CISM® — Certified Information Security Manager in United Kingdom

This course focuses on developing the skills necessary to become a Certified Information Security Manager (CISM®), with an emphasis on emerging technologies such as artificial intelligence and blockchain.

Why should you attend?

The Certified Information Security Manager (CISM®) validates your ability to assess risks, implement effective governance, and proactively respond to incidents. With a focus on emerging technologies such as AI (artificial intelligence) and blockchain, it ensures that your skill set addresses security threats and evolving industry requirements. Addressing top concerns such as data breaches and ransomware attacks, essential for IT professionals, this certification ensures that you stay ahead of the pace of change.

Target audience

  • Professionals preparing to become CISM certified.

  • Individuals certified in CISA or CISSP looking to move into information security management.

  • Professionals in general security management who wish to shift towards information security.

  • Information security managers.

Learning objectives

Upon completion of this course, you will be able to:

• Explain the relationship between executive leadership, enterprise governance, and information security governance.

• Outline the components used to build an information security strategy.

• Explain how the risk assessment process influences the information security strategy.

• Articulate the process and requirements used to develop an effective information risk response strategy.

• Describe the components of an effective information security program.

• Explain the process of building and maintaining an enterprise-level information security program.

• Outline the techniques used to assess the enterprise's capability and readiness to manage an information security incident.

• Outline the methods of measuring and improving response and recovery capabilities.

Requirements for CISM certification

To obtain the CISM certificate, you must have 5 years of experience in information system security within the last 10 years.

Content

Domain 1: Information Security Governance

Enterprise Governance

  • Organizational Culture
  • Legal, Regulatory, and Contractual Requirements
  • Organizational Structures, Roles, and Responsibilities

Information Security Strategy

  • Development of information security strategy
  • Governance frameworks and standards for information
  • Strategic planning (e.g., budgets, resources, business case)

Domain 2: Information Security Risk Management

Information Security Risk Assessment

  • The emerging landscape of risks and threats
  • Vulnerability and control deficiency analysis
  • Risk assessment and analysis

Response to Information Security Risks

  • Risk treatment/response options
  • Risk and control ownership
  • Risk monitoring and reporting

Domain 3: Information Security Program

Development of the Information Security Program

  • Resources for the information security program (e.g., people, tools, technologies)
  • Identification and classification of information assets
  • Industry standards and frameworks for information security
  • Information security policies, procedures, and guidelines
  • Metrics for the information security program

Management of the Information Security Program

  • Design and selection of information security controls
  • Implementation and integration of information security controls
  • Testing and evaluation of information security controls
  • Awareness and training in information security
  • Management of external services (e.g., vendors, suppliers, third parties, fourth parties)
  • Communications and reporting of the information security program

Domain 4: Incident Management

Preparation for Incident Management

  • Incident response plan
  • Business impact analysis (BIA)
  • Business continuity plan (BCP)
  • Disaster recovery plan (DRP)
  • Incident classification/categorization
  • Training, testing, and evaluation of incident management

Incident Management Operations

  • Tools and techniques for incident management
  • Investigation and evaluation of incidents
  • Incident isolation methods
  • Communications in incident response (e.g., reporting, notification, escalation)
  • Incident eradication and recovery
  • Post-incident review practices

What is included in the course fee

  • Official ISACA Training Materials:

The Review Manual, which is a comprehensive reference guide designed to assist individuals in preparing for the CISM exam and to understand the roles and responsibilities of an information systems (IS) auditor.

QAE (Questions, Answers, and Explanations), based on the exam questions, each set of questions and answers includes in-depth explanations for each answer choice, allowing the learner to fully understand the rationale behind each correct and incorrect answer choice.

  • Examination voucher

Exam details

  • Number of questions:  150 questions
  • Duration of the exam:  4 hours
  • Course duration: approximately 16 hours

Course Dates and Prices

Your experience on this site will be improved by allowing cookies.