Description

Certified Information Security Manager (CISM), an ISACA Certification, demonstrates your information security management expertise. The uniquely management-focused CISM promotes international security practices and recognizes the individual who manage designs, and oversees and assesses an enterprise’s information security. The course is updated to keep pace with rapid changes in the management, design, oversight, and assessment of information security.

Chapter 1: Information Security Governance

Section 1: Overview

• Domain Definition
• Task and Knowledge Statements

Section 2: Content

• Introduction
• Information Security Governance Overview
• Effective Information Security Governance
• Roles and Responsibilities
• Risk Management Roles and Responsibilities
• Governance of Third-party Relationships
• Information Security Governance Metrics
• Information Security Strategy Overview
• Information Security Strategy Objectives
• Determining the Current State of Security
• Information Security Strategy Development
• Strategy Resources
• Strategy Constraints
• Action Plan to Implement Strategy
• Information Security Program Objectives
• Case Study

Chapter 2: Information Risk Management

Section 1: OVerview

• Domain Definition
• Task and Knowledge Statements

Section 2: Content

• Introduction
• Risk Management Overview
• Risk Management Strategy
• Effective Information Risk Management
• Information Risk Management Concepts
• Implementing Risk Management
• Risk Assessment and Analysis Methodologies
• Risk Assessment
• Information Asset Classification
• Operational Risk Management
• Third-party Service Providers
• Risk Management Integration with Life Cycle Processes
• Security Control Baselines
• Risk Monitoring and Communication
• Training and Awareness
• Documentation
• Case Study

Chapter 3: Information Security Program Development and Management

Section 1: Overview

• Domain Definition
• Task and Knowledge Statements

Section 2: Content

• Introduction
• Information Security Program Management Overview
• Information Security Program Objective
• Information Security Program Concepts
• Scope and Charter of an Information Security Program
• The Information Security Management Framework
• Information Security Framework Components
• Defining an Information Security Program Roadmap
• Information Security Infrastructure and Architecture
• Architecture Implementation
• Security Program Management and Administrative Activities
• Security Program Services and Operational Activities
• Controls and Countermeasures
• Security Program Metrics and Monitoring
• Common Information Security Program Challenges
• Case Study

Chapter 4: Information Security Incident Management

Section 1: OVerview

• Domain Definition
• Task and Knowledge Statements

Section 2: Content

• Introduction
• Incident Management Overview
• Incident Response Procedures
• Incident Management Organization
• Incident Management Resources
• Incident Management Objectives
• Incident Management Metrics and Indicators
• Defining Incident Management Procedures
• Current State of Incident Response Capability
• Developing an Incident Response Plan
• Business Continuity and Disaster Recovery Procedures
• Testing Incident Response and Business Continuity/Disaster Recovery Plans
• Executing Response and Recovery Plans
• Postincident Activities and Investigation
• Case Study

General Information

• Requirements for Certification
• Description of the Exam
• Registration for the CISM Exam
• CISM Program Accreditation Renewed Under ISO/IEC 10724:2012
• Preparing for the CISM Exam
• Types of Exam Questions
• Administration of the Exam
• Sitting for the Exam
• Budgeting Time
• Rules and Procedures
• Grading the CISM Exam and Receiving Results