The Certified Information Security Manager course will validate the learner’s knowledge and expertise on the relationship between the information security program and the primary business target. It is a specialised course that offers hands-on experience of developing, implementing and managing an information security program within an organisation. The course will enable learners to insight into how an information security system works in a real-world environment. The CISM course means learners can enjoy career advancement and higher earning potential as it is one of the highest sought after qualifications.
The Certified Information Security Manager course will discuss security practices within an organisation, and how to manage, design and oversee the organisation’s information security.
The Certified Information Security Manager will enable individuals to demonstrate their information security management expertise. This course is groundbreaking and is a globally accepted achievement. The course is internationally recognised and accredited to a training organisation and you will be issued an internationally recognised qualification following full completion of Certified Information Security Manager course.
As improvements and advancements are made in technology, online courses are no longer just conventional means of studying at affordable costs. In many aspects online training offers superiority to traditional learning. There is an effectiveness and convenience that traditional learning cannot provide. The overall convenience and flexibility makes it a superior learning method.
1Training offers the most convenient path to gain an internationally recognised qualification that will give you the opportunity to put into practice your skill and expertise in an enterprise or corporate environment. You can study at your own pace at 1Training and you will be provided with all the necessary material, tutorials, qualified course instructor and multiple free resources which include Free CV writing pack, Nus Discounted Card, Free career support and course demo to make your learning experience enriching and more rewarding.
The course will be directly delivered to you, and you have 12 months access to the online learning platform from the date you joined the course. The course is self-paced and you can complete it in stages, revisiting the lectures at anytime.
At the end of the Certified Information Security Manager course you will be required to take a multiple choice question assessment test. The multiple choice question assessment will be automatically marked with learners receiving an instant grade.
If it is an official exam you will have to purchase it separately on the relevant website.
Those who successfully complete the exam will be awarded the certificate in Certified Information Security Manager.
The certificate will be awarded by National Initiative for Cybersecurity Careers and Studies (NICCS). This internationally recognised qualification will make your CV standout and encourage employers to see your motivation at expanding your skills and knowledge in the IT enterprise.
Once you successfully complete Certified Information Security Manager you will be qualified to work in the following positions. The Certified Information Security Manager qualification will also put you in line to demand a higher salary or job promotion. The average UK salary per annum according to https://www.payscale.com is given below.
➤ Module 01 - Information Security Governance | |||
Course Introduction | |||
1.0 Lesson 1: Information Security Governance Overview | |||
1.1 Information Security Governance Overview | |||
1.2 Importance of Information Security Governance | |||
1.3 Outcomes of Information Security Governance | |||
