This 4-day course will prepare for the CISM® exam Certified Information Security Manager, covering the entire CBK (Common Body of Knowledge) common core of knowledge in security defined ISACA®, Information Systems Audit and Control Association. The CISM certification is recognized worldwide.
Domain 1: Information Security Governance
Domain 2: Information Security Risk Management
Domain 3: Information Security Program
Domain 4: Incident Management
Preparation and Certification
Information System (IS) Directors, auditors, responsible for business continuity or security, or for which the control of IS is fundamental in achieving their goals.
Basic knowledge in Information Systems. Understanding English is necessary because the documentation is in English (the training is in French or English).
Program
Domain 1: Information Security Governance
Part A: Enterprise Governance
-Importance of Information Security Governance
-Organizational culture
-Legal, regulatory and Contractual Requirements
-Organizational Structures, Roles and Responsibilities
Part B: Information Security Strategy
-Information Security Strategy Development
-Information Governance Frameworks and Standards
-Strategic Planning
-Questions from previous sessions (CISM or comparable examinations).
Domain 2: Information Risk Management
Part A: Information Risk Assessment
-Emerging Risk and Threat Landscape
-Vulnerability and Control Deficiency Analysis
-Risk Analysis, Evaluation and Assessment
Part B: Information Risk Response
-Risk Treatment/ Risk Response Options
-Risk and Control Ownership
-Risk Monitoring and Reporting
-Questions from previous sessions (CISM or comparable examinations).
Domain 3: Information Security Program
Part A: Information Security Program Development
-Information Security Program Overview
-Information Security Program Resources
-Information Asset Identification and Classification
-Industry Standards and Frameworks for Information Security
-Information Security Policies, Procedures and Guidelines
-Defining an Information Security Program Road Map
-Information Security Program Metrics
Part B: Information Security Program Management
-Information Security Control Design and Selection
-Information Security Control Implementation and Integration
-Information Security Control Testing and Evaluation
-Information Security Awareness and Training
-Integration of the Security Program with IT Operations
-Management of External Services and Relationships
-Information Security Program Communications and Reporting
-Questions from previous sessions (CISM or comparable examinations).
Domain 4: Incident Management
Part A: Incident Management Readiness
-Incident Management and Incident Response Overview
-Incident Management and Incident Response Plan
-Business Impact Analysis
-Business Continuity Plan
-Disaster Recovery Plan
-Incident Classification/Categorization
-Incident Management Training, Testing and Evaluation
Part B: Incident Management Operations
-Incident Management Tools and Technologies
-Incident Investigation and Evaluation
-Incident Containment Methods
-Incident Response Communications
-Incident Eradication and Recovery
-Post-Incident Review Practice
-Questions from previous sessions (CISM or comparable examinations).
Partial simulation of the exam conducted at the end of training.
Subscribe to the www.isaca.org site.
Duration and conduct of the exam: 3 hours with 150 questions (review available only in English).
Back Registration