Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is a certification offered by ISACA, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance. CISM is an advanced certification that provides validation for individuals who have demonstrated they possess the knowledge and experience required to develop and manage an enterprise information security program. The certification intended for information security managers, aspiring managers or IT consultants who support information security program management
- As the case with the CISM certification exam, the candidates are required to have a minimum of five years of experience in information security...read more
Module 1: Information Security Governance
1.1 C I S M Introduction
1.2 Information Security
1.3 Business Goals Objectives And Functions
1.4 Business Goals And Information Security
1.5 Information Security Threats
1.6 Information Security Management
1.7 Identity Management
1.8 Data Protection
1.9 Network Security
1.10 Personnel Security
1.11 Facilty Security
1.12 Security Complianceand Standards
1.13 Information Security Strategy
1.14 Inputs And Outputs Of The Informtion Security Strategy
1.15 Processes In An Information Security Strategy
1.16 People In An Information Security Strategy
1.17 Technologies In An Information Security Strategy
1.18 Logical And Physical Information Security Strategy Architectures
1.19 Information Security And Business Functions
1.20 Information Security Policies And Enterprise Objectives
1.21 International Standards For The Security Management
1.22 I S O- I E C27000 Standards
1.23 International Info Government Standards
1.24 Information Security Government Standards In The United States
1.25 Methods Of Coordinating Information Security Activities
1.26 How To Develop An Information Security Strategy
1.27 Information Security Governance
1.28 Role Of The Security In Governance
1.29 Scope Of Information Security Governance
1.30 Charter Of Information Security Governance
1.31 Information Security Governance And Enterprise Governance
1.32 How To Align Information Security Strategy With Corporate Governance
1.33 Regulatory Requirements And Information Security
1.34 Business Impact Of Regulatory Requirements
1.35 Liability Management
1.36 Liability Management Strategies
1.37 How To Identify Legal And Regulatory Requirements
1.38 Business Case Development
1.39 Budgetary Reporting Methods
1.40 Budgetary Planning Strategy
1.41 How To Justify Investment In InfOSecurity
1.42 Organizational Drivers
1.43 Impact Of Drivers On InfOSecurity
1.44 Third Party Relationships
1.45 How To Identify Drivers Affecting The Organization
1.46 Purpose Of Obtaining Commitment To InfOSecurity
1.47 Methods For Obtaining Commitment
1.48 I S S G
1.49 I S S G Roles And Responsibilities
1.50 I S S G Operation
1.51 How To Obtain Senior Managements Commitment To InfOSecurity
1.52 InfOSecurity Management Roles And Responsibilities
1.53 How To Define Roles And Responsibilities For InfOSecurity
1.54 The Need For Reporting And Communicating
1.55 Methods For Reporting In An Organization
1.56 Methods Of Communication In An Organization
1.57 How To Establish Reporting And Communicating Channels
Module 2: Risk Management
2.2 Risk Assessment
2.3 Info Threat Types
2.4 Info Vulnerabilities
2.5 Common Points Of Exposure
2.6 InfOSecurity Controls
2.7 Types Of InfOSecurity Controls
2.8 Common InfOSecurity Countermeasures
2.9 Overview Of The Risk Assessment Process
2.10 Factors Used In Risk Assessment And Analysis
2.11 Risk Assessment Methodologies
2.12 Quantitative Risk Assessment- Part1
2.13 Quantitative Risk Assessment- Part2
2.14 Qualitative Risk Assessment
2.15 Hybrid Risk Assessment
2.16 Best Practices For InfOSecurity Management
2.17 Gap Analysis
2.18 How To Implement An Info Risk Assessment Process
2.19 Info Classification Schemas
2.20 Components Of Info Classification Schemas
2.21 Info Ownership Schemas
2.22 Components Of Info Ownership Schemas
2.23 Info Resource Valuation
2.24 Valuation Methodologies
2.25 How To Determine Info Asset Classification And Ownership
2.26 Baseline Modeling
2.27 Control Requirements
2.28 Baseline Modeling And Risk Based Assessment Of Control Requirements
2.29 How To Conduct Ongoing Threat And Vulnerability Evaluations
2.30 B I As
2.31 B I A Methods
2.32 Factors For Determining Info Resource Sensitivity And Critically
2.33 Impact Of Adverse Events
2.34 How To Conduct Periodic B I As
2.35 Methods For Measuring Effectiveness Of Controls And Countermeasures
