Back
Courses
Back to Catagories
CISM Certified Information Security Manager
What is CISM Certified Information Security Manager?
The CISM Certified Information Security Manager course from Oakwood is designed to provide professionals with the skills and knowledge required to effectively manage and oversee an organisation's information security program. This comprehensive course covers the key areas of information security governance, risk management, incident response, and program development, all while aligning with international standards and best practices.
This course is ideal for individuals aiming to pursue or advance their career in information security management. Learners will gain a deep understanding of how to manage the security lifecycle, ensure compliance with regulations, and protect organisational assets from cyber threats. The course provides practical insights on designing robust information security programs, performing risk assessments, and creating incident response plans to safeguard information across the organisation.
Over the course of this 4-day training, participants will explore the core concepts of information security management and how they apply to real-world scenarios. With expert guidance, learners will engage in case studies, discussions, and practical exercises to develop the skills needed to lead an information security program effectively. By the end of this training, learners will be fully prepared to take the CISM exam and become certified Information Security Managers.
Course Objectives
To understand the key principles of information security management
To learn how to design, implement, and manage information security programs
To evaluate and mitigate information security risks effectively
To develop and manage an incident response plan for cyber security threats
To ensure compliance with legal, regulatory, and contractual requirements
To align information security programs with organisational goals and objectives
Upon completion of the course, learners will have the expertise to manage information security risks, lead security teams, and drive the implementation of effective security measures across their organisation, positioning themselves for success in the CISM certification exam.
Course Outline
CISM Certified Information Security Manager
Domain 1: Information Security Governance
Module 1: Introduction to Information Security Governance
- About Information Security Governance
- Reason for Security Governance
- Security Governance Activities and Results
- Risk Appetite
- Organisation Culture
Module 2: Legal, Regulatory and Contractual Requirements
- Introduction
- Requirements for Content and Retention of Business Records
Module 3: Organisational Structures, Roles and Responsibilities
- Roles and Responsibilities
- Monitoring Responsibilities
Module 4: Information Security Strategy Development
- Introduction
- Business Goals and Objectives
- Information Security Strategy Objectives
- Ensuring Objective and Business Integration
- Avoiding Common Pitfalls and Bias
- Desired State
- Elements of a Strategy
Module 5: Information Governance Frameworks and Standards
- Security Balanced Scorecard
- Architectural Approaches
- Enterprise Risk Management Framework
- Information Security Management Frameworks and Models
Module 6: Strategic Planning
- Workforce Composition and Skills
- Assurance Provisions
- Risk Assessment and Management
- Action Plan to Implement Strategy
- Information Security Programme Objectives
Domain 2: Information Security Risk Management
Module 7: Emerging Risk and Threat Landscape
- Risk Identification
- Threats
- Defining a Risk Management Framework
- Emerging Threats
- Risk, Likelihood and Impact
- Risk Register
Module 8: Vulnerability and Control Deficiency Analysis
- Introduction
- Security Control Baselines
- Events Affecting Security Baselines
Module 9: Risk Assessment and Analysis
- Introduction
- Determining the Risk Management Context
- Operational Risk Management
- Risk Management Integration with IT Life Cycle Management Processes
- Risk Scenarios
- Risk Assessment Process
- Risk Assessment and Analysis Methodologies
- Other Risk Assessment Approaches
- Risk Analysis
- Risk Evaluation
- Risk Ranking
Module 10: Risk Treatment or Risk Response Options
- Risk Treatment/Risk Response Options
- Determining Risk Capacity and Acceptable Risk
- (Risk Appetite)
- Risk Response Options
- Risk Acceptance Framework
- Inherent and Residual Risk
- Impact
- Controls
- Legal and Regulatory Requirements
- Costs and Benefits
Module 11: Risk and Control Ownership
- Risk Ownership and Accountability
- Risk Owner
- Control Owner
Module 12: Risk Monitoring and Reporting
- Risk Monitoring
- Key Risk Indicators
- Reporting Changes in Risk
- Risk Communication, Awareness and Consulting
- Documentation
Domain 3: Information Security Programme Development and Management
Module 13: Information Security Programme Resources
- Introduction
- Information Security Programme Objectives
- Information Security Programme Concepts
- Common Information Security Programme Challenges
- Common Information Security Programme Constraints
Module 14: Information Asset Identification and Classification
- Information Asset Identification and Valuation
- Information Asset Valuation Strategies
- Information Asset Classification
- Methods to Determine Criticality of Assets and Impact of Adverse Events
Module 15: Industry Standards and Frameworks for Information Security
- Enterprise Information Security Architectures
- Information Security Management Frameworks
- Information Security Frameworks Components
Module 16: Information Security Policies, Procedures, and Guidelines
- Policies
- Standards
- Procedures
- Guidelines
Module 17: Information Security Programme Metrics
- Introduction
