Course Overview
The Certified Information Security Manager (CISM) course provides in-depth coverage of the four domains covered on the CISM certification exam: Security Governance; Risk Management and Compliance; Security Program Development and Management; and Security Incident Management. This course provides the knowledge on how to assess risks, implement effective governance and proactively respond to incidents.
Course Outcomes
- Establish and maintain the information security program in alignment with the information security strategy.
- Establish, promote and maintain a program for information security awareness and training.
- Facilitate the integration of information risk management into business and IT processes.
- Report on information security risk, including noncompliance and changes in information risk, to key stakeholders to facilitate the risk management decision-making process.
- Establish and maintain an incident response plan, in alignment with the business continuity plan and disaster recovery plan.
Who Should Attend?
Early to mid-career professionals looking to gain recognition and enhanced credibility in interactions with internal and external stakeholders, regulators, and customers.
Job roles include:
- IT Audit Directors/Managers/Consultants
- IT and Internal Auditors
- Compliance/Risk/Privacy Directors
- IT Directors/Managers/Consultants.
What You’ll Learn
- Prepare for and pass the Certified Information Systems Auditor (CISA) Exam
- Develop and implement a risk-based IT audit strategy in compliance with IT audit standards
- Evaluate the effectiveness of an IT governance structure
- Ensure that the IT organizational structure and human resources (personnel) management support the organization’s strategies and objectives
- Review the information security policies, standards, and procedures for completeness and alignment with generally accepted practices.
Course Outline
Domain 1 – Information System Auditing Process
Topics:
- IS Audit Standards, Guidelines, Functions, and Codes of Ethics
- Types of Audits, Assessments, and Reviews
- Risk-based Audit Planning
- Types of Controls and Considerations
- Audit Project Management
- Audit Testing and Sampling Methodology
- Audit Evidence Collection Techniques
- Audit Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of Audit Process
Domain 2 – Governance and Management of IT
Topics
- Laws, Regulations, and Industry Standards
- Organizational Structure, IT Governance, and IT Strategy
- IT Policies, Standards, Procedures, and Guidelines
- Enterprise Architecture and Considerations
- Enterprise Risk Management (ERM)
- Privacy Program and Principles
- Data Governance and Classification
- IT Resource Management
- IT Vendor Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Domain 3 – Information Systems Acquisition, Development, and Implementation
Topics:
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- System Readiness and Implementation Testing
- Implementation Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Postimplementation Review
Domain 4 – Information Systems Operations and Business Resilience
Topics:
- IT Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces • End-user Computing and Shadow IT
- Systems Availability and Capacity Management
- Problem and Incident Management
- IT Change, Configuration, and Patch Management
- Operational Log Management
- IT Service Level Management
- Database Management
- Business Impact Analysis
- System and Operational Resilience
- Data Backup, Storage, and Restoration
- Business Continuity Plan
- Disaster Recovery Plans
Domain 5 – Protection of Information Assets
Topics:
- Information Asset Security Policies, Frameworks, Standards, and Guidelines
- Physical and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Loss Prevention
- Data Encryption
- Public Key Infrastructure (PKI)
- Cloud and Virtualized Environments
- Mobile, Wireless, and Internet-of-Things Devices
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Logs, Tools, and Techniques
- Security Incident Response Management • Evidence Collection and Forensics
Prerequisites
IT professionals must have 2+ years or more of IS audit, control, assurance and security experience.
Your CISM certification is valid for three years. To maintain the certification, you will need to earn and submit 120 continuing professional education (CPE) credits during the three-year renewal period, with a minimum of 20 CPEs earned annually. This renewal process helps ensure that certified professionals stay up-to-date with the latest developments in information security management.
