Certified Information Security Manager
(CISM)
Why should you attend?
The Certified Information Security Manager (CISM®) qualification by
ISACA promotes international security practices and recognizes the
individual who manages designs, and oversees and assesses an
enterprise’s information security. This training course equips
professionals with the knowledge and skills for proficiency in
information security management. It also helps in passing the
certification examination successfully.
Learning Objective
Candidates should expect to gain competencies in the following areas after successful completion of the training course:
-
Information Security Governance
-
Information Risk Management and Complia nce
-
Information Security Program Development and Management
-
Information Security Incident Management.
Course Agenda
Instructor Profile
Syed Shahzad Tayyeb (CISM)
Who Should Attend ?
-
Chief Information Officers
-
Chief Information Security Officers
-
Security Professionals who are taking or considering taking the CISM examination
-
Anyone seeking an overall understanding of essential IT security risks and controls.
- Methods to develop an information security strategy
- Relationship among information security and business goals, objectives, functions, processes and practices
- Methods to implement an information security framework
- Fundamental concepts of governance and how they relate to information security
- Integrate information security into corporate governance
- Develop security policies
- Develop business cases with budgetary planning
- Information security management roles and responsibilities
- Methods to select, implement and interpret metrics
- Methods to establish an information asset classification model consistent with business
- Information asset valuation methodologies
- Methods to assign the responsibilities for and ownership of information assets and risk
- Risk assessment and analysis methodologies
- Risk reporting and monitoring requirements
- Risk treatment strategies and methods to apply them
- Techniques for integrating risk management into business and IT processes
- Compliance reporting processes and requirements
- Methods to align information security program requirements with other business functions
- Methods to identify, acquire, manage and define requirements for internal and external resources
- Methods to design information security controls
- Methods to develop information security standards, procedures and guidelines
- Methods to establish and maintain effective information security awareness and training programs
- Methods to integrate information security requirements into organizational processes
- Business continuity planning (BCP) and disaster recovery planning (DRP) and their relationship to the incident response plan
- Incident classification, damage containment, and escalation processes
- Forensic requirements and capabilities for collecting, preserving and presenting evidence
- Post-incident review practices and investigative methods to identify root causes and determine corrective actions