2.0 Lesson 2: Effective Information Security Governance | |||
2.1 Business Goals and Objectives | |||
2.2 Roles and Responsibilities of Senior Management | |||
2.3 Governance, Risk Management and Compliance | |||
2.4 Business Model for Information Security | |||
2.5 Dynamic Interconnections | |||
3.0 Lesson 3: Information Security Concepts and Technologies | |||
3.1 Information Security Concepts and Technologies | |||
3.2 Technologies | |||
4.0 Lesson 4: Information Security Manager | |||
4.1 Responsibilities | |||
4.2 Senior Management Commitment | |||
4.3 Obtaining Senior Management Commitment | |||
4.4 Establishing Reporting and Communication Channels | |||
5.0 Lesson 5: Scope and Charter of Information Security Governance | |||
5.1 Assurance Process Integration and Convergence | |||
5.2 Convergence | |||
5.3 Governance and Third-Party Relationships | |||
6.0 Lesson 6: Information Security Governance Metrics | |||
6.1 Metrics | |||
6.2 Effective Security Metrics | |||
6.3 Security Implementation Metrics | |||
6.4 Strategic Alignment | |||
6.5 Risk Management | |||
6.6 Value Delivery | |||
6.7 Resource Management | |||
6.8 Performance Measurement | |||
6.9 Assurance Process Integration/Convergence | |||
7.0 Lesson 7: Information Security Strategy Overview | |||
7.1 Another View of Strategy | |||
8.0 Lesson 8: Creating Information Security Strategy | |||
8.1 Information Security Strategy | |||
8.2 Common Pitfalls | |||
8.3 Objectives of the Information Security Strategy | |||
8.4 What is the Goal? | |||
8.5 Defining Objectives | |||
8.6 Business Linkages | |||
8.7 Business Case Development | |||
8.8 Business Case Objectives | |||
8.9 The Desired State | |||
8.10 COBIT | |||
8.11 COBIT Controls | |||
8.12 COBIT Framework | |||
8.13 Capability Maturity Model | |||
8.14 Balanced Scorecard | |||
8.15 Architectural Approaches | |||
8.16 ISO/IEC 27001 and 27002 | |||
8.17 Risk Objectives | |||
9.0 Lesson 9: Determining Current State Of Security | |||
9.1 Current Risk | |||
9.2 BIA | |||
10.0 Lesson 10: Information Security Strategy Development | |||
10.1 Elements of a Strategy | |||
10.2 The Roadmap | |||
10.3 Strategy Resources and Constraints | |||
11.0 Lesson 11: Strategy Resources | |||
11.1 Policies and Standards | |||
11.2 Definitions | |||
11.3 Enterprise Information Security Architectures | |||
11.4 Controls | |||
11.5 Countermeasures | |||
11.6 Technologies | |||
11.7 Personnel | |||
11.8 Organizational Structure | |||
11.9 Employee Roles and Responsibilities | |||
11.10 Skills | |||
11.11 Audits | |||
11.12 Compliance Enforcement | |||
11.13 Threat Assessment | |||
11.14 Vulnerability Assessment | |||
11.15 Risk Assessment | |||
11.16 Insurance | |||
11.17 Business Impact Assessment | |||
11.18 Outsourced Security Providers | |||
12.0 Lesson 12: Strategy Constraints | |||
12.1 Legal and Regulatory Requirements | |||
12.2 Physical Constraints | |||
12.3 The Security Strategy | |||
13.0 Lesson 13: Action Plan to Implement Strategy | |||
13.1 Gap Analysis | |||
13.2 Policy Development | |||
13.3 Standards Development | |||
13.4 Training and Awareness | |||
13.5 Action Plan Metrics | |||
13.6 General Metric Considerations | |||
13.7 CMM4 Statements | |||
13.8 Objectives for CMM4 | |||
13.9 Module 01 Review | |||
➤ Module 02 - Information Risk Management | |||
1.0 Lesson 1: Risk Management Overview | |||
1.1 Types of Risk Analysis | |||
1.2 The Importance of Risk Management | |||
1.3 Risk Management Outcomes | |||
1.4 Risk Management Strategy | |||
2.0 Lesson 2: Good Information Security Risk Management | |||
2.1 Context and Purpose | |||
2.2 Scope and Charter | |||
2.3 Assets | |||
2.4 Other Risk Management Goals | |||
2.5 Roles and Responsibilities | |||
