Certified Information Security Manager (CISM)

Cui îi este dedicat cursul?

• IT professionals, cybersecurity experts, IT auditors, risk managers, compliance officers, and security consultants. 
• This training is ideal for individuals who have experience managing, designing, overseeing, and assessing an enterprise's information security program.
• It is also suitable for those looking to enhance their career prospects in information security management and broaden their knowledge of global security practices, as well as professionals seeking to demonstrate their expertise through a globally recognized certification.

Cunoștințe și abilități inițiale

• Knowledge of information security: Candidates should have a solid understanding of information security concepts, such as confidentiality, integrity, and availability. This knowledge can be gained through formal education, self-study, or work experience.
• IT/security work experience: It is recommended that candidates have at least five years of work experience in the IT or security fields before pursuing CISM certification. This experience should include a minimum of three years in an information security management role.
• Familiarity with relevant frameworks and standards: Candidates should be familiar with frameworks and standards such as ISO/IEC 27001, NIST SP 800-53, and the COBIT framework.
• Basic understanding of risk management and business continuity: Candidates should understand risk management concepts, such as risk identification, assessment, and mitigation, as well as the importance of business continuity planning.

Prezentarea cursului

Certified Information Security Manager (CISM) certification training is a globally recognized program designed to equip professionals with the necessary skills and knowledge to manage, design, and oversee information security systems. 

This comprehensive course covers general topics such as risk management, incident response, information security governance, compliance, and performance measurement. 

The Certified Information Security Manager (CISM) training aims to equip professionals with the knowledge and skills to manage, design, and assess enterprise information security programs. The main objectives include understanding information security governance, risk management, incident response, and business continuity. Additionally, participants learn how to align security strategies with business objectives, ensure compliance with regulatory requirements, evaluate and enhance security policies, and develop effective incident management plans. Ultimately, CISM training prepares professionals to become industry-recognized leaders in managing and protecting an organization's critical information assets.

Ce subiecte abordează cursul

Module 1: Information Security Governance

Module 2: Information Security Risk Management

Module 3: Information Security Program

Module 4: Incident Management

Ce abilități se dobândesc în urmă cursului

• Information security governance: Understand and establish a strong security governance framework, aligning it with business objectives and ensuring compliance with legal and regulatory requirements.
• Information risk management: Identify, assess, and manage information security risks in a systematic manner, prioritizing and mitigating them according to the business context.
• Information security program development and management: Design, develop, and manage a comprehensive and agile information security program that supports the organization's goals and objectives.
• Incident management and response: Develop and maintain an effective incident management strategy, including the capability to detect, respond to, and recover from security incidents in a timely manner.
• Policy development and management: Establish, communicate, and maintain the organization's information security policies, procedures, guidelines, and standards.
• Security awareness and training: Develop and implement a security awareness and training program to ensure that employees, contractors, and other relevant parties understand their information security responsibilities.
• Business continuity and disaster recovery planning: Develop, implement, and maintain a business continuity and disaster recovery plan to ensure the organization's resilience in case of a security incident, natural disaster, or other disruption.
• Third-party security management: Evaluate and manage the information security risks associated with third-party relationships, such as vendors, partners, and service providers.
• Security architecture and technology: Understand and apply principles of secure system design, data protection, and technology controls to protect the organization's critical assets.
• Compliance and audit management: Ensure ongoing compliance with applicable laws, regulations, and industry standards, as well as internal policies and procedures, through regular audits and assessments.