Certified Information Security Manager

There are no prerequisites to learn CISM from this tutorial. However, to get the CISM certification you need to:

• Pass the CISM examination
• Submit an application for CISM certification
• Pay a $50 application fee directly to ISACA
• Adhere to the Code of Professional Ethics
• Dedicate to the Continuing Professional Education Program
• Compliance with the Information Security Standards

The examination is open to all individuals who have an interest in information security. A minimum of 5 years of professional information systems auditing, control or security work experience is required for the CISM certification.

This CISM course will give you the requisite skillsets to design, deploy and manage security architecture for your organisation. The course is aligned with ISACA best practices and is designed to help you pass the CISM exam on your first attempt. Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification, and it is considered essential to ongoing education and career development. This course will see that you are well-equipped to manage the ongoing security, compliance and governance of your IT organisation.

QACISM Domains Weight:

Domain 1: Information Security Governance (17%)
Domain 2: Information Risk Management (20%)
Domain 3: Information Security Program Development and Management (33%)
Domain 4: Information Security Incident Management (30%)

This CISM training course covers the following areas:

• Introduction to Certified Information Security Manager (CISM)
• Objectives and Expectations
• What is Information Security?
• The Goals of Information Security
• Principles for Information Security Professionals

Domain 1 – Information Security Governance

• Introduction to Information Security Governance
• Effective Information Security Governance
• Governance and Third Party Relationships
• Information Security Metrics
• Information Security Governance Metrics
• Information Security Strategy
• Information Security Strategy Development
• Strategy Resources and Constraints
• Other Frameworks
• Compliances
• Action Plans to Implement Strategy
• Governance of Enterprise IT

Domain 2 – Information Risk Management and Compliance

• Information Risk Management
• Risk Management Overview
• Risk Assessment
• Information Asset Classification
• Assessment Management
• Information Resource Valuation
• Recovery Time Objectives
• Security Control Baselines
• Risk Monitoring
• Training and Awareness
• Information Risk Management Documentation

Domain 3 – Information Security Program Development and Management

• Information Security Program Management Overview
• Information Security Program Objectives
• Information Security Program Concepts
• Information Security Program Technology Resources
• Information Security Program Development
• Information Security Program Framework
• Information Security Program Roadmap
• Enterprise Information Security Architecture (EISA)
• Security Program Management and Administration
• Security Program Services and Operational Activities
• Controls
• Security Program Metrics and Monitoring
• Measuring Operational Performance
• Common Information Security Program Challenges

Domain 4 – Information Security Incident Management

• Incident Management Overview
• Incident Management Procedures
• Incident Management Resources
• Incident Management Objectives
• Incident Management Metrics and Indicators
• Defining Incident Management Procedures
• Business Continuity and Disaster Recovery Procedures
• Post Incident Activities and Investigation
• ISACA Code of Professional Ethics
• Laws and Regulations
• Policy Versus Law Within an Organisation
• Ethics and the Internet IAB
• Certified Information Security Manager