2.36 Risk Mitigation
2.37 Risk Mitigation Strategies
2.38 Effect Of Implementing Risk Mitigation Strategies
2.39 Acceptable Levels Of Risk
2.40 Cost Benefit Analysis
2.41 How To Identify And Evaluate Risk Mitigation Strategies
2.42 Life Cycle Processes
2.43 Life Cycle- Based Risk Management
2.44 Risk Management Life Cycle
2.45 Business Life Cycle Processes Affected By Risk Management
2.46 Life Cycled- Based Risk Management Principles And Practices
2.47 How To Integrate Risk Management Into Business Life Cycle Processes
2.48 Significant Changes
2.49 Risk Management Process
2.50 Risk Reporting Methods
2.51 Components Of Risk Reports
2.52 How To Report Changes In Info Risk
Module 3: Information Security Program Development
3.1 InfOSecurity Strategies
3.2 Common InfOSecurity Strategies
3.3 InfOSecurity Implementation Plans
3.4 Conversation Of Strategies Into Implementation Plans
3.5 InfOSecurity Programs
3.6 InfOSecurity Program Maintenance
3.7 Methods For Maintaining An InfOSecurity Program
3.8 Succession Planning
3.9 Allocation Of Jobs
3.10 Program Documentation
3.11 How To Develop Plans To Implement An InfOSecurity Strategy
3.12 Security Technologies And Controls
3.13 Cryptographic Techniques
3.14 Symmetric Cryptography
3.15 Public Key Cryptography
3.17 Access Control
3.18 Access Control Categories
3.19 Physical Access Controls
3.20 Technical Access Controls
3.21 Administrative Access Controls
3.22 Monitoring Tools
3.23 I D Ss
3.24 Anti- Virus Systems
3.25 Policy- Compliance Systems
3.26 Common Activities Required In InfOSecurity Programs
3.27 Prerequisites For Implementing The Program
3.28 Implementation Plan Management
3.29 Types Of Security Controls
3.30 InfOSecurity Controls Development
3.31 How TOSpecify InfOSecurity Program Activities
3.32 Business Assurance Function
3.33 Common Business Assurance Functions
3.34 Methods For Aligning InfOSecurity Program With Business Assurance Functions
3.35 How To Coordinate InfOSecurity Programs With Business Assurance Functions
3.36 S L As
3.37 Internal Resources
3.38 External Resources
3.39 Services Provided By External Resources- Part1
3.40 Services Provided By External Resources- Part2
3.41 Skills Commonly Required For InfOSecurity Program Implementation
3.42 Identification Of Resources And Skills Required For A Particular Implementation
3.43 Resource Acquisition Methods
3.44 Skills Acquisition Methods
3.45 How To Identify Resources Needed For InfOSecurity Program Implementation
3.46 InfOSecurity Architectures
3.47 The S A B S A Model For Security Architecture
3.48 Deployment Considerations
3.49 Deployment Of InfOSecurity Architectures
3.50 How To Develop InfOSecurity Architectures
3.51 InfOSecurity Policies
3.52 Components Of InfOSecurity Policies
3.53 InfOSecurity Policies And The InfOSecurity Strategy
3.54 InfOSecurity Policies And Enterprise Business Objectives
3.55 InfOSecurity Policy Development Factors
3.56 Methods For Communicating InfOSecurity Policies
3.57 InfOSecurity Policy Maintenance
3.58 How To Develop InfOSecurity Policies
3.59 InfOSecurity Awareness Program Training Programs And Education Programs
3.60 Security Awareness Training And Education Gap Analysis
3.61 Methods For Closing The Security Awareness Training And Education Gaps
3.62 Security- Based Cultures And Behaviors
3.63 Methods For Establishing And Maintaining A Security- Based Culture In The Enterprise
3.64 How To Develop InfOSecurity Awareness Training And Education Programs
3.65 Supporting Documentation For InfOSecurity Policies
3.66 Standards Procedures Guidelines And Baselines
3.67 Codes Of Conduct
3.68 N D As
3.69 Methods For Developing Supporting Documentation
3.70 Methods For Implementing Supporting Documentation And For Communicating Supporting Documentation
3.71 Methods For Maintaining Supporting Documentation
3.72 C And A
3.73 C And A Programs
3.74 How To Develop Supporting Documentation For InfOSecurity Policies
Module 4: Information Security Program Implementation
4.1 Enterprise Business Objectives
4.2 Integrating Enterprise Business Objectives And InfOSecurity Policies
4.3 Organizational Processes
4.4 Change Control
4.5 Merges And Acquisitions
4.6 Organizational Processes And InfOSecurity Policies
4.7 Methods For Integrating InfOSecurity Policies And Organizational Processes
4.8 Life Cycle Methodologies
4.9 Types Of Life Cycle Methodologies
4.10 How To Integrate InfOSecurity Requirements Into Organizational Processes
