CISM - Certified Information Security Manager

We can help! This course has been prepared specifically to cover all of ISACA's 2007 CISM® exam objectives and more. Allow us to help you prepare for one of the most challenging examinations you will face.

The delegates will achieve to main objectives:
They will have the skills and knowledge of the core competencies required of a world class information security professional whether planning to sit for the examination or not, they will have gained this in a structured learning environment.
They will have gained the knowledge required for, and have thoroughly prepared for the certification examination in systematic way.

CISM caters to:

• Security professionals with 3-5 years of front-line experience
• Information security managers or those with management responsibilities
• Information security staff and other information security assurance providers who require and in-dept understanding of information security management including:
  • CISO's, CIO's, CSO's, privacy officers, risk managers
  • security auditors and compliance personnel
  • BCP / DR personnel
  • executive and operational managers responsible for assurance functions

Information Security Governance

• Develop information security strategy to align with business strategy and direction
• Obtain senior management commitment and support for information security across the entire enterprise
• Define information security governance roles and responsibilities
• Establish reporting and communication channels regarding information security governance activities

Risk Management

• Develop a systematic, analytical, and continuous risk management process
• Understand and implement risk identification, analysis, and mitigation activities
• Define and prioritize risk mitigation strategies
• Appropriately report changes in risk to the correct levels of management on a periodic and event-driven basis

Information Security Program Management

• Create and maintain plans for implementing a carefully designed information security governance framework
• Develop information security baselines from organizational needs, as well as international standards
• Develop guidelines and procedures for integrating security risk management into business processes
• Develop procedures and guidelines for the IT infrastructure that comply with senior-level information security policies
• Ensure security is effectively incorporated into the organizations established change management processes
• Effectively integrate information security policies, guidelines, procedures, and accountability into the organization's culture

Legal Issues

• Manage security risk from contracts; transfer risk with contracts
• Understand information security compliance issues resulting from Sarbanes-Oxley

Information Technology Deployment Risks

• Properly align IT strategic planning with organizational strategic planning
• Control risk within software development or acquisition projects

IT Management Risks

• How to position information security management within the organization
• Control IT security risk relating to IT funding

IT Networks and Telecommunications Risks

• Manage risk associated with social engineering, physical infrastructure threats, malicious code, and software vulnerabilities

Integrating Information Security into Business Continuity, Disaster Recovery, and Incident Response

• Develop and implement processes for identifying, detecting, and analyzing security-related events, procedures
• Organize, train, and properly equip response teams