Great CISM Training Offer
Former ISACA President CISM Led Training (4 day Course)
Early booking Price of GBP £1195.00 + vat
Call for more information on +44 (0) 20 8840 4496
Assessing the rapidly growing demand of professionals with CISM certifications, We have introduced exclusive CISM training program to help our students perform well in CISM exam. CISM course focuses on skills and knowledge of core competencies required for a world class information security professional. It is an ideal training program for professionals working in the field of information security management, irrelevant whether they want to take a CISM exam or not. We ensure that our students benefit from our extensive curriculum and structured learning program.
About CISM Certification:
ISACA or Information Systems Audit and Control Association conducts an extensive four hour exam to offer CISM certification to candidates with adequate knowledge about information security. CISM or Certification in Information Security Management is a professional certification exam, ideal for professionals with some prior experience in IT or security management department. It ensures the potential of a candidate to efficiently address all security related complications and mange, design and assess the information security system of an organization.
CISM Course Prerequisite:
They will have the skills and knowledge of the core competencies required of a world class information security professional whether planning to sit for the examination or not, they will have gained this in a structured learning environment. They will have gained the knowledge required for, and have thoroughly prepared for the certification examination in systematic way.
CISM Training Target Audience:
This is an ideal course for security professionals with 3-5 years of front line experience working as Security Auditors, Risk Managers, Compliance Personnel, Information Security Managers, Information Security Staff, Security Auditors, Compliance Personnel, CSOs, CISOs and CIOs. BCP / DR personnel can also take ISACA’s CISM certification exam. Candidates working as executive and operational managers responsible for assurance function can also benefit from CISM exam.
We aim to cover all the topics focused under CISM certification exam to provide our delegates with optimum knowledge and exposure to perform well. Our CISM course concentrates on a wide range of subjects including
Domain 1—Information Security Governance (24%)
- 1.1 Establish and maintain an information security strategy in accordance with organizational goals and objectives to guide the ongoing management of the information security program.
- 1.2 Establish and maintain a functional information security governance framework to guide activities that helps the information security strategy.
- 1.3 Integrate information security governance with corporate governance to make sure that organizational goals and objectives are met by the information security program.
- 1.4 Establish and maintain information security policies to communicate management’s directives and manage the progress of procedures, standards and guidelines.
- 1.5 Build up business cases to support investments in information security.
- 1.6 Identify internal and external influences to the organization (for example, business environment, technology, geographic location, risk tolerance, legal and regulatory requirements) to ensure that these factors are addressed continually by the information security strategy.
- 1.7 Attain commitment from senior management and support from other stakeholders to maximize the probability of successful implementation of the information security strategy.
- 1.8 Determine the roles and responsibilities of information security throughout the organization to establish clear accountability and line of authority.
- 1.9 Design, monitor, evaluate and report metrics (for example, key goal indicators [KGIs], key performance indicators [KPIs], key risk indicators [KRIs]) to provide management with optimum information regarding the efficiency of the information security system.
Domain 2—Information Risk Management and Compliance (33%)
- 2.1 Design and maintain a process for information asset classification to make sure that measures taken to protect assets are appropriate for their business value.
- 2.2 Assess legal, regulatory, organizational and other applicable requirements to manage the threat of noncompliance to acceptable levels.
- 2.3 Ensure that risk assessments, vulnerability assessments and threat analyses are conducted regularly and consistently to identify the threats to organization’s information.
- 2.4 Determine appropriate risk management options to manage risk to acceptable levels.
- 2.5 Analyze information security controls to determine whether they are efficient and effectively mitigate risk to an acceptable level.
- 2.6 Identify the gap between current and desired risk levels to manage risk to an acceptable level.
- 2.7 Integrate information risk management into business and IT operations (for example, development, procurement, project management, mergers and acquisitions) to encourage a consistent and comprehensive information risk management process.
- 2.8 Examine existing risk to ensure that changes are acknowledged and managed properly.
- 2.9 Account noncompliance and other changes in information risk to suitable management to assist in the risk management decision-making procedure.
Domain 3—Information Security Program Development and Management (25%)
- 3.1 Create and maintain the information security program in coalition with the information security strategy.
- 3.2 Ensure alignment among the information security program and other business functions (for example, human resources [HR], accounting, procurement and IT) to maintain integration with business processes.
- 3.3 Recognize, acquire, manage and define requirements for internal and external resources to execute the information security program.
- 3.4 Establish and retain information security architectures (people, process, technology) to execute the information security program.
- 3.5 Establish, communicate and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies.
- 3.6 Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture.
- 3.7 Incorporate information security requirements into organizational processes to maintain the organization’s security baseline.
- 3.8 Integrate information security requirements into third party contracts and activities (for example, joint ventures, outsourced providers, business partners, customers) to uphold the organization’s security baseline.
- 3.9 Establish, supervise and periodically report program management and operational metrics to assess the effectiveness and effectiveness of the information security program.
Domain 4—Information Security Incident Management (18%)
- 4.1 Design and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate identification of and response to incidents.
- 4.2 Establish and retain an incident response plan to ensure an efficient and sensible response to information security incidents.
- 4.3 Develop and employ processes to ensure the timely detection of information security incidents.
- 4.4 Establish and maintain processes to examine and document information security incidents to be able to react suitably and determine their causes while adhering to legal, regulatory and organizational guidelines.
- 4.5 Design and retain incident escalation and notification procedure to make sure that the appropriate stakeholders are involved in incident response management.
- 4.6 Organize, prepare and equip teams to effectively adress information security incidents in an efficient manner.
- 4.7 Assess the incident response plan periodically to ensure an effective response to information security incidents and to enhance response capabilities.
- 4.8 Design and maintain communication plans and processes to manage communication with internal and external entities.
- 4.9 Carry out post-incident reviews to conclude the root cause of information security incidents, develop remedial actions, reassess risk, evaluate response effectiveness and take appropriate corrective actions.
- 4.10 Establish and retain integration between the incident response plan, disaster recovery plan and business continuity plan.