Your Cart Is Empty
Technical Courses >
IT Security >
CISM Exam Boot Camp
CISM is recognized as the leading certification for enterprise security management. After completing this preparation course, you will be ready to take the CISM certification exam.
After completion of this preparation course, you will be ready to take the internationally-acclaimed CISM certification exam. When it comes to information security, a single differentiator can be all that stands between a multimillion dollar contract and a promotion. ISACA's Certified Information Security Manager (CISM) certification is that differentiator. CISM is recognized around the world as the leading certification for enterprise security management. CISM certified individuals are part of an elite group of professionals who have demonstrated a mastery of the concepts and skills of information security, have the experience to back up the knowledge and are dedicated to continually learning and staying current within the information security field.
After completing this workshop, participants will be able to:· Master the CISM exam content areas· Get CISM test taking skills from our experts· Learn to align security to your business processes· In-depth coverage: Information Security Governance· In-depth coverage: Information Risk Management & Compliance· In-depth coverage: Information Security Program Development & Management· In-depth coverage: Information Security Incident Management
1. About CISMRequirements for certification· Experience· Passing the exam· The ISACA Code of Ethics· Maintaining certification2. Information Security Governance· Information is a valuable resource in all of its formats· Not just IT related· We need to converge information security into the businessEffective information security governance· Business drivers· Business support· Provide assurance to managementRisk objectives· Operational risk management· We must be able to meet our desired stateBuild an information security strategy· Business model for information security (BMIS)· StrategyControls· Types of controls· IT controls· Non-IT controls· Countermeasures· Example defense in depthProvide assurance to management· ISO 27001· Security MetricsExtend security knowledge to everyone· Awareness· Training· EducationAction plan to implement strategy· Projects· Gap analysis· Critical success factors3. Information Risk Management & ComplianceInformation classification· Why should information be classified· Developing the program· Ownership· ResponsibilitiesMethods to evaluate impact of adverse events· Business impact analysis· Legal and regulatory requirementsEmerging threats and vulnerabilities· Sources of informationRisk management· Elements of risk· Risk assessment· Prioritizing risk· Reporting risk· Monitoring Risk· Risk handling· Control baseline modeling Controls· Gap analysis· Integrate risk management into business and IT processes· ComplianceRe-assessing risk and changing security program elements· Risk management is a cyclic process· Triggers to re-assess4. Information Security Program Development & ManagementAlign information security program to business function· Resource requirements definition· Internal· External· Identify, acquire and manage
Emerging trends in information security· Cloud computing· Mobile computingSecurity control design Security architectures· BSIMMethods to develop· Standards· Procedures· GuidelinesMethods to implement and communicate· Policies· Standards· Procedures· GuidelinesSecurity awareness and training· Methods to establish· Methods to maintainMethods to integrate security requirements into organizational processes· Methods to incorporate security requirements· Contracts· 3rd party management processesSecurity metrics· Design· Implement· ReportTesting security controls· Effectiveness· Applicability5. Information Security Incident ManagementDefinition· Distinction between IR, BCP and DRP· Senior management commitment· Policy· PersonnelObjectives· Intended outcomes· Incident management· Incident handling· Incident response· Incident systems and toolsWhat technologies must an IRT know?· Vulnerabilities/Weaknesses· Networking· Operating systems· Malicious software· Programming languagesDefining incident management procedures· Plan for management Current state of incident response plan· Gap analysisDevelop a plan· Plan elements· Notification process· Escalation process· Help desk process for identifying incidents· Response teamsChallenges in developing a planBCP/DRP· Recovery operations· Recovery strategies· Recovery sites· Basis for recovery site selection· Notification requirements· Supplies· Communication structure· Testing the plan· Recovery test metrics· Test results· Post-incident activities and investigations
Certified Information Security Manager (CISM)
Five years of experience with audit, IT systems, and security of information systems; systems administration experience; familiarity with TCP/IP; and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course course.
Productivity Point Learning Solutions
evolved out of a desire to increase our outreach
both nationally and internationally.
Productivity Point Headquarters
1580 Sawgrass Corporate Parkway
Sunrise, Florida 33323