Duration 4 days – 28 hrs
Overview.
The CISM Training Course is tailored for professionals who aim to manage, design, and oversee enterprise-level information security programs. Aligned with ISACA’s CISM curriculum, this course provides in-depth knowledge of security governance, information risk management, incident management, and the development and management of security programs. Participants will gain the skills needed to effectively align information security strategies with organizational goals and prepare thoroughly for the CISM certification exam.
Objectives
- Develop skills to create, implement, and manage information security programs aligned with organizational objectives.
- Learn information risk management principles and apply them to real-world situations.
- Understand how to establish and govern an information security framework.
- Master incident management techniques to ensure rapid response and resilience.
- Prepare for the CISM certification exam with a focus on practical applications and best practices.
Audience
- Information Security Managers
- IT Security Consultants
- Chief Information Security Officers (CISOs)
- IT Directors/Managers
- Risk Management Professionals
- Compliance and Governance Officers
- Professionals preparing for the CISM certification exam
Pre- requisites
- A minimum of 5 years of work experience in information security management (or equivalent work experience).
- Familiarity with information security concepts, policies, and procedures.
- Knowledge of risk management frameworks is beneficial.
Course Content
Day 1: Information Security Governance
- Introduction to Information Security Governance: Understanding the importance of governance in information security.
- Establishing an Information Security Governance Framework: Components and functions of a governance framework.
- Security Policies, Standards, and Procedures: Developing and enforcing effective security policies aligned with business objectives.
- Roles and Responsibilities: Defining roles, such as CISO, security managers, and governance committees.
- Aligning Security with Business Strategy: Techniques to align security initiatives with organizational goals.
Day 2: Information Risk Management
- Risk Management Overview: The fundamentals of identifying, assessing, and managing risk.
- Risk Assessment and Analysis: Techniques to conduct quantitative and qualitative risk assessments.
- Risk Response and Mitigation: Strategies for addressing risks, including risk avoidance, transfer, mitigation, and acceptance.
- Third-Party Risk Management: Managing security risks from third-party vendors and partners.
- Risk Monitoring and Reporting: Creating risk dashboards and reporting risk status to stakeholders.
Day 3: Information Security Program Development and Management
- Information Security Program Development: Building a program that meets business needs and regulatory requirements.
-
-
- Program Roadmap and Strategic Planning: Creating a multi-year security program roadmap.
- Resource Management: Allocating budget, personnel, and technology for program success.
-
- Security Controls and Compliance: Implementing and managing security controls across the organization.
-
-
- Technical, Administrative, and Physical Controls: Practical implementation of various control types.
- Compliance Requirements: Addressing standards such as ISO 27001, NIST, and GDPR.
-
- Metrics and Continuous Improvement: Developing key performance indicators (KPIs) to measure program effectiveness.
Day 4: Information Security Incident Management
- Incident Response Framework: Structuring an incident response team and defining response protocols.
- Incident Response Planning: Developing and testing an incident response plan (IRP).
- Detection and Analysis: Identifying security events and assessing potential threats.
- Containment, Eradication, and Recovery: Steps to minimize damage, remove threats, and restore operations.
- Post-Incident Review: Conducting lessons-learned sessions to prevent future incidents and improve response.
