Certified Information Security Manager Course (CISM)

This course is designed for managers and senior professionals in information security who intend to take the Certified Information Security Manager (CISM) examination. Recognised internationally, CISM certification is issued by the Information Systems Audit and Control Association (ISACA). The curriculum covers all four of the key domains addressed in the exam: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.

Overview

Graeme Parker – CISSP, CCP-SIRA, CDPO, CISA, CISM, CCSK, CDPSE, ISO 27001 Master, is a cyber security professional and director of a security specialist consultancy.

Graeme has a broad cyber security background and proven expertise with in security having taken a number of high profile businesses through security improvement projects, and having gained experience in industries such as finance, insurance, healthcare, government, manufacturing and the charitable sector. Graeme also works for a number of certification bodies as an ISO 27001 Lead Auditor conducting certification audits in the UK and overseas.

Graeme started his career in IT in the banking sector before successfully implementing BS 7799 the forerunner to ISO 27001, in a number of UK National Health Service organisations. Following that Graeme worked for some major IT leaders including Capita, Fujitsu, Hewlett Packard and Cap Gemini leading a number of security projects across a range of challenging industries. Graeme has lead several organisations to ISO 27001 certification, developed security architectures and lead the implementation of complex security programmes.

Graeme has produced white papers on a number of security topics and developed risk methods for Information Security and Business Continuity and is a regular speaker at events covering security topics.

Graeme’s main expertise is being able to develop security solutions which align to business needs and deliver pragmatic solutions in response to the organisation’s risk approach. Graeme has in depth experience of working with suppliers to ensure the resilience and security of the supply chain a risk area often overlooked by many organisations.

Graeme holds a number of professional qualifications and also teaches CISSP, CISA and CISM courses and has a technical background holding the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) and Blockchain Council Certified Blockchain Expert (CBE) as well as operating as a UK Government Senior Information Risk Advisor.

Graeme delivers courses for several training companies as well as delivering private courses to organisations including Computer Sciences Corporation (CSC), Central Bank of Ireland, Ericson, ING, Novartis, Deloite and Unisys. Graeme teaches these courses to customers around the world having recently delivered successful courses in the UK, Qatar, Saudi Arabia, Portugal, Canada, Romania, Italy, Sweden, Croatia, Germany, Netherlands, Kazakhstan, Mongolia, Indonesia, Malaysia, Suriname, Ukraine, Jamaica, Bahamas, Thailand, Nigeria, Fiji and the USA.

Prerequisites

Participants must possess basic knowledge about the different domains that will be addressed in the CISM exam. The course is an intensive review in preparation for the examination, not basic training.

Participants must understand English since the provided documentation is written in that language.

Exam

The certification exam is not included with the course. To apply for the examination, go to the official web site of ISACA (www.isaca.org).

CISM certification is based on a multiple-choice exam consisting of 150 questions about the 4 domains – Length: 4 hours.

Agenda

• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management
• Exam Preparation: Practice Exam, questions-answers

Learning Outcomes

• Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations
• Identify and manage information security risks to achieve business objectives
• Design, develop and manage an information security program to implement the information security governance framework
• Oversee and direct information security activities to execute the information security program
• Develop and manage a capability to respond to and recover from disruptive and destructive information security events
• Fully understand the theory and practice of the 37 task statements and 60 knowledge statements