Scribd
Upload
4 views12 pages

CISM Certification Training Version 3

The CISM certification focuses on information security management and is recognized globally as a benchmark of excellence in the field. The course covers various topics including governance, risk management, program development, and incident management, and is aimed at security professionals with relevant experience. Participants will benefit from live training, online simulations, and post-training support to enhance their skills and knowledge in information security management.

Uploaded by

Paul Vince Altonaga Fajardo
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views12 pages

CISM Certification Training Version 3

The CISM certification focuses on information security management and is recognized globally as a benchmark of excellence in the field. The course covers various topics including governance, risk management, program development, and incident management, and is aimed at security professionals with relevant experience. Participants will benefit from live training, online simulations, and post-training support to enhance their skills and knowledge in information security management.

Uploaded by

Paul Vince Altonaga Fajardo
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

CISM

Certified Information Security Manager


Training & Certification

[Link] Version 3.0


12
Course Highlights

32-Hour LIVE ISACA Telegram Group


Instructor-led Premium for Exam Practice
Training Training Partner

Online Test 98% Success Learn from


Simulation for Rate Industry Experts
Self-Assessment

Practical Use Post-Training Access to


Cases, Mock Support till Recorded
Exams & Quizzes Exam Sessions

[Link] Version 3.0


About Course

The CISM certification, which is focused on management, promotes worldwide


security practices and acknowledges the professional who manages, designs,
oversees, and assesses an organization’s information security. The CISM
certification is the worldwide recognized benchmark of excellence in this field, and
the demand for skilled information security management experts is on the rise.

[Link] Version 3.0


Course Objectives

Learn about Enterprise Governance covering the importance of


Information Security Governance, Organizational Culture and Structure,
Legal, Regulatory and Contractual Requirements.
Learn to formulate an Information Security Strategy, create Information
Governance Frameworks and Standards and conduct Strategic Planning.
Learn about the emerging risk and threat landscape, Vulnerability and
Control Deficiency Analysis.
Learn to conduct Risk Analysis, Evaluation and Assessment.
Respond to risk by understanding Risk Treatment/Risk Response Options,
Risk and Control Ownership, Risk Monitoring and Reporting.
Learn how to develop an Information Security Program by utilizing
industry standards and frameworks, Information Security policies,
procedures and guidelines and creating an Information Security Program
Road Map.
Manage an information security program by focusing on different aspects
such as the design, control, implementation, integration, testing,
evaluation and training, communications and reporting.
Assess the incident management readiness of an organization based on
Business Impact Analysis, Business Continuity Plan, Disaster Recovery
Plan, Incident Management Training, Testing and Evaluation.
Learn about Incident Management Operations, Tools and Technologies,
Incident Containment Methods, Incident Eradication and Recovery and
Post-Incident Review Practices.

[Link] Version 3.0


Target Audience

Security Consultants and Managers


IT Directors and Managers
Security Auditors and Architects
Security Systems Engineers
Chief Information Security Officers (CISOs)
Information Security Managers
IS/IT Consultants
Chief Compliance/Privacy/Risk Officers

[Link] Version 3.0


Pre-requisites

The CISM is a desirable certification if you have at least five years of information
security work experience and at least three years of work experience in three or
more job practices analysis areas of information security management. Work
experience must be achieved within 10 years of applying for certification or within
5 years of passing the exam.

The following security-related certifications and management experience in


information systems can be used to replace the required amount of information
security job experience.

Two Years

Certified Information Systems Auditor (CISA) in good standing


Certified Information Systems Security Professional (CISSP) in good
standing
Post-graduate degree in information security or a related field (e.g.,
business administration, information systems, information assurance)

One Year

One full year of information systems management experience


One full year of general security management experience
Skill-based security certifications (e.g., SANS Global Information Assurance
Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA
Security +, Disaster Recovery Institute Certified Business
Continuity Professional (CBCP), ESL IT Security Manager)

Completion of an information security management program at an institution


aligned with the Model Curriculum.

[Link] Version 3.0


Exam Information

Certified Information
Certification
Security Manager (CISM)

Exam Duration 4 Hours

Number of Questions 150 Questions

Exam Pattern Multiple Choice

Passing Marks 450 out of 800

Languages English, Japanese, Korean, Spanish

[Link] Version 3.0


Course Content

Domain 1 Information Security Governance (17%)

ENTERPRISE GOVERNANCE

Organizational Culture
Legal, Regulatory and Contractual Requirements
Organizational Structures, Roles and Responsibilities

INFORMATION SECURITY STRATEGY

Information Security Strategy Development


Information Governance Frameworks and Standards
Strategic Planning (e.g., Budgets, Resources, Business Case)

[Link] Version 3.0


Domain 2 Information Security Risk Management (20%)

INFORMATION SECURITY RISK ASSESSMENT

Emerging Risk and Threat Landscape


Vulnerability and Control Deficiency Analysis
Risk Assessment and Analysis

INFORMATION SECURITY RISK RESPONSE

Risk Treatment / Risk Response Options


Risk and Control Ownership
Risk Monitoring and Reporting

Domain 3 Information Security Program (33%)

INFORMATION SECURITY PROGRAM DEVELOPMENT

Information Security Program Resources (e.g., People, Tools,


Technologies)
Information Asset Identification and Classification
Industry Standards and Frameworks for Information Security
Information Security Policies, Procedures and Guidelines
Information Security Program Metrics

INFORMATION SECURITY PROGRAM MANAGEMENT

Information Security Control Design and Selection


Information Security Control Implementation and Integrations

[Link] Version 3.0


Information Security Control Testing and Evaluation
Information Security Awareness and Training
Management of External Services (e.g., Providers, Suppliers, Third
Parties, Fourth Parties)
Information Security Program Communications and Reporting

Domain 4 Incident Management (30%)

INCIDENT MANAGEMENT READINESS

Incident Response Plan


Business Impact Analysis (BIA)
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
Incident Classification/Categorization
Incident Management Training, Testing and Evaluation

INCIDENT MANAGEMENT OPERATIONS

Incident Management Tools and Techniques


Incident Investigation and Evaluation
Incident Containment Methods
Incident Response Communications (e.g., Reporting, Notification,
Escalation)
Incident Eradication and Recovery
Post-Incident Review Practices

[Link] Version 3.0


Testimonials
Testimonials

[Link] Version 3.0


Contact us Follow us on

[Link]
sales@[Link]
Version 3
[Link] Version 3.0
12

You might also like