CISM (Certified Information Security Manager) is “an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security program.” This certification is offered by ISACA, a nonprofit, independent association

Overall learn Advanced security anytime and anywhere. We have 3 training options and we have award-winning IT courses. In turn identify and implement client side and integration technologies. Thus learn how to create and manage your own security features.

Part-Time

Fast forward your career in the IT industry with a part-time Certified Information Security Manager (CISM®) courses at School of IT. All in all the Part-time CISM courses that allow working professionals to transition into a new skill set while working. In turn at School of IT we are agile and can customize an IT course to the individual. Start anytime and choose your hours!

Full Time

Are you ready to start a career in IT? In turn learn about security and cyber security as a full time student at School of IT. Thus beginning your career as a Cyber Security Analyst. Start anytime and manage your own contact hours with your mentor!

High School

In addition prepare for the future by learn about advanced security for networks while you’re still in high school. Have the option to get internationally accredited and recognized before you even finish school!

Corporate

All in all upskill yourself or your company by learning about about cybersecurity while you’re working. Thus no matter where you are, you can upskill yourself and get internationally accredited and recognized in under 3 months!

Certified Information Security Manager (CISM) Training Outline

Domain 1: Information Security Governance

Module 1: Introduction to Information Security Governance

• About Information Security Governance
• Reason for Security Governance
• Security Governance Activities and Results
• Risk Appetite
• Organisation Culture

In Module 2: Legal, Regulatory and Contractual Requirements

• Introduction
• Requirements for Content and Retention of Business Records

Module 3: Organisational Structures, Roles and Responsibilities

• Roles and Responsibilities
• Monitoring Responsibilities

Module 4: Information Security Strategy Development

• Introduction
• Business Goals and Objectives
• Information Security Strategy Objectives
• Ensuring Objective and Business Integration
• Avoiding Common Pitfalls and Bias
• Desired State
• Elements of a Strategy

Module 5: Information Governance Frameworks and Standards

• Security Balanced Scorecard
• Architectural Approaches
• Enterprise Risk Management Framework
• Information Security Management Frameworks and Models

Module 6: Strategic Planning

• Workforce Composition and Skills
• Assurance Provisions
• Risk Assessment and Management
• Action Plan to Implement Strategy
• Information Security Program Objectives

Domain 2: Information Security Risk Management

Module 7: Emerging Risk and Threat Landscape

• Risk Identification
• Threats
• Defining a Risk Management Framework
• Emerging Threats
• Risk, Likelihood and Impact
• Risk Register

Module 8: Vulnerability and Control Deficiency Analysis

• Introduction
• Security Control Baselines
• Events Affecting Security Baselines

Module 9: Risk Assessment and Analysis

• Introduction
• Determining the Risk Management Context
• Operational Risk Management
• Risk Management Integration with IT Life Cycle Management Processes
• Risk Scenarios
• Risk Assessment Process
• Risk Assessment and Analysis Methodologies
• Other Risk Assessment Approaches
• Risk Analysis
• Risk Evaluation
• Risk Ranking

Module 10: Risk Treatment or Risk Response Options

• Risk Treatment/Risk Response Options
• Determining Risk Capacity and Acceptable Risk
• (Risk Appetite)
• Risk Response Options
• Risk Acceptance Framework
• Inherent and Residual Risk
• Impact
• Controls
• Legal and Regulatory Requirements
• Costs and Benefits

Module 11: Risk and Control Ownership

• Risk Ownership and Accountability
• Risk Owner
• Control Owner

Module 12: Risk Monitoring and Reporting

• Risk Monitoring
• Key Risk Indicators
• Reporting Changes in Risk
• Risk Communication, Awareness and Consulting
• Documentation

Domain 3: Information Security Programme Development and Management

Module 13: Information Security Program Resources

• Introduction
• Information Security Program Objectives
• Information Security Program Concepts
• Common Information Security Program Challenges
• Common Information Security Program Constraints

Module 14: Information Asset Identification and Classification

• Information Asset Identification and Valuation
• Information Asset Valuation Strategies
• Information Asset Classification
• Methods to Determine Criticality of Assets and Impact of Adverse Events

Module 15: Industry Standards and Frameworks for Information Security

• Enterprise Information Security Architectures
• Information Security Management Frameworks
• Information Security Frameworks Components

Module 16: Information Security Policies, Procedures, and Guidelines

• Policies
• Standards
• Procedures
• Guidelines

Module 17: Information Security Program Metrics

• Introduction
• Effective Security Metrics
• Security Program Metrics and Monitoring
• Metrics Tailored to Enterprise Needs

Module 18: Information Security Control Design and Selection

• Introduction
• Managing Risk Through Controls
• Controls and Countermeasures
• Control Categories
• Control Design Considerations
• Control Methods

Module 19: Security Programme Management

• Risk Management
• Risk Management Programme
• Risk Treatment
• Audit and Reviews
• Third-Party Risk Management

Module 20: Security Programme Operations

• Event Monitoring
• Vulnerability Management
• Security Engineering and Development
• Network Protection
• Endpoint Protection and Management
• Identity and Access Management
• Security Incident Management
• Security Awareness Training
• Managed Security Service Providers
• Data Security
• Cryptography
• Symmetric Key Algorithms

Module 21: IT Service Management

• Service Desk
• Incident Management
• Problem Management
• Change Management
• Configuration Management
• Release Management
• Service Levels Management
• Financial Management
• Capacity Management
• Service Continuity Management
• Availability Management
• Asset Management

Module 22: Controls

• Internal Control Objectives
• Information Systems Control Objectives
• General Computing Controls
• Control Frameworks
• Controls Development
• Control Assessment

Module 23: Metrics and Monitoring

• Types of Metrics
• Audiences
• Continuous Improvement

Domain 4: Information Security Incident Management

Module 24: Security Incident Response Overview

• Phases of Incident Response

Module 25: Incident Response Plan Development

• Objectives
• Maturity
• Resources
• Roles and Responsibilities
• Gap Analysis
• Plan Development

Module 26: Responding to Security Incidents

• Detection
• Initiation
• Evaluation
• Recovery
• Remediation
• Closure
• Post-Incident Review

Module 27: Business Continuity and Disaster Recovery Planning

• Business Continuity Planning
• Disaster
• Disaster Recovery Planning
• Testing BC and DR Planning

The career prospects for CISM graduates are excellent and high in demand. Computers is everywhere: on all platforms and devices and in all countries around the world!

• Security Analyst.
• Security Engineer.
• Security Architect.
• Security Administrator.
• Security Software Developer.
• Cryptographer.
• Cryptanalyst.
• Security Consultant.