The course is structured to follow the four Job Practice Areas as set out in the current CISM Review Manual. The course comprehensively covers each of the core competencies and associated task and knowledge statements, thereby ensuring thorough preparation for the CISM exam. The fundamental thrust of the examination is on understanding the concepts, not on memorising facts. As a result, the course will be presented in an interactive manner to ensure the underlying concepts are understood and examination questions can be analysed properly to achieve the correct answer.
1. Information Security Governance and Strategy
- Effective Information Security Governance
- Key Information Security Concepts and Issues
- The IS Manager
- Scope and Charter of Information Security Governance
- IS Governance Metrics
- Developing an IS Strategy – Common Pitfalls
- IS Strategy Objectives
- Determining Current State of Security
- Strategy Resources
- Strategy Constraints
- Action Plan Immediate Goals
- Action Plan Intermediate Goals
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
2. Information Security Risk Management and Compliance
- Effective Information Security Risk Management
- Integration into Life Cycle Processes
- Implementing Risk Management
- Risk Identification and Analysis Methods
- Mitigation Strategies and Prioritisation
- Reporting Changes to Management
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
3. Information Security Program Development and Management
- Planning
- Security Baselines
- Business Processes
- Infrastructure
- Malicious Code (Malware)
- Life Cycles
- Impact on End Users
- Accountability
- Security Metrics
- Managing Internal and External Resources
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
4. Information Security Incident Management
- Implementing Effective Information Security Management
- Security Controls and Policies
- Standards and Procedures
- Trading Partners and Service Providers
- Security Metrics and Monitoring
- The Change Management Process
- Vulnerability Assessments
- Due Diligence
- Resolution of Non-Compliance Issues
- Culture, Behavior and Security Awareness
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary