reporting processes and requirements
- Methods to align information security program requirements with other business functions
- Methods to identify, acquire, manage and define requirements for internal and external resources
- Methods to design information security controls
- Methods to develop information security standards, procedures and guidelines
- Methods to establish and maintain effective information security awareness and training programs
- Methods to integrate information security requirements into organizational processes
- Business continuity planning (BCP) and disaster recovery planning (DRP) and their relationship to the incident response plan
- Incident classification, damage containment, and escalation processes
- Forensic requirements and capabilities for collecting, preserving and presenting evidence
- Post-incident review practices and investigative methods to identify root causes and determine corrective actions