CISM (Certified Information Security Manager)
CISM (pronounced siz-zm) is a certification offered by ISACA that validates your knowledge and expertise in managing enterprise information security teams. Getting CISM certified puts you in high demand with employers around the world that recognize the achievement and capability CISM certification represents. CISM shows that you have an all-around knowledge of technical competence and an understanding of business objectives around data security.
ISACA CISM is used to be a manual exam, but over the years it has evolved into a Computer-Based Testing method, which ensures even more accuracy and reliability for its candidates. It is consisting of 150 questions that you need to clear within 240 minutes. This exam is available in various languages, such as Chinese, English, Japanese, Korean, and Spanish. It is held at the PSI testing centers around the world.
1. Information Security Governance – 24%
Strength, opportunities, weaknesses, threats, and all the required techniques to develop a successful information security strategy;
Knowledge of this field in relation to the objectives and goals of a business;
Knowledge of worldwide information security governance and its role in strategy development;
Knowledge and skills in implementing the methods of information security governance;
Knowledge of using and establishing available methods of reporting in an organization.
As for the tasks that you should be able to perform, they include the following:
Effectively manage risks and determine whether information security controls are appropriate or not;
Determine the risk factors to ensure proper management;
To enable a consistent and precise information risk management program, it should be integrated into the business and IT processes.
2. Information Risk Management – 30%
Knowledge of the management of internal or external risk factors;
Knowledge of analysis methodologies and risk assessment;
Knowledge of risk reporting requirements;
Knowledge of threats, reliability, and current sources of information;
Knowledge of the changes to information security program elements and events that may require risk reassessments;
Knowledge of gap analysis related to information security.
Besides that, this section will test your skills in the following:
Maintaining and establishing the information security program in line with the information security strategy;
To ensure whether the information security program adds value and protects the business, one should know how to align the information security program with the operational objectives of other functions of the business;
To evaluate the effectiveness and efficiency of information security management, one should know how to monitor and analyze program management and operational metrics;
Establishing a program for information security awareness and training for the effectiveness of security statistics.
3. Information Security Program Development and Management – 27%
Knowledge of the certifications, training, and skills required for information security;
Knowledge and ability to implement the proper effectiveness and procedures of information security along with its policies;
Knowledge and skills in managing, identifying, and defining the necessary requirements for internal and external resources;
Knowledge and skills in implementing the rules into contracts, agreements, and third-party management processes;
Knowledge of the techniques to communicate this program to the stakeholders.
Establish proper information security incidents to allow the accuracy in responding to incidents;
Make sure to test, review, and revise the incident response to ensure the effectiveness and improve response capabilities;
Make sure to carry out reviews of incidents afterwards to know the exact cause of certain situations to avoid its probability in the future;
Maintain the integration of a incident response plan and a disaster recovery plan.
4. Information Security Incident Management – 19%
Knowledge of the main components of an incident response plan and the concepts and practices of its management;
Knowledge and ability to effectively equip incident response teams through their training and tools;
Knowledge of the relationship of business continuity planning and disaster recovery planning to the incident response plan;
Knowledge of escalation processes;
To detect and analyze information security events, one should have knowledge of technologies
0TAKE THIS COURSE