3.0 Lesson 3: Information Security Risk Management Concepts | |||
3.1 Technologies | |||
4.0 Lesson 4: Implementing Risk Management | |||
4.1 The Risk Management Framework | |||
4.2 The External Environment | |||
4.3 The Internal Environment | |||
4.4 The Risk Management Context | |||
4.5 Gap Analysis | |||
4.6 Other Organizational Support | |||
4.7 Risk Analysis | |||
5.0 Lesson 5: Risk Assessment | |||
5.1 NIST Risk Assessment Methodology | |||
5.2 Aggregated or Cascading Risk | |||
5.3 Other Risk Assessment Approaches | |||
5.4 Identification of Risks | |||
5.5 Threats | |||
5.6 Vulnerabilities | |||
5.7 Risks | |||
5.8 Analysis of Relevant Risks | |||
5.9 Risk Analysis | |||
5.10 Semi-Quantitative Analysis | |||
5.11 Quantitative Analysis Example | |||
5.12 Evaluation of Risks | |||
5.13 Risk Treatment Options | |||
5.14 Impact | |||
6.0 Lesson 6: Controls Countermeasures | |||
6.1 Controls | |||
6.2 Residual Risk | |||
6.3 Information Resource Valuation | |||
6.4 Methods of Valuing Assets | |||
6.5 Information Asset Classification | |||
6.6 Determining Classification | |||
6.7 Impact | |||
7.0 Lesson 7: Recovery Time Objectives | |||
7.1 Recovery Point Objectives | |||
7.2 Service Delivery Objectives | |||
7.3 Third-Party Service Providers | |||
7.4 Working with Lifecycle Processes | |||
7.5 IT System Development | |||
7.6 Project Management | |||
8.0 Lesson 8: Risk Monitoring and Communication | |||
8.1 Risk Monitoring and Communication | |||
8.2 Other Communications | |||
8.3 Module 02 Review | |||
➤ Module 03 - Information Security Program Development | |||
1.0 Lesson 1: Development of Information Security Program | |||
1.1 Importance of the Program | |||
1.2 Outcomes of Security Program Development | |||
1.3 Effective Information Security Program Development | |||
2.0 Lesson 2: Information Security Program Objectives | |||
2.1 Program Objectives | |||
2.2 Defining Objectives | |||
2.3 Cross Organizational Responsibilities | |||
3.0 Lesson 3: Information Security Program Development Concepts | |||
3.1 Technology Resources | |||
3.2 Information Security Manager | |||
4.0 Lesson 4: Scope and Charter of Information Security Program Development | |||
4.1 Assurance Function Integration | |||
4.2 Challenges in Developing Information Security Program | |||
4.3 Pitfalls | |||
4.4 Objectives of the Security Program | |||
4.5 Program Goals | |||
4.6 The Steps of the Security Program | |||
4.7 Defining the Roadmap | |||
4.8 Elements of the Roadmap | |||
4.9 Gap Analysis | |||
5.0 Lesson 5: Information Security Management Framework | |||
5.1 Security Management Framework | |||
5.2 COBIT 5 | |||
5.3 ISO/IEC 27001 | |||
6.0 Lesson 6: Information Security Framework Components | |||
6.1 Operational Components | |||
6.2 Management Components | |||
6.3 Administrative Components | |||
6.4 Educational and Informational Components | |||
7.0 Lesson 7: Information Security Program Resources | |||
7.1 Resources | |||
7.2 Documentation | |||
7.3 Enterprise Architecture | |||
7.4 Controls as Strategy Implementation Resources | |||
7.5 Common Control Practices | |||
7.6 Countermeasures | |||
7.7 Technologies | |||
7.8 Personnel | |||
7.9 Security Awareness | |||
7.10 Awareness Topics | |||
7.11 Formal Audits | |||
7.12 Compliance Enforcement | |||
7.13 Project Risk Analysis | |||
7.14 Other Actions | |||
7.15 Other Organizational Support | |||
7.16 Program Budgeting | |||
8.0 Lesson 8: Implementing an Information Security Program | |||
8.1 Policy Compliance | |||
8.2 Standards Compliance | |||
8.3 Training and Education | |||
8.4 ISACA Control Objectives | |||
8.5 Third-party Service Providers | |||
8.6 Integration into Lifecycle Processes | |||
8.7 Monitoring and Communication | |||
8.8 Documentation | |||
8.9 The Plan of Action | |||
