* All fees are exclusive of vat ** PREMIUM - Customize your learning experience
This course is designed to help candidates prepare for sitting the ISACA CISM certification examination. By taking this course and obtaining CISM certification, your experience and skills in supporting the information security needs of your organization will be validated. Securing the organization’s information is a critical business objective in today’s business environment. The information that an organization depends on to be successful can be at risk from numerous sources. By effectively managing information security, you can address these risks and ensure the organization remains healthy and competitive in the marketplace
What Do Participants Learn?
Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations
Identify and manage information security risks to achieve business objectives
Create a program to implement the information security strategy.
Implement an information security program.
Oversee and direct information security activities to execute the information security program.
Plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents.
Who Should Attend?
Information security governance
Information risk management
Information security program development
Information security program management
Incident management and response
What Will the Learning Experience Include?
Comprehensive pre-program activities include:
Web-based information forms & surveys completed by attendee.
Direct consultation with the attendee about the expectations.
During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
Participants learn from expert trainers who have both academic and business experiences.
Highly applicable training content & instructive activities for adding depth to training topics.
**A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Explore & Practice
Apply & sustain the learning experience by using this ongoing support:
To ensure participant has new skills or behavior progress.
Optional, fee-based mentoring & coaching with the trainer.
Training materials & additional documents (e-books, pdf files, presentations and articles)
Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
Section One: INFORMATION SECURITY GOVERNANCE
Develop an Information Security Strategy
Align Information Security Strategy with Corporate Governance
Identify Legal and Regulatory Requirements
Justify Investment in Information Security
Identify Drivers Affecting the Organization
Obtain Senior Management Commitment to Information Security
Define Roles and Responsibilities for Information Security
Establish Reporting and Communication Channels
Section Two: INFORMATION RISK MANAGEMENT
Implement an Information Risk Assessment Process
Determine Information Asset Classification and Ownership
Conduct Ongoing Threat and Vulnerability Evaluations
Conduct Periodic BIAs
Identify and Evaluate Risk Mitigation Strategies
Integrate Risk Management into Business Life Cycle Processes
Report Changes in Information Risk
Section Three: INFORMATION SECURITY PROGRAM DEVELOPMENT
Develop Plans to Implement an Information Security Strategy
Security Technologies and Controls
Specify Information Security Program Activities
Coordinate Information Security Programs with Business Assurance Functions
Identify Resources Needed for Information Security Program Implementation
Develop Information Security Architectures
Develop Information Security Policies
Develop Information Security Awareness, Training, and Education Programs
Develop Supporting Documentation for Information Security Policies
Section Four: INFORMATION SECURITY PROGRAM IMPLEMENTATION
Integrate Information Security Requirements into Organizational Processes
Integrate Information Security Controls into Contracts
Create Information Security Program Evaluation Metrics
Manage Information Security Program Resources
Enforce Policy and Standards Compliance
Enforce Contractual Information Security Controls
Enforce Information Security During Systems Development
Maintain Information Security Within an Organization
Provide Information Security Advice and Guidance
Provide Information Security Awareness and Training
Analyze the Effectiveness of Information Security Controls
Resolve Noncompliance Issues
Section Five: INCIDENT MANAGEMENT AND RESPONSE
Develop an Information Security Incident Response Plan
Establish an Escalation Process
Develop a Communication Process
Integrate an IRP
Test an IRP
Manage Responses to Information Security Incidents
Perform an Information Security Incident Investigation