Certified Information Security Manager (CISM)
On Demand $2,495.00
The CISM certification program was developed by ISACA for experienced information security management professionals who have experience developing and managing information security programs and who understand the program’s relationship to the overall business goals. The CISM exam consists of 200 multiple-choice questions that cover the four CISM domains. The American National Standards Institute (ANSI) has accredited the CISM certification program under ISO/IEC 17024:2003, General Requirements for Bodies Operating Certification Systems of Persons.
- Information security management
- Information risk management and compliance
- Information security program development and management
- Information security incident management
At the completion of this course you will be able to:
- Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.
- Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives.
- Develop and maintain an information security program that identifies, manages, and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture.
- Plan, establish, and manage the capability to detect, investigate, respond to, and recover from information security incidents to minimize business impact.
There are no prerequisite requirements for taking the CISM Exam Preparation Course or the CISM exam; however, in order to apply for CISM certification, the candidate must meet the necessary experience requirements determined by ISACA
There are no pre-course reading materials needed for this course although candidates are encouraged to have the ISACA CISM Review Manual available
- Lectures 17
- Quizzes 0
- Duration 40 hours
- Skill level Advance Level
- Language English
- Students 471
- Certificate No
- Assessments Yes
Domain 1 – Information Security Governance
- Explain the need for and the desired outcomes of an effective information security strategy
- Create an information security strategy aligned with organizational goals and objectives
- Gain stakeholder support using business cases
- Identify key roles and responsibilities needed to execute an action plan
- Establish metrics to measure and monitor the performance of security governance
Domain 2 – Information Risk Management
- Explain the importance of risk management as a tool to meet business needs and develop a security management program to support these needs
- Identify, rank, and respond to a risk in a way that is appropriate as defined by organizational directives
- Assess the appropriateness and effectiveness of information security controls
- Report information security risk effectively
Domain 3 – Information Security Program Development and Management
Domain 4 – Information Security Incident Management
- Understand the concepts and practices of Incident Management
- Identify the components of an Incident Response Plan and evaluate its effectiveness
- Understand the key concepts of Business Continuity Planning, or BCP and Disaster Recovery Planning, or DRP
- Be familiar with techniques commonly used to test incident response capabilities