9.0 Lesson 9: Information Infrastructure and Architecture | |||
9.1 Managing Complexity | |||
9.2 Objectives of Information Security Architectures | |||
9.3 Physical and Environmental Controls | |||
10.0 Lesson 10: Information Security Program | |||
10.1 Information Security Program Deployment Metrics | |||
10.2 Metrics | |||
10.3 Strategic Alignment | |||
10.4 Risk Management | |||
10.5 Value Delivery | |||
10.6 Resource Management | |||
10.7 Assurance Process Integration | |||
10.8 Performance Measurement | |||
10.9 Security Baselines | |||
11.0 Lesson 11: Security Program Services and Operational Activities | |||
11.1 IS Liaison Responsibilities | |||
11.2 Cross-Organizational Responsibilities | |||
11.3 Security Reviews and Audits | |||
11.4 Management of Security Technology | |||
11.5 Due Diligence | |||
11.6 Compliance Monitoring and Enforcement | |||
11.7 Assessment of Risk and Impact | |||
11.8 Outsourcing and Service Providers | |||
11.9 Cloud Computing | |||
11.10 Integration with IT Processes | |||
11.11 Module 03 Review | |||
➤ Module 04 - Information Security Incident Management | |||
1.0 Lesson 1: Incident Management Overview | |||
1.1 Incident Management Overview | |||
1.2 Types of Events | |||
1.3 Goals of Incident Management | |||
2.0 Lesson 2: Incident Response Procedures | |||
2.1 Incident Response Procedures | |||
2.2 Importance of Incident Management | |||
2.3 Outcomes of Incident Management | |||
2.4 Incident Management | |||
2.5 Concepts | |||
2.6 Incident Management Systems | |||
3.0 Lesson 3: Incident Management Organization | |||
3.1 Incident Management Organization | |||
3.2 Responsibilities | |||
3.3 Senior Management Commitment | |||
4.0 Lesson 4: Incident Management Resources | |||
4.1 Policies and Standards | |||
4.2 Incident Response Technology Concepts | |||
4.3 Personnel | |||
4.4 Roles and Responsibilities (eNotes) | |||
4.5 Skills | |||
4.6 Awareness and Education | |||
4.7 Audits | |||
5.0 Lesson 5: Incident Management Objectives | |||
5.1 Defining Objectives | |||
5.2 The Desired State | |||
5.3 Strategic Alignment | |||
5.4 Other Concerns | |||
6.0 Lesson 6: Incident Management Metrics and Indicators | |||
6.1 Implementation of the Security Program Management | |||
6.2 Management Metrics and Monitoring | |||
6.3 Other Security Monitoring Efforts | |||
7.0 Lesson 7: Current State of Incident Response Capability | |||
7.1 Threats | |||
7.2 Vulnerabilities | |||
8.0 Lesson 8: Developing an Incident Response Plan | |||
8.1 Elements of an Incident Response Plan | |||
8.2 Gap Analysis | |||
8.3 BIA | |||
8.4 Escalation Process for Effective IM | |||
8.5 Help Desk Processes for Identifying Security Incidents | |||
8.6 Incident Management and Response Teams | |||
8.7 Organizing, Training, and Equipping the Response Staff | |||
8.8 Incident Notification Process | |||
8.9 Challenges in making an Incident Management Plan | |||
9.0 Lesson 9: BCP/DRP | |||
9.1 Goals of Recovery Operations | |||
9.2 Choosing a Site Selection | |||
9.3 Implementing the Strategy | |||
9.4 Incident Management Response Teams | |||
9.5 Network Service High-availability | |||
9.6 Storage High-availability | |||
9.7 Risk Transference | |||
9.8 Other Response Recovery Plan Options | |||
10.0 Lesson 10: Testing Response and Recovery Plans | |||
10.1 Periodic Testing | |||
10.2 Analyzing Test Results | |||
10.3 Measuring the Test Results | |||
11.0 Lesson 11: Executing the Plan | |||
11.1 Updating the Plan | |||
11.2 Intrusion Detection Policies | |||
11.3 Who to Notify about an Incident | |||
11.4 Recovery Operations | |||
11.5 Other Recovery Operations | |||
11.6 Forensic Investigation | |||
11.7 Hacker / Penetration Methodology | |||
11.8 Domain 04 Review | |||
11.9 Course Closure |