Course Introduction
CISM(Certified Information Security Manager) is ISACA’s professional certification for senior managers who are responsible for leading, planning, and managing the security of an enterprise’s comprehensive information systems.
It is not an elementary-level professional certification. CISM for information security managers and information security management responsibilities of professional design can improve the level of safety management information system of enterprise overall, to the senior management to ensure that, with CISM qualified personnel with professional knowledge and the ability to provide effective security management and consulting, business-oriented, applies knowledge management of the business, solving safety problems of technology, and to emphasize information risk management concept.
Actually, it is not intended for information systems auditors but is helpful for information systems auditors who have experience and responsibility in information systems management.
Certification Authority
The international information systems auditing association ISACA, with more than 115,000 members in 180 countries, assists business and information technology leaders in creating reliable, value-generating information and information systems. Founded in 1969, ISACA provides a trusted resource of knowledge, community, standards, and career development for all professionals in the fields of information systems audit, forensics, risk management, privacy, and governance around the world. ISACA offers Cybersecurity NexusTM, a comprehensive professional resource for cyber-security professionals.
The knowledge System
Chapter 1: Information Security Governance (24%)
Chapter 2: Information Risk Management and Compliance (33%)
Chapter 3: Information Security Project Development and Management (25%)
Chapter 4: Information Security Incident Management (18%)
Training Target
CIO IT manager; Information security management personnel; Information security consultant for IT technical personnel; Personnel working in the field of information security; Risk management personnel development personnel; Other IT-related technical personnel, etc.
Information Security Governance (24%)
Establish an information security governance structure to ensure that information security policy are aligned with business objectives while complying with legal, regulatory and regulatory requirements:
Overview of information security governance
Effective information security governance
Information security concepts and techniques
Governance and third party relationships
Information security governance measures
An overview of information security strategies
Develop an information security strategy
Information security strategic objectives
Determine risk status
Information security strategy development
Strategic resources
Strategic restrictions
Strategic Action Plan
Implementing security governance – Example
Medium-term goals of the action plan
Information security project group goals
Information Risk Management and Compliance(33%)
Establish an information security risk management system to meet the requirements of laws and regulations:
Summary of Risk Management
Risk management strategy
Effective information security risk management
Information security risk concept
Implement risk management
Risk assessment and analysis methods
The risk assessment
Information resource pricing
Recovery Time Goal (RTO)
Integrate lifecycle-processes
Safety control baseline
Risk monitoring and communication
Training and awareness
Information Security Project Development and Management (25%)
Design, develop, implement and manage information security processes, establish information security management framework:
Overview of the Information Security Project Group
Effective information security project group development
Information security project group concept
Scope and charter of information security project group
Information security management framework
Information security framework components
Define the information security project group roadmap
Information security infrastructure and architecture
Architecture to implement
Safety project group management and administration activities
Security project group services and operations activities
Control and response measures
Security project group measurement and monitoring
Common information security project group challenges
Information Security Incident Management (18%)
Establish information security incident management process, respond to emergencies and restore:
Event Management Overview
Event Response Steps
Incident Management Organization
Incident Management Resources
Event Management Objectives
Event management metrics and metrics
Define event management steps
Status of incident response capabilities
Develop an event response plan
Business continuity and disaster recovery steps
Test event response and business continuity/disaster recovery plans
Execute response and recovery plans
Post-incident activities and investigation
Preparation Data
CISM Review Manua 2016 CISM Review Questions, Answers & Explanations Manual 2016 CISM Review Questions, Answers & Explanations Manual 2016 Supplement
The ISACA Certification Exam Guide
It includes candidate information on exam registration dates and deadlines, as well as important candidate details on the day-to-day administration of the exam.
Its publication is available at www.isaca.org/examguide.
It describes the following certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Corporate Information Technology Governance (CGEIT) and Risk and Information Systems Monitoring CRISC.
