• Classroom

Information Systems Audit and Control Association (ISACA) provides three testing opportunities each year, so we developed this Certified Information Security Manager (CISM) exam prep course to help you get it right the first time. The course focuses on advanced risk management and specific compliance and security management operations. Along with our custom course material, you'll receive a free copy of ISACA's CISM Review Manual 2013.

Interested in group training toward 8570.1 compliancy. This course can be a component of our 8570.1 Training Solution that can also include assessments, certification preparation and program management, post training and testing, 8570 compliancy tracking and reporting, and continuing education.

The CISM exam is offered three times a year (June, September and December) and consists of 200 multiple-choice questions. The CISM exam is focused on the four domains defined by ISACA.

Learning Objectives

1. Testing-Taking Tips and Study Techniques

  • Preparation for the CISM exam
  • Submitting Required Paperwork
  • Resources and Study Aids
  • Passing the Exam the First Time

2. Information Security Governance

  • Asset Identification
  • Risk Assessment
  • Vulnerability Assessments
  • Asset Management

3. Information Risk Management

  • Asset Classification and Ownership
  • Structured Information Risk Assessment Process
  • Business Impact Assessments
  • Change Management

4. Information Security Program Development

  • Information Security Strategy
  • Program Alignment of Other Assurance Functions
  • Development of Information Security Architectures
  • Security Awareness, Training, and Education
  • Communication and Maintenance of Standards, Procedures, and Other Documentation
  • Change Control
  • Lifecycle Activities
  • Security Metrics

5. Information Security Program Management

  • Security Program Management Overview
  • Planning
  • Security Baselines
  • Business Processes
  • Security Program Infrastructure
  • Lifecycle Methodologies
  • Security Impact on Users
  • Accountability
  • Security Metrics
  • Managing Resources

6. Incident Management and Response

  • Response Management Overview
  • Importance of Response Management
  • Performing a Business Impact Analysis
  • Developing Response and Recovery Plans
  • The Incident Response Process
  • Implementing Response and Recovery Plans
  • Response Documentation
  • Post-Event Reviews

7. Review and Q&A Session

  • Final Review and Test Prep

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.