Certified Information Security Manager (CISM)

Course Content:

Lesson 1: Information Security Governance
Develop an Information Security Strategy
Align Information Security Strategy with Corporate Governance
Identify Legal and Regulatory Requirements
Justify Investment in Information Security
Identify Drivers Affecting the Organization
Obtain Senior Management Commitment to Information Security
Define Roles and Responsibilities for Information Security
Establish Reporting and Communication Channels

Lesson 2: Information Risk Management
Implement an Information Risk Assessment Process
Determine Information Asset Classification and Ownership
Conduct Ongoing Threat and Vulnerability Evaluations
Conduct Periodic BIAs
Identify and Evaluate Risk Mitigation Strategies
Integrate Risk Management into Business Life Cycle Processes
Report Changes in Information Risk

Lesson 3: Information Security Program Development
Develop Plans to Implement an Information Security Strategy
Security Technologies and Controls
Specify Information Security Program Activities
Coordinate Information Security Programs with Business Assurance Functions
Identify Resources Needed for Information Security Program Implementation
Develop Information Security Architectures
Develop Information Security Policies
Develop Information Security Awareness, Training, and Education Programs
Develop Supporting Documentation for Information Security Policies

Lesson 4: Information Security Program Implementation
Integrate Information Security Requirements into Organizational Processes
Integrate Information Security Controls into Contracts
Create Information Security Program Evaluation Metrics

Lesson 5: Information Security Program Management
Manage Information Security Program Resources
Enforce Policy and Standards Compliance
Enforce Contractual Information Security Controls
Enforce Information Security During Systems Development
Maintain Information Security Within an Organization
Provide Information Security Advice and Guidance
Provide Information Security Awareness and Training
Analyze the Effectiveness of Information Security Controls
Resolve Noncompliance Issues

Lesson 6: Incident Management and Response
Develop an Information Security Incident Response Plan
Establish an Escalation Process
Develop a Communication Process
Integrate an IRP
Develop IRTs
Test an IRP
Manage Responses to Information Security Incidents
Perform an Information Security Incident Investigation
Conduct Post-Incident Reviews
 

Prerequisites:

Basic knowledge of computer hardware, software and operating systems. Should have a minimum of nine months or more of professional computer support experiences as a PC or help desk technician.