This 4-days course is not an official ISACA training course; however, it is led by a Certified Information Security Manager (CISM) with over a decade of experience and familiarity with the ISACA resources. The training material is built from the latest version of review manual and QAE books but reorganized into an easy to-understand format.

Preparing for the ISACA's CISM examination

Day 1

• About ISACA
• Knowledge structure
• Domain 1 – Information Security Governance
  • Importance of Information Security Governance
  • Organizational Culture
  • Legal, Regulatory and Contractual Requirements
  • Organizational Structures, Roles and Responsibilities
  • Information Security Strategy Development
  • Information Governance Frameworks and Standards
  • Strategic Planning
  • Sample questions
  • Case study

Day 2

• Domain 2 – Information Security Risk Management
  • Emerging Risk and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Analysis, Evaluation and Assessment
  • Risk Treatment/Risk Response Options
  • Risk and Control Ownership
  • Risk Monitoring and Reporting
• Sample questions
• Case study

Day 3

• Domain 3 – Information Security Program
  • Information Security Program Overview
  • Information Security Program Resources
  • Information Asset Identification and Classification
  • Industry Standards and Frameworks for Information Security
  • Information Security Policies, Procedures and Guidelines
  • Defining an Information Security Program Road Map
  • Information Security Program Metrics
  • Information Security Control Design and Selection
  • Information Security Control Implementation and Integration
  • Information Security Control Testing and Evaluation
  • Information Security Awareness and Training
  • Integration of the Security Program With IT Operations
  • Management of External Services and Relationships
  • Information Security Program Communications and Reporting
• Sample questions
• Case study

Day 4

• Domain 4 – Incident Management
  • Incident Management and Incident Response Overview
  • Incident Management and Incident Response Plans
  • Business Impact Analysis
  • Business Continuity Plan
  • Disaster Recovery Plan
  • Incident Classification/Categorization
  • Incident Management Training, Testing and Evaluation
  • Incident Management Tools and Technologies
  • Incident Investigation and Evaluation
  • Incident Containment Methods
  • Incident Response Communications
  • Incident Eradication and Recovery
  • Post-Incident Review Practices
• Sample questions
• Case study
• Recommendation on exam preparation