CISM

The ISACA® Certified Information Security Manager™ is the fastest growing and arguably the most prestigious qualification available for Information Security managers today.

CISM properly recognises that security is first and foremost a management rather than a technical issue. CISM defines the core competencies and international standards of performance that information security managers are expected to master. It provides executive management with the assurance that CISM holders have the experience and knowledge to offer effective security management and advice.

Who should attend :

The CISM designation is for Information Security professionals with 3 years of experience or above. This credential is geared towards Information Security managers and those who have information security management responsibilities.

Learning Objectives: 

Domain 1 – Information Security Governance

• Understand the purpose of information security governance, what it consists of and how to accomplish it

• Understand the purpose of an information security strategy, its objectives, and the reasons and steps required to develop one

• Understand the meaning, content, creation and use of policies, standards, procedures and guidelines and how they relate to each other

• Develop business cases and gain commitment from senior leadership

• Define governance metrics requirements, selection and creation

Domain 2 – Information Risk Management

• Understand the importance of risk management as a tool for meeting business needs and developing a security management program to support these needs

• Understand ways to identify, rank and respond to risk in a way that is appropriate as defined by organizational directives

• Assess the appropriateness and effectiveness of information security controls

• Report on information security risk effectively

Domain 3 – Information Security Program Development and Management

• Understand the broad requirements and activities needed to create, manage and maintain an information security program to implement an information security strategy

• Define and utilize the resources required to achieve the IT goals consistent with organizational objectives

• Understand the people, processes and technology necessary to execute the information security strategy

Domain 4 – Information Security Incident Management

• Identify, analyze, manage and respond effectively to unexpected events that may adversely affect the organization’s information assets and/or its ability to operate

• Identify the components of an incident response plan

• Evaluate the effectiveness of an incident response plan

• Understand the relationship among an incident response plan, a disaster recovery plan and a business continuity plan