The Information Security Management course (based on the ISACA CISM) prepares
participants to obtain the Certified Information Security Manager® (CISM)
certification. The course covers all four CISM domains, and each section corresponds
directly to the CISM Exam.
After this course, you will be able to:
• Explain the relationship between executive leadership, enterprise governance and
information security governance.
• Outline the components used to build an information security strategy.
• Explain how the risk assessment process influences the information security
strategy.
• Articulate the process and requirements to develop an effective information risk
response strategy.
• Describe the components of an effective information security program.
• Explain the process of building and maintaining an enterprise information security
program.
• Outline techniques used to assess the enterprise’s ability and readiness to manage an
information security incident.
• Outline methods to measure and improve response and recovery capabilities.
Course Outline
Domain 1 – Information Security Governance
• Describe the role of governance in creating value for the enterprise.
• Explain the importance of information security governance in overall enterprise
governance.
• Describe the influence of enterprise leadership, structure and culture on the
effectiveness of an information security strategy.
• Identify the relevant legal, regulatory and contractual requirements that impact the
enterprise.
• Describe the effects of the information security strategy on enterprise risk
management.
• Evaluate the common frameworks and standards used to govern an information
security strategy.
• Explain why metrics are critical in developing and evaluating the information
security strategy.
Domain 2 – Information Security Risk Management
• Apply risk assessment strategies to reduce the impact of information security risk.
• Assess the types of threats faced by the enterprise.
• Explain how security control baselines affect vulnerability and control deficiency
analysis.
• Differentiate between applications of risk treatment types from an information
security perspective.
• Describe the influence of risk and control ownership on the information security
program.
• Outline the process of monitoring and reporting information security risks.
Domain 3 – Information Security Program
• Outline the components and resources used to build an information security
program.
• Distinguish between common IS standards and frameworks to build an
information security program.
• Explain how to align IS policies, procedures and guidelines with the needs of the
enterprise.
• Describe the process of defining an IS program road map.
• Outline key IS program metrics used to track and report progress to senior
management.
• Explain how to manage the IS program using controls.
• Create a strategy to enhance awareness and knowledge of the information security
program.
• Describe integrating the security program with IT operations and third-party
providers.
• Communicate key IS program information to relevant stakeholders.
Domain 4 – Incident Management
• Distinguish between incident management and incident response
• Outline the requirements and procedures necessary to develop an incident response
plan.
• Identify techniques used to classify or categorize incidents.
• Outline the types of roles and responsibilities required for an effective incident
management and response team
• Distinguish between the types of incident management tools and technologies
available to an enterprise.
• Describe the processes and methods used to investigate, evaluate and contain an
incident.
• Identify the communications and notifications used to inform key stakeholders of
incidents and tests.
• Outline the processes and procedures used to eradicate and recover from incidents.
• Describe the requirements and benefits of documenting events.
• Explain the relationship between business impact, continuity and incident
response.
• Describe the processes and outcomes related to disaster recovery.
• Explain the impact of metrics and testing when evaluating the incident response
plan.
CISM’s Exam Content Outline
https://www.isaca.org/credentialing/cism/cism-exam-content-outline
| Topic | Professor | Certification Goal | |
|---|---|---|---|
| Module 0 | Cyber101 | Gael Beauboeuf | N-A |
| Module 1 | Network Fundamentals | Stanley Paul/Jhon Noel | Network+ |
| Module 2 | Cybersecurity Fundamentals | Gael Beauboeuf/ Paul Jn Marie | Security+ |
| Module 3 | Business continuity management | Lyonel Valles | Certified Business Continuity Professional (CBCP) |
| Module 4 | Information security governance | Anglade Perrier | CISM |
| Module 5 | Threat Analysis & Vulnerability Assessment | X | GIAC Cyber Threat Intelligence (GCTI) |
| Module 6 | Cloud Security | Anglade Perrier | CCSP – Certified Cloud Security Professional |
| Module 7 | Cyberdefense Analysis | Blaise Arbouet | CSA: Certified SOC Analyst |
| Module 8 | Information System Audit | Lyonel Valles/Franco Jean Louis | CISA |
| Module 9 | Penetration testing | Valentin Beaumont | OSCP |
| Module 10 | Forensic Analysis | Blaise Arbouet | GIAC Certified Forensic Examiner (GCFE) |
Course Features
- Lectures 0
- Quizzes 0
- Duration 60 hours
- Skill level All levels
- Language English
- Students 32
- Assessments Yes
