CISM
Certified Information Security Manager
Certified Information Security Manager CISM
4.5
853 enrolled on this course
Last updated Oct 2023
CISM Course Features/USP/Highlights
32 Hours of Instructor Led Training
Certified and Experienced Instructors
Session recording access
Study materials and exam prep questions
CISM Practice Questions
Target Audience of CISM Certification
- IT Managers
- Cybersecurity Analysts/Consultants
Prerequisites of CISM Certification Training
CISM Exam and Certification information
The Certified Information Security Manager (CISM) exam consists of 150 questions covering 4 job practice domains, all testing your knowledge and ability on real-life job practices leveraged by expert professionals.
- Duration – 4 hours
- Questions – 150 MCQ type
- Passing score – 450 or above (The exam scores on a scale between 200 and 800)
- Exam Location - The PSI testing location is either a testing center or online remoted proctored.
CISM Certification Journey
Course Outline
A–ENTERPRISE GOVERNANCE
- Organizational Culture
- Legal, Regulatory and Contractual Requirements
- Organizational Structures, Roles and Responsibilities
B–INFORMATION SECURITY STRATEGY
- Information Security Strategy Development
- Information Governance Frameworks and Standards
- Strategic Planning (e.g., Budgets, Resources, Business Case)
A–INFORMATION SECURITY RISK ASSESSMENT
- Emerging Risk and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Assessment and Analysis
B–INFORMATION SECURITY RISK RESPONSE
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Risk Monitoring and Reporting
A–INFORMATION SECURITY PROGRAM DEVELOPMENT
- Information Security Program Resources (e.g., People, Tools, Technologies)
- Information Asset Identification and Classification
- Industry Standards and Frameworks for Information Security
- Information Security Policies, Procedures and Guidelines
- Information Security Program Metrics
B–INFORMATION SECURITY PROGRAM MANAGEMENT
- Information Security Control Design and Selection
- Information Security Control Implementation and Integrations
- Information Security Control Testing and Evaluation
- Information Security Awareness and Training
- Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)
- Information Security Program Communications and Reporting
A–INCIDENT MANAGEMENT READINESS
- Incident Response Plan
- Business Impact Analysis (BIA)
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Incident Classification/Categorization
- Incident Management Training, Testing and Evaluation
B–INCIDENT MANAGEMENT OPERATIONS
- Incident Management Tools and Techniques
- Incident Investigation and Evaluation
- Incident Containment Methods
- Incident Response Communications (e.g., Reporting, Notification, Escalation)
- Incident Eradication and Recovery
- Post-Incident Review Practices
Student feedback
Reviews