4.11 Types Of Contracts Affected By InfOSecurity Programs
4.12 Joint Ventures
4.13 Outsourced Provides And InfOSecurity
4.14 Business Partners And InfOSecurity
4.15 Customers And InfOSecurity
4.16 Third Party And InfOSecurity
4.17 Risk Management
4.18 Risk Management Methods And Techniques For Third Parties
4.19 S L As And InfOSecurity
4.20 Contracts And InfOSecurity
4.21 Due Diligence And InfOSecurity
4.22 Suppliers And InfOSecurity
4.23 Subcontractors And InfOSecurity
4.24 How To Integrate InfOSecurity Controls Into Contracts
4.25 InfOSecurity Metrics
4.26 Types Of Metrics Commonly Used For InfOSecurity
4.27 Metric Design Development And Implementation
4.28 Goals Of Evaluating InfOSecurity Controls
4.29 Methods Of Evaluating InfOSecurity Controls
4.30 Vulnerability Testing
4.31 Types Of Vulnerability Testing
4.32 Effects Of Vulnerability Assessment And Testing
4.33 Vulnerability Correction
4.34 Commercial Assessment Tools
4.35 Goals Of Tracking InfOSecurity Awareness Training And Education Programs
4.36 Methods For Tracking InfOSecurity Awareness Training And Education Programs
4.37 Evaluation Of Training Effectiveness Relevance
4.38 How To Create InfOSecurity Program Evaluation Metrics
Module 5: Information Security Program Management
5.1 Management Metrics
5.2 Types Of Management Metrics
5.3 Data Collection
5.4 Periodic Reviews
5.5 Monitoring Approaches
5.6 K P Is
5.7 Types Of Measurements
5.8 Other Measurements
5.9 InfOSecurity Reviews
5.10 The Role Of Assurance Providers
5.11 Comparing Internal And External Assurance Providers
5.12 Line Management Technique
5.14 Staff Management
5.16 How To Manage InfOSecurity Program Resources
5.17 Security Policies
5.18 Security Policy Components
5.19 Implementation Of InfOSecurity Policies
5.20 Administrative Processes And Procedures
5.21 Access Control Types
5.22 A C M
5.23 Access Security Policy Principles
5.24 Identity Management And Compliance
5.25 Authentication Factors
5.26 Remote Access
5.27 User Registration
5.29 How To Enforce Policy And Standards Compliance
5.30 Types Of Third Party Relationships
5.31 Methods For Managing InfOSecurity Regarding Third Parties
5.32 Security Service Providers
5.33 Third Party Contract Provisions
5.34 Methods To Define Security Requirements In S L As Security Provisions
5.35 How To Enforce Contractual InfOSecurity Controls
5.36 S D L C
5.37 Code Development
5.38 Common Techniques For Security Enforcement
5.39 How To Enforce InfOSecurity During Systems Development
5.41 Methods Of Monitoring Security Activities
5.42 Impact Of Change And Configuration Management Activities
5.43 How To Maintain InfOSecurity Within An Organization
5.44 Due Diligence Activities
5.45 Types Of Due Diligence Activities
5.46 Reviews Of Info Access
5.47 Standards Of Managing And Controlling Info Access
5.48 How To Provide InfOSecurity Advice And Guidance
5.49 InfOSecurity Awareness
5.50 Types Of InfOSecurity Stakeholders
5.51 Methods Of Stakeholder Education
5.52 Security Stakeholder Education Process
5.53 How To Provide InfOSecurity Awareness And Training
5.54 Methods Of Testing The Effectiveness Of InfOSecurity Control
5.55 The Penetration Testing Process
5.56 Types Of Penetration Testing
5.57 Password Cracking
5.58 Social Engineering Attacks
5.59 Social Engineering Types
5.60 External Vulnerability Reporting Sources
5.61 Regulatory Reporting Requirements
5.62 Internal Reporting Requirements
5.63 How To Analyze The Effectiveness Of InfOSecurity Controls
5.64 Noncompliance Issues
5.65 Security Baselines
5.66 Events Affecting The Security Baseline
5.67 InfOSecurity Problem Management Process
5.68 How To Resolve Noncompliance Issues
Module 6: Incident Management and Response
6.1 Incident Response Capability
6.2 Components Of Incident Response
6.3 B C P
6.4 B I A Phase
6.6 D R P
6.7 Alternate Sites
6.8 Develop A B C P
6.9 Develop A D R P
6.10 M T D
6.11 R P O
6.12 R T O
6.13 Data Backup Strategies
6.14 Data Backup Types
6.15 Data Restoration Strategies
6.16 Info Incident Management Practices
6.17 I R P
6.18 Trigger Events And Types Of Trigger Events
6.19 Methods Of Containing Damage
6.20 How To Develop An I R P
6.21 Escalation Process
6.22 Notification Process
6.23 I R T
6.24 Crisis Communication
6.25 How To Establish An Escalation Process
6.26 Internal Reporting Requirements
6.27 External Reporting Requirements
6.28 Communication Process
6.29 How To Develop A Communication Process
6.30 I R P And D R P
6.31 I R P And B C P
