Certified Information Security Manager - CISM
Course Code: CS09
Course Objective
- Use the knowledge gained in a practical manner beneficial to your organization.
- Establish and maintain an Information security governance framework to achieve your organization
- goals and objectives.
- Manage Information risk to an acceptable level to meet the business and compliance requirements.
- Establish and maintain information security architectures (people, process, technology) .
- Integrate information security requirements into contracts and activities of third parties/ suppliers.
- Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact.
Target Audience
- This course is designed specifically for information security professionals who are preparing to take the CISM exam.
Course Outline
Information Security Governance
- Establish and maintain an information security strategy, and align the strategy with corporate
- governance.
- Establish and maintain an information security governance framework.
- Establish and maintain information security policies.
- Identify internal and external influences to the organization.
- Obtain management commitment.
- Define roles and responsibilities.
- Establish, monitor, evaluate, and report metrics.
Information Risk Management and Compliance
- Establish a process for information asset classification and ownership.
- Identify legal, regulatory, organizational, and other applicable requirements.
- Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted periodically.
- Determine appropriate risk treatment options.
- Evaluate information security controls.
- Identify the gap between current and desired risk levels.
- Integrate information risk management into business and IT processes.
- Report noncompliance and other changes in information risk.
Information Security Program Development and Management
- Establish and maintain the information security program.
- Ensure alignment between the information security program and other business functions.
- Identify, acquire, manage, and define requirements for internal and external resources.
- Establish and maintain information security architectures.
- Establish, communicate, and maintain organizational information security standards, procedures, and guidelines.
- Establish and maintain a program for information security awareness and training.
- Integrate information security requirements into organizational processes.
- Integrate information security requirements into contracts and activities of third parties.
- Establish, monitor, and periodically report program management and operational metrics.
Information Security Incident Management
- Establish and maintain an organizational definition of, and severity hierarchy for, information
- security incidents.
- Establish and maintain an incident response plan.
- Develop and implement processes to ensure the timely identification of information security
- incidents.
- Establish and maintain processes to investigate and document information security incidents.
- Establish and maintain incident escalation and notification processes.
- Organize, train, and equip teams to effectively respond to information security incidents.
- Test and review the incident response plan periodically.
- Establish and maintain communication plans and processes.
- Conduct post-incident reviews.
- Establish and maintain integration among the incident response plan, disaster recovery plan, and business continuity plan.
Register for this course
Date & Location