Course
digicode: CS1
Certified Information Security Manager® (CISM®)
Course facts
Download as PDF- Developing and managing a governance framework that aligns information security with corporate objectives
- Defining policies, responsibilities, and control mechanisms within the framework of legal and regulatory requirements
- Identifying, assessing, and prioritizing information security risks based on threats, vulnerabilities, and impacts
- Developing appropriate risk treatment strategies and establishing continuous risk reporting and monitoring
- Establishing and implementing a comprehensive information security program that includes policies, measures, awareness, and metrics
- Integrating security processes into business operations and managing internal and external resources
- Developing and maintaining an incident management process for the effective detection, reporting, and handling of security incidents
- Performing analysis, containment, recovery, and follow-up—including lessons learned and process optimization
- Enterprise Governance Overview
- Organizational Culture, Structures, Roles and Responsibilities
- Legal, Regulatory and Contractual Requirements
- Information Security Strategy
- Information Governance Frameworks and Standards
- Strategic Planning
- Risk and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Assessment, Evaluation and Analysis
- Information Risk Response
- Risk Monitoring, Reporting and Communication
- IS Program Development and Resources
- IS Standards and Frameworks
- Defining an IS Program Road Map
- IS Program Metrics
- IS Program Management
- IS Awareness and Training
- Integrating the Security Program with IT Operations
- Program Communications, Reporting and Performance Management
- Incident Management and Incident Response Overview
- Incident Management and Response Plans
- Incident Classification/Categorization
- Incident Management Operations, Tools and Technologies
- Incident Investigation, Evaluation, Containment and Communication
- Incident Eradication, Recovery and Review
- Business Impact and Continuity
- Disaster Recovery Planning
- Training, Testing and Evaluation
Depending on your learning style, exam preparation requires an additional 10-20 hours of study outside of class.
The course is aimed at information security professionals with at least five years of professional experience, including at least three years in a senior security role.
The course is ideal for CISOs, CSOs, security managers, IT and compliance managers who want to take the next step in their management career. CISM® certification strengthens your credibility when dealing with stakeholders, colleagues, and regulatory authorities – both internally and externally.
There are no formal admission requirements for attending the course.
To achieve certification, the following requirements must be met:
1 Passing the CISM® exam
- The exam can be taken without professional experience.
- After passing, certification must be applied for within 5 years.
2 Proof of at least five years of professional experience in information security management
- This experience must have been gained within the last ten years prior to application or within five years of passing the exam.
3 Coverage of at least three of the four CISM® domains
- Professional experience must include practical knowledge in at least three of the following four areas:
- Information Security Governance
- Information Security Risk Management
- Information Security Program
- Incident Management
4 Verifiability of professional experience
- Professional experience must be confirmed by a higher authority (e.g., supervisor or human resources department).
5 Submitting the application for certification to ISACA®
- Online application or PDF form (depending on the case)
- Payment of an application fee of currently USD 50
6 Agreement to the ISACA® Code of Professional Ethics
- Commitment to adhere to ethical standards in professional practice
7 Compliance with Continuing Professional Education (CPE) requirements
- After certification: annual continuing education and proof of maintenance of the title
When you book an ISACA exam, you have 6 months from the date of redemption to schedule and take your exam. So be sure to reserve your exam date in plenty of time.
All other learning resources, such as QAE, online review courses, webinars, and virtual workshops, are also available to you for 6 months from the date of redemption. The official review manuals remain available to you indefinitely.
Exam format:
- 150 multiple-choice questions
- Duration: 4 hours (240 minutes)
- Location: online with remote proctoring or at an authorized test center
- Language: available in several languages (you specify the language when registering for the exam)
- Aids: none
© ISACA. All rights reserved.
CISM® is a registered trademark of ISACA®.