Certified Information Security Manager (CISM) Training Outline
This CISM training course covers the following areas:
Domain 1: Information Security Governance
Module 1: Introduction to Information Security Governance
- About Information Security Governance
- Reason for Security Governance
- Security Governance Activities and Results
- Business Alignment
- Risk Appetite
- Roles and Responsibilities
- Monitoring Responsibilities
- Information Security Governance Metrics
- Security Balanced Scorecard
- Business Model for Information Security
- Zachman Framework
Module 2: Security Strategy Development
- Strategy Objectives
- Control Frameworks
- Risk Objectives
- Strategy Resources
- Strategy Development
- Strategy Constraints
Domain 2: Information Risk Management
Module 3: Risk Management Concepts
- Risk Management Concepts
- Importance of Risk Management
- Outcomes of Risk Management
- Risk Management Technologies
Module 4: Implementing a Risk Management Programme
- Risk Management Strategy
- Risk Management Framework
- R I M S
- RIMS Report
- FRAP Facilitated Risk Management
- Risk Management Context
- Gap Analysis
- External Support
Module 5: Risk Management Life Cycle
- Risk Management Methodologies
- Asset Identification and Valuation
- Asset Classification
- Asset Valuation
- Threat Identification
- Vulnerability Identification
- Risk Identification
- Risk Analysis Techniques and Considerations
Module 6: Operational Risk Management
- Risk Management Objectives
- Risk Management and Business Continuity Planning
- Third-Party Risk Management
- Risk Register
- Integration of Risk Management into Other Processes
- Risk Monitoring and Reporting
- Key Risk Indicators
- Training and Awareness
- Risk Documentation
Domain 3: Information Security Programme Development and Management
Module 7: Information Security Programmes
- Introduction to Information Security Programme
- Outcomes
- Charter
- Information Security Management Frameworks
- Information Security Architecture
Module 8: Security Programme Management
- Risk Management
- Risk Management Programme
- Risk Treatment
- Audit and Reviews
- Third-Party Risk Management
Module 9: Security Programme Operations
- Event Monitoring
- Vulnerability Management
- Security Engineering and Development
- Network Protection
- Endpoint Protection and Management
- Identity and Access Management
- Security Incident Management
- Security Awareness Training
- Managed Security Service Providers
- Data Security
- Cryptography
- Symmetric Key Algorithms
Module 10: IT Service Management
- Service Desk
- Incident Management
- Problem Management
- Change Management
- Configuration Management
- Release Management
- Service Levels Management
- Financial Management
- Capacity Management
- Service Continuity Management
- Availability Management
- Asset Management
Module 11: Controls
- Internal Control Objectives
- Information Systems Control Objectives
- General Computing Controls
- Control Frameworks
- Controls Development
- Control Assessment
Module 12: Metrics and Monitoring
- Types of Metrics
- Audiences
- Continuous Improvement
Domain 4: Information Security Incident Management
Module 13: Security Incident Response Overview
- Phases of Incident Response
Module 14: Incident Response Plan Development
- Objectives
- Maturity
- Resources
- Roles and Responsibilities
- Gap Analysis
- Plan Development
Module 15: Responding to Security Incidents
- Detection
- Initiation
- Evaluation
- Recovery
- Remediation
- Closure
- Post-Incident Review
Module 16: Business Continuity and Disaster Recovery Planning
- Business Continuity Planning
- Disaster
- Disaster Recovery Planning
- Testing BC and DR Planning