Certified Information Security Manager (CISM)

40 Hours / 12 Months / Self-Paced

Course Overview:

The ISACA Certified Information Security Manager (CISM) exam is designed to certify the competency of security professionals to manage designs; oversee and assess an enterprise’s information security. The exam covers competency in the following domains: Information Security Governance; Information Security; Incident Management; Information Risk Management and Compliance; Information Security Program Development and Management.

Course Outline:

Lesson 1: Information Security Governance
  • Security Strategy
  • Information Security Governance framework
  • Integrating security governance into corporate governance
  • Security Policies: standards, procedures, and guidelines
  • Business cases to support investments
  • Internal and external influences on information security strategy
  • Management and other stakeholder commitment
  • Roles and Responsibilities
  • Measuring the effectiveness of the information security strategy
Lesson 2: Information Risk Management and Compliance
  • Information asset classification
  • Risk management, assessments, vulnerability assessments and threat analyses
  • Risk treatment options
  • Manage risk of noncompliance
  • Information security controls
  • Current and desired risk levels: Gap analysis
  • Monitoring risk
Lesson 3: Information Security Program Development and Management
  • Alignment of IS program with information security strategy
  • Information security manager's role and responsibilities in alignment
  • Information security frameworks
  • Information security architectures
  • Evaluating the effectiveness and efficiency of the IS program
  • Integrating the IS program with IT processes
  • Integrating the IS program into contracts and activities of third parties
  • Controls and countermeasures
  • Security Program Metrics and Monitoring
Lesson 4: Information Security Incident Management
  • Organizational definition and severity hierarchy for security incidents
  • Incident response plan
  • Processes for timely identification
  • Testing and review
  • Investigating and documenting information security incidents
  • Integration of incident response plan, disaster recovery plan and business continuity plan
Lesson 5: Video Tutorials
  • Introduction
  • Information Security Threats, Management, And Protection
  • Security Compliance And Strategy
  • Business Functions And Policies
  • Security Standards, Activities, And Strategy Development
  • Information Security Governance Framework
  • Regulatory Requirements And Liability Management
  • Business Case, Budgetary Reporting Methods And Planning Strategy
  • Organizational Drivers And Their Impacts
  • Commitment To Info Security
  • Management Roles And Responsibilities
  • Reporting And Communicating
  • Risks Assessment
  • Information: Classification, Ownership, And Resource Valuation
  • Baseline And BIAs
  • Risk: Countermeasures, Mitigation Strategies, And Life Cycle
  • Risk: Management And Reporting
  • Information Security Strategies And Programs
  • Security Technologies, Cryptography, And Access Controls
  • Monitoring Tools, Security Programs And Controls
  • Business Assurance Function And SLAs
  • Resources, Services, And Skills
  • Security Architecture, Model, And Deployment
  • Info Security: Policies, Awareness And Training Programs
  • Documentation
  • Organizational Processes
  • Contracts, Joint Ventures, Business Partners And Customers
  • Third Parties, Suppliers, And Subcontractors
  • Info Security Metrics
  • Goals And Methods Of Evaluating Info Security Controls
  • Vulnerability
  • Assessment Tools And Tracking Info Security Awareness Training And Education Programs
  • Evaluation And Management Metrics
  • Data Collection, Reviews, And Measurement
  • Assurance Providers, Line Management, Budgeting, And Staff Management
  • Facilities And Program Resources
  • Security Policy, Administrative Processes, And Procedures
  • Access Control, Access Security Policy Principles, And Identity Management
  • Authentication, Remote Access And User Registration
  • Procurement And Enforcing Policy Standard and Compliance
  • Third Party Relationships
  • SLAs, SDLC, And Security Enforcement
  • Maintenance, Monitoring, And Configuration Management
  • Maintaining Info Security And Due Diligence Activities
  • Info Access, Security Advice, Guidance, And Awareness
  • Stakeholders
  • Testing Info Security Control
  • Noncompliance Issues And Security Baselines
  • Incident Response And Continuity Of Operations
  • Disaster Recovery And Business Continuity Plan
  • Incident Management And Response Plan
  • Processes, Requirements, And Plans
  • Incident Response, Disaster Recovery And Business Continuity Plans
  • Forensics Procedures And Incident Review Process
  • Conclusion

Certification(s):

This course prepares the student to take the ISACA Certified Information Security Manager (CISM) certification exam.


System Requirements:

Internet Connectivity Requirements:
  • Cable and DSL internet connections are recommended.

Hardware Requirements:
  • Minimum Pentium 400 Mhz CPU or G3 Macintosh. 1 GHz or greater CPU recommended.
  • 256MB RAM minimum. 1 GB RAM recommended.
  • 800x600 video resolution minimum. 1025x768 recommended.
  • Speakers/Headphones to listen to Dialogue steaming audio sessions.
  • A microphone to speak in Dialogue streaming audio sessions.
Operating System Requirements:
  • Windows Vista, 7, 8, 8.1, 9, 10
  • Mac OSX 10 or higher.
  • OpenSUSE Linux 9.2 or higher.
Web Browser Requirements:
  • Google Chrome is recommended.
  • Firefox 13.x or greater.
  • Internet Explorer 6.x or greater.
  • Safari 3.2.2 or greater.
Software Requirements:
  • Adobe Flash Player 6 or greater.
  • Oracle Java 7 or greater.
  • Adobe Reader 7 or greater.
Web Browser Settings:
  • Accept Cookies
  • Disable Pop-up Blocker.


**Outlines are subject to change, as courses and materials are updated.**