- Effective Security Metrics
- Security Programme Metrics and Monitoring
- Metrics Tailored to Enterprise Needs
Module 18: Information Security Control Design and Selection
- Introduction
- Managing Risk Through Controls
- Controls and Countermeasures
- Control Categories
- Control Design Considerations
- Control Methods
Module 19: Security Programme Management
- Risk Management
- Risk Management Programme
- Risk Treatment
- Audit and Reviews
- Third-Party Risk Management
Module 20: Security Programme Operations
- Event Monitoring
- Vulnerability Management
- Security Engineering and Development
- Network Protection
- Endpoint Protection and Management
- Identity and Access Management
- Security Incident Management
- Security Awareness Training
- Managed Security Service Providers
- Data Security
- Cryptography
- Symmetric Key Algorithms
Module 21: IT Service Management
- Service Desk
- Incident Management
- Problem Management
- Change Management
- Configuration Management
- Release Management
- Service Levels Management
- Financial Management
- Capacity Management
- Service Continuity Management
- Availability Management
- Asset Management
Module 22: Controls
- Internal Control Objectives
- Information Systems Control Objectives
- General Computing Controls
- Control Frameworks
- Controls Development
- Control Assessment
Module 23: Metrics and Monitoring
- Types of Metrics
- Audiences
- Continuous Improvement
Domain 4: Information Security Incident Management
Module 24: Security Incident Response Overview
- Phases of Incident Response
Module 25: Incident Response Plan Development
- Objectives
- Maturity
- Resources
- Roles and Responsibilities
- Gap Analysis
- Plan Development
Module 26: Responding to Security Incidents
- Detection
- Initiation
- Evaluation
- Recovery
- Remediation
- Closure
- Post-Incident Review
Module 27: Business Continuity and Disaster Recovery Planning
- Business Continuity Planning
- Disaster
- Disaster Recovery Planning
- Testing BC and DR Planning
Included
Included
- No course includes are available.
Offered In This Course:
-
Video Content
-
eLearning Materials
-
Study Resources
-
Completion Certificate
-
Tutor Support
-
Interactive Quizzes
Individual Training
Individual Training fosters personal growth, enhances professional skills, and builds confidence.
Get a Quote
Corporate Training
Corporate Training improves employee skills, increases productivity, and aligns teams with company objectives.
Learning Options
Discover a range of flexible learning options designed to meet your needs. Select the format that best supports your personal growth and goals.
Online Instructor-Led Training
- Live virtual classes led by experienced trainers, offering real-time interaction and guidance for optimal learning outcomes.
Online Self-Paced Training
- Flexible learning at your own pace, with access to comprehensive course materials and resources available anytime, anywhere.
Build your future with Oakwood International
We empower you with the skills, knowledge, and confidence to excel in your career. Join us and take the first step towards realising your professional goals.
What our Students Say
Taking the ILM Level 5 Certificate in Leadership and Management with Oakwood International has significantly boosted our team's performance. The course provided practical insights that I’ve applied to improve efficiency and operational success.
The ILM Level 5 Certificate in Leadership and Management at Oakwood provided me with the practical skills to lead more effectively. The course content was perfectly balanced, enabling me to apply what I learned immediately to enhance departmental performance.
Completing Oakwood’s Coaching and Mentoring Level 3 course was a transformative experience. The tools and techniques I gained have helped me improve team collaboration and enhance performance through more effective coaching.
The CIPD Level 5 Certificate in Human Resource Management of the Oakwood Internationals offered in-depth knowledge of HR practices. The experienced instructors and practical content made the course not only informative but also highly applicable to my work.
The CIPD Level 5 Diploma in Human Resource Management course at Oakwood Internationals was a turning point in my career. It gave me the confidence to lead my team with a more collaborative and strategic approach, driving stronger results.
Frequently Asked Questions
Q. What is the duration of the CISM Certified Information Security Manager course?
The course lasts for 4 days, providing in-depth training on information security governance, risk management, incident response, and program development to prepare you for the CISM exam.
Q. Do I need prior experience in information security to take this course?
While prior experience in IT security is helpful, it is not mandatory. This course is designed for individuals with a basic understanding of information security, and it provides the knowledge necessary for those new to the field or looking to expand their skills.
Q. Will this course prepare me for the CISM exam?
Yes, this course thoroughly prepares you for the CISM exam by covering all the key domains of the CISM certification, including security governance, risk management, incident response, and program management.
Q. What skills will I gain from this course?
Upon completing the course, you will gain the skills to design, implement, and manage effective information security programs, perform risk assessments, ensure compliance with regulations, and manage incident response strategies.
Q. Is this course recognised internationally?
Yes, CISM certification is globally recognised. This course prepares you to earn the CISM certification, which is highly valued by employers worldwide in the field of information security management.
