Overview
The CISM training course is designed to provide on-the-job skills, as well as knowledge to pass the Certified Information System Manager (CISM) certification exam. This is advanced-level cybersecurity training to complete once the PenTest+, CySA+, and various higher-level certifications in Cisco and Microsoft have been completed.
The course instructor is Roger St Hilaire, with 30+ years of experience and CISM, CGEIT, MOF, TOGAF & PSP-Rainmaker Foundation Certifications.
The course will cover the following list of main areas, spanning the four domains of the CISM practice and the related tasks. The CISM Exam Preparation Course Outline is as follows:
- Information Security Defined
- Information Security Principles
- Support the Business
- Defend the Business
- Promote Responsible Information Security Behavior
DOMAIN 1 – Information Security Governance
- Section One: Designing a Strategy and Governance Framework
- Section Two: Gaining Management Approval
- Section Three: Implementing the Security Strategy
DOMAIN 2 – Information Security Risk Management
- Section One: Risk Identification
- Section Two: Risk Analysis and Treatment
- Section Three: Risk Monitoring and Reporting
DOMAIN 3 – Information Security Program Development and Management
- Section One: Alignment and Resource Management
- Section Two: Standards Awareness and Training
- Section Three: Building Security into Processes and Practices
- Section Four: Security Monitoring and Reporting
DOMAIN 4 – Information Security Incident Management
- Section One: Planning and Integration
- Section Two: Readiness and Assessment
- Section Three Identification and Response
- Exam Techniques
- ISACA Requirements for Certification:
- To facilitate the student’s understanding of ISACA’s approach to information security, and its related concepts such as risk.
- Develop an understanding of key practices in the governance, management of risk, program development, and incident management in the realm of information security.
- Ensure that the student is appropriately prepared for successful completion of the Certified Information Security Manager exam given by ISACA on the first attempt.
Curriculum
Instructor bio
Roger St Hilaire
CISM, CGEIT, CRISC, TOGAF, Certified Trainer and Governance Specialist
• Designed the first knowledge engine for UNDP Sub–Regional Resource Facility. The system
known as the Request Tracker facilitated workflow–based tracking of all queries coming into
the organization from inception along with all the work done including searches and
documents shared with the client. It tracked time used in addressing the query, the material
used to solve the query and any additional supplemental information shared with the client in
solving the issue at hand. The system keeps all queries categorized according to the UNDP
keyword data set, and was fully searchable by staff for reuse of information in solving new
queries. Additionally, the system via a single click could report on the productivity of staff by
staff member based on time period categorizing the results in the UNDP focus areas.
• Took over the management and growth of a $70 million USD dual data centre national
network system for the Trinidad and Tobago Government. Expanding it from 400+ connected
sites to 512 within one year with no breaches and increasing customer satisfaction with use
of the network. Motivated the teams and increased team moral while increasing performance
to handle upward of 2000 Queries per month with a customer satisfaction rating of 4.5 out of
a possible 5.
• Negotiated with vendors to support the organization during a crisis event to the tune of
approximately $200K USD committed support with no payback required.
• Saved a BPR client $60KUSD by reviewing and realigning the analysis of one of their
support lines. The actions improved the organization’s ability to support its field teams and
streamline its update and testing metrics for increased reliability.
• Improved security for BPR client by reviewing the processes used for information exchange,
and metrics used for management of funds on site at the retail outlets.
Course Pre–requisites
• Understanding of information security concepts
• Some background in technology and information management
Course Objective
In this course, you will learn how to:
• Design and Implement a Security Strategy and Governance Framework
• Leverage the Enterprise Risk Management Practice in the organization for identification,
analysis, treatment and monitoring of Security Risks.
• Develop and Implement a Security Program
• Manage Information Security Incident Management
Course Duration
• 18hours
Course outline
• Module 1: Introduction
• 1.1 Instructor Introduction
• 1.2 Course Introduction
• 1.3 Exam Overview
• Module 2: M1– Information Security Governance
• 2.1 Module Overview
• 2.2 InfoSec Strategic Context Part 1
• 2.3 InfoSec Strategic Context Part 2
• 2.4 GRC Strategy and Assurance
• 2.5 Roles and Responsibilities
• 2.6 GMA Tasks Knowledge and Metrics
• 2.7 IS Strategy Overview
• 2.8 Strategy Implementation
• 2.9 Strategy Development Support
• 2.10 Architecture and Controls
• 2.11 Considerations and Action Plan
• 2.12 InfoSec Prog Objectives and Wrap–Up
• Module 3: Information Security Risk Management
• 3.1 Module Overview
• 3.2 Risk Identification Task and Knowledge
• 3.3 Risk Management Strategy
• 3.4 Additional Considerations
• 3.5 Risk Analysis and Treatment Tasks & Knowledge
• 3.6 Leveraging Frameworks
• 3.7 Assessment Tools and Analysis
• 3.8 Risk Scenario Development
• 3.9 Additional Risk Factors
• 3.10 Asset Classification and Risk Management
• 3.11 Risk Monitoring and Communication
• 3.12 Information Risk Management Summary
• Module 4: InfoSec Prog Development and Management
• 4.1 Module Overview
• 4.2 Alignment and Resource Management – Task and Knowledge
• 4.3 Key Relationships
• 4.4 Standards Awareness and Training – Tasks and Knowledge
• 4.5 Awareness and Training
• 4.6 Building Security into Process and Practices – Tasks and Knowledge
• 4.7 Additional Technology Infrastructure Concerns
• 4.8 Security monitoring and reporting Overview Tasks and Knowledge
• 4.9 Metrics and Monitoring
• 4.10 Summary
• Module 5: Information Security Incident Management
• 5.1 Module Overview
• 5.2 Planning and Integration Overview Task and Knowledge
• 5.3 Incident Response Concepts and Process
• 5.4 Forensics and Recovery
• 5.5 Readiness and Assessment – Overview Tasks and Knowledge
• 5.6 Identification and Response Overview Tasks and Knowledge
• 5.7 Incident Processes
• Module 6: Exam Prep
• 6.1 Case Study – Security On a Shoestring Budget
• 6.2 Case Study – APT In Action
• 6.3 Summary
• 6.4 Exam Prep
Noluthando –
I’m forever grateful to CSI for providing such an outstanding course.