Certified Information Security Manager
IT Security

Certified Information Security Manager


Durasi : 5 hari

Harga : Rp. 5,500,000,-


While information has become more easily accessible and readily available, the associated risks
and security threats have not only increased in number, but also complexity. As a result, the
importance of ensuring that an enterprise’s information is protected has also increased. It is
now more important than ever for executives to ensure that their IT security managers have the
expertise needed to reduce risk and protect the enterprise.
Designed specifically for information security professionals who are preparing to sit for the CISM
exam, the course focuses on the four content areas of the Certified Information Security
Manager (CISM) job practice: information security governance, risk management and
compliance, information security program development and management, information security
incident management. Sample exam items will be used throughout the course to reinforce
content and familiarize attendees with the CISM exam question format


This course will provide students with the knowledge and skills :

  • Understand the purpose of an information security governance, what it consists of and how
    to accomplish it
  • Understand the purpose of an information security strategy, its objectives, and the reasons
    and steps required to develop one
  • Understand the meaning, content, creation and use of policies, standards, procedures and
    guidelines and how they relate to one another
  • Develop business cases and gain commitment from senior leadership
  • Define governance metrics requirements, selection and creation
  • Understand the importance of risk management as a tool for meeting business needs and
    developing a security management program to support these needs
  • Understand ways to identify rank, and respond to risk in a way that is appropriate as defined
    by organisational directives
  • Assess the appropriateness and effectiveness of information security controls
  • Reports on information security risk effectively
  • Develop and maintain an information security program that identifies, manages and
    protects the organisation’s assets while aligning to information security strategy and
    business goals, thereby supporting an effective security posture
  • Identify, analyse manage and respond effectively to unexpected events that may adversely
    affect the organisation’s information assets and/or its ability to operate
  • Identify the components of an incident response plan and Evaluate the effectiveness of an
    incident response plan
  • Understand the relationship among incident response plan, a disaster recovery plan and
    business continuity plan

Who should Attend

  • IT Manager
  • Channel Partners
  • Customers
  • Employees


It is recommended, but not required, to have the following skills and knowledge before
attending this course:

  • Understanding information security concepts and component
  • Fundamental of project management
  • Fundamental of IT Infrastructure Library

Course Contents:

  • Information Security Governance
    ○ Key information security concepts and components
    ○ Information security strategy development
    ○ Relevant Information security policies, standards, frameworks, and issuing bodies.
  • Information Risk Management
    ○ Risk management concepts and frameworks
    ○ Threat & vulnerability identification
    ○ Risk assessment analysis, methodologies, & risk treatment options
    ○ Systematic & structured information risk assessment processes
    ○ Information security controls & countermeasures
    ○ Risk, threat, & vulnerability identification & management life cycle
  • Information Security Program Development & Management
    ○ Key elements of an effective information security program
    ○ Information security architecture
    ○ Constructing an information security program
    ○ Design, develop, & implement an information security awareness program
    ○ Establishing metrics to evaluate the effectiveness of information security programs
    ○ Develop & manage key security controls for networks, operating systems, & application
    ○ Monitor, test, & report on the effectiveness & efficiency of information security controls
    & compliance with information security policies & standards
    ○ Define the core processes of systems development & life cycle (SDLC)
    ○ Providing information security consultation & guidance through reporting &
  • Information Security Incident Management & Response
    ○ Identifying & analyzing security incidents
    ○ Develop a security incident response plan
    ○ Integrating incident response plans with the disaster recovery & business continuity
    plan (BCP/DR)
    ○ Identify causes of information security incidents & develop corrective actions
    ○ Information security emerging issues
    ○ Regulation & compliance requirements
    ○ Monitor, identify, & respond to emerging threats & evolving regulatory requirements
    ○ Requirements for forensic investigations
Phone: (022) 4221130
Fax: (022) 4235692
Jl. Lengkong Kecil No. 73, Gedung Labora Lantai 2, Paledang, Kota Bandung, Jawa Barat 40261