CISM (Certified Information Security Manager)

The CISM Training course is an intensive five-day exam preparation course that is designed to ensure professionals are prepared for the (CISM) exam.  There is no prerequisite requirements for taking the CISM course or the CISM exam; however, in-order-to apply for the CISM certification, the candidate must meet the following requirements as determined by ISACA.  Five or more years of experience in information security management, Waivers are available for a maximum of two years, good Knowledge and understanding of information security architecture and technology and previous managerial experience is helpful but not required.

CISM Training in Cape Town, Johannesburg, Pretoria & Durban

The CISM training course will familiarize you with the Objectives needed in order to complete the CISM exam, this course is most likely to have a preferred audience of Information security practitioners, Information security consultants, Information security managers, Security professionals, including those aspiring to attain the CISM designation.

  • Information Security Governance
  • Information Risk Management
  • Information Security Program Development and Management
  • Information Security Incident Management
Course Duration Price ZAR(ex vat) Price USD
CISM Training 5 days R $
  • Lunch, refreshments and training material included.
  • Class start at 9:00am for 9:30am
  • South Africa training locations: Johannesburg, Cape Town, Durban
  • Global training locations: USA, Candana, UK, Dubai, Europe

Audience

This course is intended for individuals who manage, design, oversee and assess an enterprises information security which includes, but is not limited to the following job roles: Information security practitioners, Information security consultants, Information security managers and Security professionals, including those aspiring to attain the CISM designation.

Introduction

The CISM course is designed to prepare professionals for the Certified Information Security Manager (CISM) exam.   This course is intended for individuals with familiarity with and experience in information security management.  As information becomes more readily available and accessible the associated security threats and risks have increased and so has the importance of ensuring that an enterprises information is therefore protected.   It is now more important than ever for executives to ensure that their IT security managers have the expertise they need to reduce risk and protect the enterprise.

CISM Course Outline

Domain 1:
Information Security Governance

  • Establish and/or maintain an information security strategy in alignment with organizational goals.
  • Establish and maintain information security policies to guide the development of standards.
  • Develop business cases to support investments in information security.
  • Identify internal and external influences to the organization.
  • Gain ongoing commitment from senior leadership.
  • Define, communicate, and monitor information security responsibilities throughout the organization.
  • Establish, monitor, evaluate and report key information.

Domain 2:
Information Risk Management

  • Information Risk Management.
  • Establish and/or maintain a process for information asset classification.
  • Identify legal, regulatory, organizational and other applicable risk requirements.
  • Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently.
  • Identify, recommend or implement appropriate risk treatment/response options to manage risk.
  • Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
  • Facilitate the integration of information risk management into business and IT processes.
  • Monitor for internal and external factors (e.g., Key Risk Indicators [KRIs], threat landscape, geopolitical, regulatory change).
  • Report noncompliance and other changes in information risk to facilitate risk management.
  • Ensure that information security risk is reported to senior management.

Domain 3:
Information Security Program Development and Management

  • Establish and/or maintain the information security program.
  • Align the information security program with the operational objectives of other business functions.
  • Identify, acquire and manage requirements for internal and external resources.
  • Establish and maintain information security processes and resources.
  • Establish, communicate and maintain organizational information security standards.
  • Establish, promote and maintain a program for information security awareness.
  • Integrate information security requirements into organizational processes.
  • Integrate information security requirements into contracts and activities of third parties.
  • Establish, monitor and analyze program management and operational metrics.
  • Compile and present reports to key stakeholders on the activities.

Domain 4:
Information Security Incident Management

  • Establish and maintain an organizational definition of and severity hierarchy for, information security incidents.
  • Establish and maintain an incident response plan to ensure an effective and timely response.
  • Develop and implement processes to ensure the timely identification of information security
    incidents.
  • Establish and maintain processes to investigate and document information security incidents.
  • Establish and maintain incident notification and escalation processes.
  • Organize, train and equip incident response teams to respond to information security incidents.
  • Test, review and revise (as applicable) the incident response plan periodically.
  • Establish and maintain communication plans and processes to manage communication with internal and external entities.
  • Conduct post incident reviews to determine the root cause of information security incidents.
  • Establish and maintain integration among the incident response plan.