Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM)
Information Risk Management (Part 1)
Information Risk Management (Part 2)
Information Security Governance (Part 1)
Information Security Governance (Part 2)
Information Security Incident Management (Part 1)
Information Security Incident Management (Part 2)
Information Security Program Development and Management (Part 1)
Information Security Program Development and Management (Part 2)

Information Risk Management (Part 1)

Course Number:
sp_cesm_a03_it_enus
Lesson Objectives

Information Risk Management (Part 1)

  • start the course
  • recognize information asset classification
  • assign ownership of assets and risk
  • evaluate impacts of events on information assets
  • monitor internal and external risk factors
  • recognize information asset valuation methods
  • specify legal, regulatory, and organizational requirements
  • recognize information security threat sources
  • identify events needing risk reassessment
  • define information threats, vulnerabilities, and exposures
  • describe what is involved with information risk management

Overview/Description
This course covers managing information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives. You will also prepare for the CISM exam Domain 2.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Information Risk Management (Part 2)

Course Number:
sp_cesm_a04_it_enus
Lesson Objectives

Information Risk Management (Part 2)

  • start the course
  • identify risk assessment and analysis methodologies
  • prioritize risk scenarios and treatment
  • specify risk reporting requirements
  • apply risk treatment and response methodologies
  • compare control baselines and standards
  • analyze information security controls and methods
  • describe information security gap analysis techniques
  • define risk management for business and IT processes
  • specify compliance reporting requirements and processes
  • perform cost benefit analysis for risk assessment
  • describe information risk management

Overview/Description
In this course, you will learn to manage information risk to an acceptable level, based on risk appetite in order to meet organizational goals and objectives. This course helps prepare you for the CISM exam Domain 2.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Information Security Governance (Part 1)

Course Number:
sp_cesm_a01_it_enus
Lesson Objectives

Information Security Governance (Part 1)

  • start the course
  • identify InfoSec strategy techniques
  • compare InfoSec relationships to key factors
  • describe InfoSec governance frameworks
  • recognize concepts of governance
  • recall standards, frameworks, and best practices
  • define governance planning, design, and implementation
  • work with integrating into corporate governance
  • specify the contributing factors for InfoSec development
  • recognize developing business cases
  • describe strategic budgetary planning and reporting
  • describe InfoSec governance

Overview/Description
This course helps the learner establish and maintain an information security governance framework and supporting processes aligned with organizational goals and objectives. The course will help you prepare for the CISM exam Domain 1.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Information Security Governance (Part 2)

Course Number:
sp_cesm_a02_it_enus
Lesson Objectives

Information Security Governance (Part 2)

  • start the course
  • recognize the impact of internal and external influences
  • obtain commitment from senior leadership and stakeholders by using key information
  • specify the methods and considerations of senior leadership and stakeholder communication
  • define the responsibilities of the InfoSec manager
  • describe the types of organizational structures, lines of authority, and escalation points
  • recognize information security responsibilities of staff across the organization
  • recognize processes to monitor performance of InfoSec responsibilities
  • describe reporting and communication channels
  • work with key information security metrics
  • define InfoSec governance

Overview/Description
This course helps the learner establish and maintain an information security governance framework and supporting processes aligned with organizational goals and objectives. The course helps prepare the student for the CISM exam Domain 1.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Information Security Incident Management (Part 1)

Course Number:
sp_cesm_a07_it_enus
Lesson Objectives

Information Security Incident Management (Part 1)

  • start the course
  • describe incident management concepts
  • define components of an incident response plan (IRP)
  • map the BCP and DRP to the IRP
  • specify methods for incident classification and categorization
  • define incident containment methods
  • describe notification and escalation processes
  • define roles and responsibilities in security Incidents
  • know IRT training, tools, and equipment
  • classify forensic requirements for handling evidence
  • describe security incident management

Overview/Description
In this course, the candidate will learn how to plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents. This course helps prepare the student for the CISM exam Domain 4.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Information Security Incident Management (Part 2)

Course Number:
sp_cesm_a08_it_enus
Lesson Objectives

Information Security Incident Management (Part 2)

  • start the course
  • describe incident reporting requirements and procedures
  • define post-incident review practices and investigations
  • quantify damages, costs and business impacts
  • detect, log, analyze and document events
  • classify resources for investigation of incidents
  • identify impact of changes to the environment
  • know techniques to test the incident response plan
  • specify regulatory, legal and organization requirements
  • define KPIs and metrics to evaluate the response plan
  • define InfoSec security management

Overview/Description
In this course, the candidate will learn how to plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents. This course helps prepare the student for the CISM exam Domain 4.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Information Security Program Development and Management (Part 1)

Course Number:
sp_cesm_a05_it_enus
Lesson Objectives

Information Security Program Development and Management (Part 1)

  • start the course
  • align security programs with business functions
  • acquire and manage resource requirements
  • recognize current and emerging security technologies
  • design and implement security controls
  • apply information security controls and resources
  • define security standards, procedures, and guidelines
  • describe regulations, standards, frameworks, and practices
  • implement information security standards
  • describe program development and control

Overview/Description
In this course, you will explore information security programs that align the organization's assets to information security strategy and business goals. This course will help prepare you for the CISM exam Domain 3.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Information Security Program Development and Management (Part 2)

Course Number:
sp_cesm_a06_it_enus
Lesson Objectives

Information Security Program Development and Management (Part 2)

  • start the course
  • describe skills training for information security personnel
  • develop security awareness and training programs
  • integrate mandates into organizational processes
  • define contracts, agreements, and third parties
  • review and evaluate third-party contracts and agreements
  • implement operational security metrics
  • test the effectiveness of security controls
  • communicate program status to key stakeholders
  • describe program development and management

Overview/Description
In this course, you will explore information security programs that align the organization's assets to information security strategy and business goals. This course will also help prepare you for the CISM exam Domain 3.

Target Audience
Security practitioners who have at least five years of work experience in the field of information security, and with at least three years in the role of information security manager

Close Chat Live