Cybersoft:+13012325342info@cybersofttechnologies.com

Certified Information Security Manager

This course provides you with in-depth coverage on the four CISM domains: security governance; risk management and compliance; security program development and management; and security incident management . This course is designed specifically for information security professionals who are preparing to take the CISM exam.

Content

  1. Information Security Governance
    • Establish and maintain an information security strategy, and align the strategy with corporate governance
    • Establish and maintain an information security governance framework
    • Establish and maintain information security policies
    • Develop a business case
    • Identify internal and external influences to the organization
    • Obtain management commitment
    • Define roles and responsibilities
    • Establish, monitor, evaluate, and report metrics
  2. Information Risk Management and Compliance
    • Establish a process for information asset classification and ownership
    • Identify legal, regulatory, organizational, and other applicable requirements
    • Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted periodically
    • Determine appropriate risk treatment options
    • Evaluate information security controls
    • Identify the gap between current and desired risk levels
    • Integrate information risk management into business and IT processes
    • Monitor existing risk
    • Report noncompliance and other changes in information risk
  3. Information Security Program Development and Management
    • Establish and maintain the information security program
    • Ensure alignment between the information security program and other business functions
    • Identify, acquire, manage, and define requirements for internal and external resources
    • Establish and maintain information security architectures
    • Establish, communicate, and maintain organizational information security standards, procedures, and guidelines
    • Establish and maintain a program for information security awareness and training
    • Integrate information security requirements into organizational processes
    • Integrate information security requirements into contracts and activities of third parties
    • Establish, monitor, and periodically report program management and operational metrics
  4. Information Security Incident Management
    • Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents
    • Establish and maintain an incident response plan
    • Develop and implement processes to ensure the timely identification of information security incidents
    • Establish and maintain processes to investigate and document information security incidents
    • Establish and maintain incident escalation and notification processes
    • Organize, train, and equip teams to effectively respond to information security incidents
    • Test and review the incident response plan periodically
    • Establish and maintain communication plans and processes
    • Conduct post-incident reviews
    • Establish and maintain integration among the incident response plan, disaster recovery plan, and business continuity plan

Register For Classes