This Course is available in the following format:
CISM Certification Training | Certified Information Security Manager Training – Hands-on
Get ready for the CISM exam with our top-quality CISM Certification Training preparation course
Information Systems Audit and Control Association (ISACA) provides three testing opportunities each year, so we developed this CISM Certification Training exam prep course to help you get it right the first time. The CISM Certification Training course focuses on advanced risk management and specific compliance and security management operations.
Interested in group training toward 8570.1 compliance? This CISM Certification Training course can be a component of our 8570.1 Training Solution that can also include assessments, certification preparation and program management, post training and testing, 8570 compliance tracking and reporting, and continuing education.
CISM Related Courses
• CISA Training | Certified Information Systems Auditor Training
• CISM Training | Certified Information Security Manager Training
• CISSP Training | Certified Information Systems Security Professional Training
• CompTIA Cybersecurity Analyst+ Training | CSA+ Certification Training
• CompTIA Security+ Certification Training
• We can adapt this CISM Certification Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this CISM Certification Training or Certified Information Security Manager Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the CISM Certification Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the CISM Certification Training course in manner understandable to lay audiences.
Audience / Target Group:
The target audience for this CISM Certification Training course:
• Experienced information security managers and those who have information security management responsibilities, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers. This CISM Certification Training is only intended for individuals preparing for the CISM Certification exam.
CISM Certification Training – Prerequisites:
The knowledge and skills that a learner must have before attending this CISM Certification Training course are:
• Cybersecurity Specialization: Architecture and Policy
• Cybersecurity Specialization: Governance, Risk, and Compliance
CISM Certification Training – Objectives:
This official CISM Certification Training seminar has a total of six primary sections. All six sections will collectively help you prepare for the CISM certification exam while also enhance your overall competencies in information security management. The six primary sections you will cover are the following:
• General Exam Information
• CISM Domain 1: Information Security Governance
• CISM Domain 2: Information Risk Management
• CISM Domain 3: Information Security Program Development and Management
• CISM Domain 4: Information Security Incident Management
• Exam Practice / Preparation (Sample Exam)
Participants in the CISM Certification Training program will be provided instruction designed to provide the following:
• An understanding of the format and structure of the CISM certification exam.
• A knowledge of the various topics and technical areas covered by the exam.
• Practice with specific strategies, tips, and techniques for taking and passing the exam.
• Opportunities to execute practice questions with debriefs of answers.
CISM Certification Training – Course Syllabus:
Domain 1: Information Security Governance
• Develop an information security strategy, aligned with business goals and directives.
• Establish and maintain an information security governance framework.
• Integrate information security governance into corporate governance.
• Develop and maintain information security policies.
• Develop business cases to support investments in information security.
• Identify internal and external influences to the organization.
• Gain ongoing commitment from senior leadership and other stakeholders.
• Define, communicate and monitor information security responsibilities
• Establish internal and external reporting and communication channels.
Domain 2: Information Risk Management
• Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
• Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
• Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and at appropriate times, to identify and assess risk to the organization’s information.
• Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
• Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
• Facilitate the integration of information risk management into business and IT processes to enable a consistent and comprehensive information risk management program across the organization.
• Monitor for internal and external factors (e.g., threat landscape, cybersecurity, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately.
• Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
• Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.
Domain 3: Information Security Program Development & Management
• Develop a security program, aligned with information security strategy
• Ensure alignment between the information security program and other business functions
• Establish and maintain requirements for all resources to execute the IS program
• Establish and maintain IS architectures to execute the IS program
• Develop documentation that ensures compliance with policies
• Develop a program for information security awareness and training
• Integrate information security requirements into organizational processes
• Integrate information security requirements into contracts and activities of third parties
• Develop procedures (metrics) to evaluate the effectiveness and efficiency of the IS program
• Compile reports to key stakeholders on overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.
Domain 4: Information Security Incident Management
• Define (types of) information security incidents
• Establish an incident response plan
• Develop processes for timely identification of information security incidents
• Develop processes to investigate and document information security incidents
• Develop incident escalation and communication processes
• Establish teams that effectively respond to information security incidents
• Test and review the incident response plan
• Establish communication plans and processes
• Determine the root cause of IS incidents
• Align incident response plan with DRP and BCP.
Certification & Compliance:
• The Certified Information Security Manager® (CISM®) certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise’s information security (IS).
• The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential.
• The CISM job practice also defines a global job description for the information security manager and a method to measure existing staff or compare prospective new hires.
CISM Frequently Asked Questions:
Why is getting certified an important part of a career as an Information Security Manager?
Earning a high level certification like the CISM demonstrates a working knowledge not just of the security systems practitioner’s use, but management of security professionals as well. Hard data also shows that Certified Information Security Managers earn a higher salary than their non-certified counterparts.
What are the Pre-Requirements for taking the CISM?
In order to receive the CISM certification, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work. This work experience must be gained within a ten-year time period before the application date for certification—or within five years of originally passing the exam.
What qualifies as information security management experience?
The information security management field is broad and, out of necessity, often encompasses many duties within the security profession. Due to this, ISACA has defined four categories within their Job Task Analysis in order to narrow down their definition of what constitutes as information security management work. CISM candidates must perform the designated tasks within at least 3 of these 4 categories. Click here to see ISACA’s breakdown of their Job Task Analysis domains.
How does the CISM examination process work?
As of 2017, the CISM is administered digitally. The format is multiple choice, with questions delivered one-at-a-time, giving you the option to flag more difficult ones to return to later. While it is multiple choice, some questions may have more than one correct answer. In these instances, the test-taker must select the answer that they believe is most correct. The exam lasts around 4 hours, and includes 150 questions.
How is the CISM related to the DoD 8570?
The Department of Defense (DoD) Directive 8570 requires anyone seeking a government job to hold certain certifications before they can be hired in a position related to information security. The CISM fulfills the DoD 8570’s requirements.
What material is covered on the CISM exam?
The CISM exam covers four domains that are weighted as follows: Information Security Governance (24%), Information Risk Management and Compliance (30%), Information Security Program Development and Management (27%), and Information Security Incident Management (19%).
How is the CISM certification different from other comparable security certifications?
The CISM is unique in its focus on management and meeting experience requirements. While other certifications are focused on tech skills or platform/product-specific knowledge, the CISM targets professionals who have progressed beyond the role of practitioner.
How does the CISM Experience Waiver work?
Certain experience substitutions can be used to satisfy the Information Security work experience requirement. However, none of these waivers satisfy any portion of the 3-year Information Security Management requirement.
How long is the CISM certification valid after you pass the test, and what are the renewal requirements?
The CISM certification remains valid if holders comply with the continuing education policy of completing and reporting 20 CPE (Continuing Professional Education) hours annually and paying the CISM maintenance fee.