Security Manager

Certified Information Security Manager

Course Introduction

CISM(Certified Information Security Manager) is ISACA’s professional certification for senior managers who are responsible for leading, planning, and managing the security of an enterprise’s comprehensive information systems.

It is not an elementary-level professional certification. CISM for information security managers and information security management responsibilities of professional design can improve the level of safety management information system of enterprise overall, to the senior management to ensure that, with CISM qualified personnel with professional knowledge and the ability to provide effective security management and consulting, business-oriented, applies knowledge management of the business, solving safety problems of technology, and to emphasize information risk management concept.

Actually, it is not intended for information systems auditors but is helpful for information systems auditors who have experience and responsibility in information systems management.

Certification Authority

The international information systems auditing association ISACA, with more than 115,000 members in 180 countries, assists business and information technology leaders in creating reliable, value-generating information and information systems. Founded in 1969, ISACA provides a trusted resource of knowledge, community, standards, and career development for all professionals in the fields of information systems audit, forensics, risk management, privacy, and governance around the world. ISACA offers Cybersecurity NexusTM, a comprehensive professional resource for cyber-security professionals.

The knowledge System

Chapter 1: Information Security Governance (24%)

Chapter 2: Information Risk Management and Compliance (33%)

Chapter 3: Information Security Project Development and Management (25%)

Chapter 4: Information Security Incident Management (18%)

Training Target

CIO IT manager; Information security management personnel; Information security consultant for IT technical personnel; Personnel working in the field of information security; Risk management personnel development personnel; Other IT-related technical personnel, etc.

Information Security Governance (24%)

Establish an information security governance structure to ensure that information security policy are aligned with business objectives while complying with legal, regulatory and regulatory requirements:

Overview of information security governance

Effective information security governance

Information security concepts and techniques

Governance and third party relationships

Information security governance measures

An overview of information security strategies

Develop an information security strategy

Information security strategic objectives

Determine risk status

Information security strategy development

Strategic resources

Strategic restrictions

Strategic Action Plan

Implementing security governance – Example

Medium-term goals of the action plan

Information security project group goals

Information Risk Management and Compliance(33%)

Establish an information security risk management system to meet the requirements of laws and regulations:

Summary of Risk Management

Risk management strategy

Effective information security risk management

Information security risk concept

Implement risk management

Risk assessment and analysis methods

The risk assessment

Information resource pricing

Recovery Time Goal (RTO)

Integrate lifecycle-processes

Safety control baseline

Risk monitoring and communication

Training and awareness

Information Security Project Development and Management (25%)

Design, develop, implement and manage information security processes, establish information security management framework:

Overview of the Information Security Project Group

Effective information security project group development

Information security project group concept

Scope and charter of information security project group

Information security management framework

Information security framework components

Define the information security project group roadmap

Information security infrastructure and architecture

Architecture to implement

Safety project group management and administration activities

Security project group services and operations activities

Control and response measures

Security project group measurement and monitoring

Common information security project group challenges

Information Security Incident Management (18%)

Establish information security incident management process, respond to emergencies and restore:

Event Management Overview

Event Response Steps

Incident Management Organization

Incident Management Resources

Event Management Objectives

Event management metrics and metrics

Define event management steps

Status of incident response capabilities

Develop an event response plan

Business continuity and disaster recovery steps

Test event response and business continuity/disaster recovery plans

Execute response and recovery plans

Post-incident activities and investigation

Preparation Data

CISM Review Manua 2016 CISM Review Questions, Answers & Explanations Manual 2016 CISM Review Questions, Answers & Explanations Manual 2016 Supplement

The ISACA Certification Exam Guide

It includes candidate information on exam registration dates and deadlines, as well as important candidate details on the day-to-day administration of the exam.

Its publication is available at

It describes the following certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Corporate Information Technology Governance (CGEIT) and Risk and Information Systems Monitoring  CRISC.