Course
CS1
Certified Information Security Manager® (CISM®) («CS1»)
Course facts
- Developing and managing a governance framework that aligns information security with corporate objectives
- Defining policies, responsibilities, and control mechanisms within the framework of legal and regulatory requirements
- Identifying, assessing, and prioritizing information security risks based on threats, vulnerabilities, and impacts
- Developing appropriate risk treatment strategies and establishing continuous risk reporting and monitoring
- Establishing and implementing a comprehensive information security program that includes policies, measures, awareness, and metrics
- Integrating security processes into business operations and managing internal and external resources
- Developing and maintaining an incident management process for the effective detection, reporting, and handling of security incidents
- Performing analysis, containment, recovery, and follow-up—including lessons learned and process optimization
- Enterprise Governance Overview
- Organizational Culture, Structures, Roles and Responsibilities
- Legal, Regulatory and Contractual Requirements
- Information Security Strategy
- Information Governance Frameworks and Standards
- Strategic Planning
- Risk and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Assessment, Evaluation and Analysis
- Information Risk Response
- Risk Monitoring, Reporting and Communication
- IS Program Development and Resources
- IS Standards and Frameworks
- Defining an IS Program Road Map
- IS Program Metrics
- IS Program Management
- IS Awareness and Training
- Integrating the Security Program with IT Operations
- Program Communications, Reporting and Performance Management
- Incident Management and Incident Response Overview
- Incident Management and Response Plans
- Incident Classification/Categorization
- Incident Management Operations, Tools and Technologies
- Incident Investigation, Evaluation, Containment and Communication
- Incident Eradication, Recovery and Review
- Business Impact and Continuity
- Disaster Recovery Planning
- Training, Testing and Evaluation
The course consists of interactive training in the form of presentations and group exercises.
Depending on your learning style, exam preparation requires an additional 10-20 hours of study outside of class.
The course is aimed at information security professionals with at least five years of professional experience, including at least three years in a senior security role.
The course is ideal for CISOs, CSOs, security managers, IT and compliance managers who want to take the next step in their management career. CISM® certification strengthens your credibility when dealing with stakeholders, colleagues, and regulatory authorities – both internally and externally.
There are no formal admission requirements for attending the course.
The requirements for official ISACA® certification are:
1 Passing the CISM® exam
- The exam can be taken without professional experience.
- After passing, certification must be applied for within 5 years.
2 Proof of at least five years of professional experience in information security management
- This experience must have been gained within the last ten years prior to application or within five years of passing the exam.
3 Coverage of at least three of the four CISM® domains
- Professional experience must include practical knowledge in at least three of the following four areas:
- Information Security Governance
- Information Security Risk Management
- Information Security Program
- Incident Management
4 Verifiability of professional experience
- Professional experience must be confirmed by a higher authority (e.g., supervisor or human resources department).
5 Submitting the application for certification to ISACA®
- Online application or PDF form (depending on the case)
- Payment of an application fee of currently USD 50
6 Agreement to the ISACA® Code of Professional Ethics
- Commitment to adhere to ethical standards in professional practice
7 Compliance with Continuing Professional Education (CPE) requirements
- After certification: annual continuing education and proof of maintenance of the title
Exam format:
- 150 multiple-choice questions
- Duration: 4 hours (240 minutes)
- Location: online with remote proctoring or at an authorized test center
- Language: available in several languages (you specify the language when registering for the exam)
- Aids: none
© ISACA. All rights reserved.
CISM® is a registered trademark of ISACA®.