CISM Certified Information Security Manager

• Professional Background: While prior experience in information security is not mandatory, a basic understanding of IT infrastructure, network security, and risk management will contribute to a more enriching learning experience. 

• Language Proficiency: Learners must have a strong command of English, as all course content, discussions, and assessments are delivered in English. 

• Interest in Information Security: This course is ideal for professionals seeking to advance their career in information security management, with a focus on building leadership capabilities in securing business-critical information. 

• Understand Information Security Governance: Gain knowledge of the frameworks and practices that are essential for overseeing an organisation’s information security strategy and ensuring compliance with laws and regulations. 

• Master Risk Management Practices: Learn how to assess, identify, and mitigate security risks across business operations, ensuring a proactive and effective security posture. 

• Develop Incident Response and Recovery Plans: Understand how to prepare for and respond to security incidents, ensuring rapid recovery and maintaining business continuity in the event of a breach or disruption. 

• Implement Security Program Management: Learn the processes and methodologies for developing, managing, and enhancing information security programs that align with organisational goals and regulatory requirements. 

The CISM Certified Information Security Manager course is ideal for professionals seeking to enhance their information security management skills. This course is tailored for individuals in the following roles:

Information Security Managers

IT Managers

Risk Managers

Compliance Officers

Security Consultants

Security Analysts

Network Engineers

IT Directors

Corporate Trainers 

Domain 1: Information Security Governance 

Module 1: Introduction to Information Security Governance 

• About Information Security Governance 

• Reason for Security Governance 

• Security Governance Activities and Results 

• Risk Appetite 

• Organisation Culture
   

Module 2: Legal, Regulatory and Contractual Requirements 

• Introduction 

• Requirements for Content and Retention of Business Records
   

Module 3: Organisational Structures, Roles and Responsibilities 

• Roles and Responsibilities 

• Monitoring Responsibilities
   

Module 4: Information Security Strategy Development 

• Introduction 

• Business Goals and Objectives 

• Information Security Strategy Objectives 

• Ensuring Objective and Business Integration 

• Avoiding Common Pitfalls and Bias 

• Desired State 

• Elements of a Strategy
   

Module 5: Information Governance Frameworks and Standards 

• Security Balanced Scorecard 

• Architectural Approaches 

• Enterprise Risk Management Framework 

• Information Security Management Frameworks and Models
   

Module 6: Strategic Planning 

• Workforce Composition and Skills 

• Assurance Provisions 

• Risk Assessment and Management 

• Action Plan to Implement Strategy 

• Information Security Programme Objectives
   

Domain 2: Information Security Risk Management 

Module 7: Emerging Risk and Threat Landscape 

• Risk Identification 

• Threats 

• Defining a Risk Management Framework 

• Emerging Threats 

• Risk, Likelihood and Impact 

• Risk Register
   

Module 8: Vulnerability and Control Deficiency Analysis 

• Introduction 

• Security Control Baselines 

• Events Affecting Security Baselines
   

Module 9: Risk Assessment and Analysis 

• Introduction 

• Determining the Risk Management Context 

• Operational Risk Management 

• Risk Management Integration with IT Life Cycle Management Processes 

• Risk Scenarios 

• Risk Assessment Process 

• Risk Assessment and Analysis Methodologies 

• Other Risk Assessment Approaches 

• Risk Analysis 

• Risk Evaluation 

• Risk Ranking
   

Module 10: Risk Treatment or Risk Response Options 

• Risk Treatment/Risk Response Options 

• Determining Risk Capacity and Acceptable Risk 

• (Risk Appetite) 

• Risk Response Options 

• Risk Acceptance Framework 

• Inherent and Residual Risk 

• Impact 

• Controls 

• Legal and Regulatory Requirements 

• Costs and Benefits
   

Module 11: Risk and Control Ownership 

• Risk Ownership and Accountability 

• Risk Owner 

• Control Owner 
   

Module 12: Risk Monitoring and Reporting 

• Risk Monitoring 

• Key Risk Indicators 

• Reporting Changes in Risk 

• Risk Communication, Awareness and Consulting 

• Documentation
   

Domain 3: Information Security Programme Development and Management 

Module 13: Information Security Programme Resources 

• Introduction 

• Information Security Programme Objectives 

• Information Security Programme Concepts 

• Common Information Security Programme Challenges 

• Common Information Security Programme Constraints
   

Module 14: Information Asset Identification and Classification 

• Information Asset Identification and Valuation 

• Information Asset Valuation Strategies 

• Information Asset Classification 

• Methods to Determine Criticality of Assets and Impact of Adverse Events
   

Module 15: Industry Standards and Frameworks for Information Security 

• Enterprise Information Security Architectures 

• Information Security Management Frameworks 

• Information Security Frameworks Components
   

Module 16: Information Security Policies, Procedures, and Guidelines 

• Policies 

• Standards 

• Procedures 

• Guidelines
   

Module 17: Information Security Programme Metrics 

• Introduction 

• Effective Security Metrics 

• Security Programme Metrics and Monitoring 

• Metrics Tailored to Enterprise Needs
   

Module 18: Information Security Control Design and Selection 

• Introduction 

• Managing Risk Through Controls 

• Controls and Countermeasures 

• Control Categories 

• Control Design Considerations 

• Control Methods
   

Module 19: Security Programme Management 

• Risk Management 

• Risk Management Programme 

• Risk Treatment 

• Audit and Reviews 

• Third-Party Risk Management
   

Module 20: Security Programme Operations 

• Event Monitoring 

• Vulnerability Management 

• Security Engineering and Development 

• Network Protection 

• Endpoint Protection and Management 

• Identity and Access Management 

• Security Incident Management 

• Security Awareness Training 

• Managed Security Service Providers 

• Data Security 

• Cryptography 

• Symmetric Key Algorithms
   

Module 21: IT Service Management 

• Service Desk 

• Incident Management 

• Problem Management 

• Change Management 

• Configuration Management 

• Release Management 

• Service Levels Management 

• Financial Management 

• Capacity Management 

• Service Continuity Management 

• Availability Management 

• Asset Management
   

Module 22: Controls 

• Internal Control Objectives 

• Information Systems Control Objectives 

• General Computing Controls 

• Control Frameworks 

• Controls Development 

• Control Assessment
   

Module 23: Metrics and Monitoring 

• Types of Metrics 

• Audiences 

• Continuous Improvement
   

Domain 4: Information Security Incident Management 

Module 24: Security Incident Response Overview 

• Phases of Incident Response
   

Module 25: Incident Response Plan Development 

• Objectives 

• Maturity 

• Resources 

• Roles and Responsibilities 

• Gap Analysis 

• Plan Development
   

Module 26: Responding to Security Incidents 

• Detection 

• Initiation 

• Evaluation 

• Recovery 

• Remediation 

• Closure 

• Post-Incident Review
   

Module 27: Business Continuity and Disaster Recovery Planning 

• Business Continuity Planning 

• Disaster 

• Disaster Recovery Planning 

• Testing BC and DR Planning