CISM Certification

Hot Deal!

Save $500. Offer expires March 31, 2017

CISM Certification Course Description

Duration: 5.00 days (40 hours)

Information Systems Audit and Control Association (ISACA) provides three testing opportunities each year, so we developed this Certified Information Security Manager (CISM) exam prep course to help you get it right the first time. The course focuses on advanced risk management and specific compliance and security management operations. Along with our custom course material, you'll receive a free copy of ISACA's CISM Review Manual 2013.

Next Class Dates

Apr 17, 2017 – Apr 21, 2017
9:00 AM – 5:00 PM ET
May 15, 2017 – May 19, 2017
9:00 AM – 5:00 PM ET

View More Schedules »

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this CISM Certification Course

  • » Experienced information security managers and those who have information security management responsibilities, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.

Back to Top

CISM Certification Course Objectives

  • » In-depth coverage of the four domains required to pass the CISM exam:
  • » Information Security Governance
  • » Information Risk Management and Compliance
  • » Information Security Program Development and Management
  • » Information Security Incident Management

Back to Top

CISM Certification Course Outline

      1. Information Security Governance
        1. Establish and maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and ongoing management of the information security program.
        2. Establish and maintain an information security governance framework to guide activities that support the information security strategy.
        3. Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program.
        4. Establish and maintain information security policies to communicate management's directives and guide the development of standards, procedures and guidelines.
        5. Develop business cases to support investments in information security.
        6. Identify internal and external influences to the organization (for example, technology, business environment, risk tolerance, geographic location, legal and regulatory requirements) to ensure that these factors are addressed by the information security strategy.
        7. Obtain commitment from senior management and support from other stakeholders to maximize the probability of successful implementation of the information security strategy.
        8. Define and communicate the roles and responsibilities of information security throughout the organization to establish clear accountabilities and lines of authority.
        9. Establish, monitor, evaluate and report metrics (for example, key goal indicators [KGIs], key performance indicators [KPIs], key risk indicators [KRIs]) to provide management with accurate information regarding the effectiveness of the information security strategy.
      2. Information Risk Management and Compliance
        1. Establish and maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
        2. Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
        3. Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify risk to the organization's information.
        4. Determine appropriate risk treatment options to manage risk to acceptable levels.
        5. Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level.
        6. Identify the gap between current and desired risk levels to manage risk to an acceptable level.
        7. Integrate information risk management into business and IT processes (for example, development, procurement, project management, mergers and acquisitions) to promote a consistent and comprehensive information risk management process across the organization.
        8. Monitor existing risk to ensure that changes are identified and managed appropriately.
        9. Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision-making process.
      3. Information Security Program Development and Management
        1. Establish and maintain the information security program in alignment with the information security strategy.
        2. Ensure alignment between the information security program and other business functions (for example, human resources [HR], accounting, procurement and IT) to support integration with business processes.
        3. Identify, acquire, manage and define requirements for internal and external resources to execute the information security program.
        4. Establish and maintain information security architectures (people, process, technology) to execute the information security program.
        5. Establish, communicate and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies.
        6. Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture.
        7. Integrate information security requirements into organizational processes (for example, change control, mergers and acquisitions, development, business continuity, disaster recovery) to maintain the organization's security baseline.
        8. Integrate information security requirements into contracts and activities of third parties (for example, joint ventures, outsourced providers, business partners, customers) to maintain the organization's security baseline.
        9. Establish, monitor and periodically report program management and operational metrics to evaluate the effectiveness and efficiency of the information security program.
      4. Information Security Incident Management
        1. Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate identification of and response to incidents.
        2. Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents.
        3. Develop and implement processes to ensure the timely identification of information security incidents.
        4. Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organizational requirements.
        5. Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management.
        6. Organize, train and equip teams to effectively respond to information security incidents in a timely manner.
        7. Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities.
        8. Establish and maintain communication plans and processes to manage communication with internal and external entities.
        9. Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.
        10. Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan.

Back to Top

This training prepares students for the following exam(s):

  • » CISM : Certified Information Security Manager Exam

Back to Top

Do you have the right background for CISM Certification?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Donald H.
- Academic and corporate trainer with over 2000 hours of instruction delivered on security awareness, CISSP, Security+, Safety, core Microsoft courses, MS Exchange and MS ISA server.
- Conducted over 200 security reviews in support of financial audits, policy reviews and network vulnerability assessments.
- Bachelors Degree in Security Management with a Concentration in Information Security from American Military University along with CISSP, CAP and several CompTIA, Microsoft, ISACA certifications.

Bio:

Donald is a security professional with a wide range of experience from physical security to a concentration in information security. He is the Information Systems & Security Director for a consulting firm. His clients include local municipalities, non-profits, corporations and federal government agencies, specializing in a wide array of compliance programs and security assessments such as PCI DSS, FISMA, COBIT and ISO17799.

Donald is also a trainer and speaker on security topics and has served on various advisory committees and as a subject matter expert in information technology and security. He has over 15 years of experience in the security field as well as more than 2000 hours of instruction delivered on security awareness, CISSP, Security+, Safety, core Microsoft courses and MS ISA server. In addition to that, Donald is the President and Chairmen for the Brentwood Veterans Memorial Building and Commandant for the Delta Diablo Det. 1155 Marine Corps League.
Jayson F.
- Over 32 years of experience as well as 18 certifications, including Cisco, CompTIA, and Microsoft.
- Strong background, with web development & design of infrastructure for companies such as AT&T, Sports Illustrated, and Toys R Us.
- Specialist in applying process and finding solutions to solve them in addition to training people in the skills to manage the process and meet goals.

Bio:

Jayson is a talented and valued Microsoft Certified Trainer (MCT) with over 32 years of IT experience. Along with web development & design of infrastructure for companies such as AT&T, Sports Illustrated, and Toys R Us, he holds several IT certifications. He is a CCDA, CCNA, Security+ certified, MCDBA, and MCSE to name a few.

Jayson's focus is on finding solutions to problems and applying process to solve them. He instructs professionals in the skills to manage the process and meet goals, which makes him a respected trainer at NetCom Learning.
Larry G.
- More than 14 years of experience as a Security Subject Matter Expert as well as black belt in a variety of martial arts.
- Numerous Challenge Coins from the US Government including the US Army, and the Criminal Investigation Command.
- Much acclaimed instructor at NetCom Learning, with evaluation scores of 8.8 out of 9.

Bio:

Larry is a unique instructor and IT security expert. If you sit in one of his classes you might get the feeling of being in a martial arts class - That's exactly how Larry wants it! "The principles behind IT security are the same as those in a variety of martial arts," Larry says. In addition to teaching IT security for over 14 years, he has practiced martial arts since he was 13 years old and holds black belts in multiple disciplines including Tai Chi, Kung Fu, and Kick Boxing. "All of these techniques are like tools for different types of attacks," Larry explains.

Larry's excellence in certification training and passion for IT security has earned him numerous Challenge Coins from the US Government including the US Army, and the Criminal Investigation Command. He is also a much acclaimed instructor at NetCom Learning, with evaluation scores of 8.8 out of 9.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

Larry was very good and helped with my understanding of the material. The training will help with my CISM certification.. The material will assist with my professional development.
Course(s) Taken

» CISM: Certified Information Security Manager

  More testimonials »  

Back to Top

Ways to contact us

Back to Top