6.32 Methods Of Identifying Business Resources Essential To Recovery
6.33 How To Integrate An I R P
6.34 Role Of Primary I R T Members And Role Of Additional I R T Members
6.35 Response Team Tools And Equipment
6.36 How To Develop I R Ts
6.37 B C P Testing
6.38 Disaster Recovery Testing
6.39 Schedule Disaster Recovery Testing
6.40 Refine I R P
6.41 How To Test An I R P
6.42 Damage Assessment
6.43 Business Impacts Caused By Security Incidents
6.44 How To Manage Responses To InfOSecurity Incidents
6.45 Computer And Digital Forensics
6.46 Forensic Requirements For Responding To InfOSecurity Incidents
6.47 Evidence Life Cycle
6.48 Evidence Collection
6.49 Evidence Types
6.50 Five Common Rules Of Evidence
6.51 Chain Of Custody
6.52 How To Investigate An InfOSecurity Incident
6.53 P I R Methods
6.54 Security Incident Review Process
6.55 Investigate Cause Of A Security Incident
6.56 Identify Corrective Actions
6.57 Reassess Security Risks After A Security Incident
6.58 How To Conduct A Post- Incident Review
6.59 Pre Test- Test Strategy
6.60 Post Test
What learning resources are included?
Expert-led Video Courses
Our courses are video-based, expert instructor-led E-Learning, set in an advanced self-study format with enhanced user controls which offer a much better learning experience compared to traditional classroom training.
Unlike classroom-based training, you can play, pause, forward, rewind and repeat courses and learn at your own pace – anytime, anywhere.
Also included in the videos are demonstrations and visual presentations that allow students to develop their skills, based on real-world scenarios.
Our courses combine proven learning methodologies with the latest technology, ensuring that you have the tools you need to succeed and that you get the most value from your IT training investment.
Each course includes quizzes that measure your skills growth as you progress through your course as well as assess your readiness before you take the official certification exam. This allows you to gain confidence in preparation for the exam and helps ensure that you pass the exam the first time around.
Flash Cards & Educational Games
Students learn in different ways using different learning tools. That is why, in addition to the course videos and quizzes, we provide Flash Cards and Education Games for our courses. This will allow you to train in ways that keep you engaged and focused. Each course has dozens of Flash Cards so you can sharpen your skill-sets throughout your training as well as educational games designed to ensure optimized retention levels of the material.
Navigation & Controls
Our self-paced training programs are designed in a modular fashion that allows you the flexibility to work with expert level instruction anytime, anywhere. All courses are arranged in defined sections with navigation controls allowing you to control the pace of your training.
Each course contains a discussion-board section where students can engage with one another. Ask questions, get advice and join in-group conversations as it relates to the particular course.
For how long will I be able to access the course?
The standard subscription period is one year. This can sometimes be longer, depending on if you have purchased courses on a promotion that specifically provides a longer access period.
If the access period is longer than one year, it will be indicated in the promotion.
Who presents the courses?
We only use the industry’s finest instructors. They have a minimum of 15 years’ experience, are subject matter experts in their fields and hold all the qualifications that are relevant to the particular certification.
Our instructors not only prepare you for your exams but also provides practical examples and scenarios based on real-world experience.
What Are The Requirements?
All our courses require an acumen for information technology, basic knowledge of computers, and experience in working with Microsoft Windows and internet browsers. All courses are presented in English and a good knowledge and understanding of English is essential.
In addition, each individual certification program has its own academic requirements. The prerequisite knowledge and experience required for each certification is available on the website of the respective certification vendor (CompTIA, Microsoft, Cisco etc.). It is of paramount importance that you ensure that you meet all the requirements (as set-out on the certification vendor’s website) before you enroll in a course.
