Certified Information Security Manager (CISM)
IT Security

Certified Information Security Manager (CISM)

Durations : 5 Days


While information has become more easily accessible and readily available, the associated risks and security threats have not only increased in number, but also complexity.  As a result, the importance of ensuring that an enterprise’s information is protected has also increased.  It is now more important than ever for executives to ensure that their IT security managers have the expertise needed to reduce risk and protect the enterprise.

Designed specifically for information security professionals who are preparing to sit for the CISM exam, the course focuses on the four content areas of the Certified Information Security Manager (CISM) job practice:  information security governance, risk management and compliance, information security program development and management, information security incident management. Sample exam items will be used throughout the course to reinforce content and familiarize attendees with the CISM exam question format.



It is recommended, but not required, to have the following skills and knowledge before attending this course:

  • Understanding information security concepts and component
  • Fundamental of project management
  • Fundamental of IT Infrastructure Library

Course Contents:

This course will provide students with the knowledge and skills :

  • Information Security Governance

Key information security concepts and components

Information security strategy development

Relevant Information security policies, standards, frameworks, and issuing bodies

  • Information Risk Management

Risk management concepts and frameworks

Threat & vulnerability identification

Risk assessment analysis, methodologies, & risk treatment options

Systematic & structured information risk assessment processes

Information security controls & countermeasures

Risk, threat, & vulnerability identification & management life cycle

  • Information Security Program Development & Management

Key elements of an effective information security program

Information security architecture

Constructing an information security program

Design, develop, & implement an information security awareness program

Establishing metrics to evaluate the effectiveness of information security programs

Develop & manage key security controls for networks, operating systems, & application systems

Monitor, test, & report on the effectiveness & efficiency of information security controls &

compliance with information security policies & standards

Define the core processes of systems development & life cycle (SDLC)

Providing information security consultation & guidance through reporting & communication

  • Information Security Incident Management & Response

Identifying & analyzing security incidents

Develop a security incident response plan

Integrating incident response plans with the disaster recovery & business continuity plan (BCP/DR)

Identify causes of information security incidents & develop corrective actions

Information security emerging issues

Regulation & compliance requirements

Monitor, identify, & respond to emerging threats & evolving regulatory requirements

Requirements for forensic investigations


  • Understand the purpose of an information security governance, what it consists of and how to accomplish it
  • Understand the purpose of an information security strategy, its objectives, and the reasons and steps required to develop one
  • Understand the meaning, content, creation and use of policies, standards, procedures and guidelines and how they relate to one another
  • Develop business cases and gain commitment from senior leadership
  • Define governance metrics requirements, selection and creation
  • Understand the importance of risk management as a tool for meeting business needs and developing a security management program to support these needs
  • Understand ways to identify rank, and respond to risk in a way that is appropriate as defined by organisational directives
  • Assess the appropriateness and effectiveness of information security controls
  • Reports on information security risk effectively
  • Develop and maintain an information security program that identifies, manages and protects the organisation’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture
  • Identify, analyse manage and respond effectively to unexpected events that may adversely affect the organisation’s information assets and/or its ability to operate
  • Identify the components of an incident response plan and Evaluate the effectiveness of an incident response plan
  • Understand the relationship among incident response plan, a disaster recovery plan and business continuity plan

Who should Attend :

  • IT Manager
  • Channel Partners
  • Customers
  • Employees


Phone: (022) 4221130
Fax: (022) 4235692
Jl. Lengkong Kecil No. 73, Gedung Labora Lantai 2, Paledang, Kota Bandung, Jawa Barat 40261