- A laptop or desktop computer with Microsoft Windows
- An internet browser (Google Chrome, Internet Explorer, Firefox) that is up to date
- High-speed/broadband internet access
- Speakers or earphones
Can I view a course before I buy?
Yes. If you would like to view a demo of the course, please contact us and we will arrange an access to a demo for you.
What if I am not happy with the course I have purchased?
If for any reason you are not satisfied with your purchase, we will give you your money back – no hassle and no questions asked. Our refund policy is valid for 10 days from the date of your purchase and applies to all course purchases. To request a refund, simply contact us and we will process your refund within 24 hours.
What else do I need to know?
- This is an online course - classroom training is not included.
- You will only receive a qualification – from the relevant vendor - once you have passed the official international certification exam(s).
- For detailed information on specific exam requirements, prerequisites, costs and other information, please visit the respective certification vendor’s website (CompTIA, Microsoft, Cisco etc.).
- International certification centres – Prometric, VUE, CertiPort and others - depending on the particular vendor and certification, administer the official exams.
- The cost of exams are not included in the course fees.
- This course does not include Live Labs. Live Labs are available as stand-alone programs and in our CertKit’s where courses and labs are combined as bundles.
Why get certified?
Get a Job
Certification holds significant benefits for organizations – increasing your chances to gain employment and securing a career towards success.
- Teams are trained to consistent skills levels.
- Certification provides a recognised benchmark of skills that can be aligned to organisational skills frameworks.
- Certificated people are typically more productive and work to consistent standards. A recent survey by Novell found that certification can reduce downtime, because staff members have the skills needed to cope with issues as they arise - and that certified people made more use of a product's advanced features and could deploy new products with greater ease.
- More reliable project completion: a Microsoft survey showed that when 60% of a team is Microsoft-certified, 80% of projects are delivered on time and within budget, compared to just 40% when only 25% of the team is certified.
- Gaining certifications can be aligned to performance-related pay.
- Certification ensures that knowledge has been retained.
- Greater customer satisfaction (internal and external customers).
- Lower staff turnover.
A professional certification sets a person apart as someone who is exceptional, who really knows his/her job. Gaining a professional certification is not easy - but then again, it is not meant to be. Sixty four per cent of IT recruiters rate certifications as having extremely high or high value in validating the skills and expertise of job candidates. (CompTIA, Employer Perceptions of IT Training and Certification, January 2011). Some of the benefits to individuals include:
- Certified people are more employable: according to an IDC white paper, "Sixty-three percent of hiring managers believe certified individuals are more productive than their non-certified counterparts."
- You could earn more: a survey of MCPs by IDC found that 43% got a pay rise after gaining their certification.
- Some certifications make you part of a professional network, for example, Microsoft Certified Professionals belong to a community that only they can access.
Professional certifications (whether IT or not) have been with us more than two decades - and, during that time, there has been considerable research undertaken to assess the benefits of certification.
Key findings from 'Measuring the pulse of the IT industry' - research undertaken by CompTIA:
- 56% of managers consider CompTIA certification to be an important factor when hiring people and 34% go as far as to require it.
- 53% of managers would offer a higher salary to a job candidate with CompTIA certification.
- 74% of managers say that CompTIA certification is an important factor in considering a person for promotion.
- 78% of managers believe that CompTIA certification is an important step in validating an employee's skills.
- 53% of managers feel that having CompTIA-certified employees makes the organisation more attractive to business partners and clients.
- A help desk with certified professionals can handle 11% more phone calls and 28% more field service calls, with a lower staff turnover rate (16% versus 24%).
- Fewer certified staff are required to manage a network, resulting in lower salary costs.
Key findings from 'Financial Benefits to Supporters of Microsoft Professional Certification', a report by market research company IDC:
- Companies with Microsoft Certified Professionals experienced shorter server downtimes and greater productivity in the help-desk function, which more than paid for the direct and indirect costs associated with certification.
- The cost of certification in an average organisation is recouped in about four months. Its supporting survey showed that Microsoft Certified Professionals are more productive than non-certified support staff.
Key findings from an IDC study, 'Benefits and Productivity Gains Realised through IT Certification':
- Certified professionals handled 40% more support calls per person, per day, than non-certified staff.
- Companies that advocated for certification reported 49% less downtime than companies that did not.
- For the majority of companies, the savings from increased effectiveness paid the costs of certification in fewer than 9 months.