CISM

Overview

The Certified Asset Management Professional (CAMP) course provides a comprehensive understanding of IT Asset Management (ITAM) best practices and processes. It focuses on key areas such as asset lifecycle management, compliance, financial management, and strategic positioning. The course is designed to help participants build efficient ITAM programs by integrating frameworks like IT Service Management (ITSM). It also covers topics like software and hardware asset management, acquisition, disposal, and documentation management. This course is ideal for individuals seeking to enhance their knowledge of ITAM and achieve the CAMP certification, which validates their expertise in managing IT assets effectively.

Objectives

The Certified Information Security Manager (CISM) course has the following key objectives:

  • Establishing Information Security Governance: Develop the ability to create and oversee effective security governance frameworks aligned with business objectives.
  • Managing Risk: Equip professionals with skills to identify, assess, and mitigate security risks while ensuring compliance with regulatory requirements.
  • Developing and Managing Security Programs: Learn to design, implement, and manage information security programs that protect organizational assets.
  • Responding to Security Incidents: Build expertise in planning, managing, and recovering from security breaches and incidents efficiently.

Course Outline

This course is split into 4 easy-to-understand domains, which will give you in-depth knowledge about how to select and apply the most suitable
approach for different projects.

Domain 1: Information Security Governance

Introduction to Information Security Governance

  • About Information Security Governance
  • Reason for Security Governance
  • Security Governance Activities and Results
  • Risk Appetite
  • Organisation Culture

Legal, Regulatory and Contractual Requirements

  • Introduction
  • Requirements for Content and Retention of Business Records

Organisational Structures, Roles and Responsibilities

  • Roles and Responsibilities
  • Monitoring Responsibilities

Information Security Strategy Development

  • Introduction
  • Business Goals and Objectives
  • Information Security Strategy Objectives
  • Avoiding Common Pitfalls and Bias
  • Ensuring Objective and Business Integration
  • Desired State
  • Elements of a Strategy

Information Governance Frameworks and Standards

  • Security Balanced Scorecard
  • Architectural Approaches
  • Enterprise Risk Management Framework
  • Information Security Management Frameworks and Models

Strategic Planning

  • Workforce Composition and Skills
  • Assurance Provisions
  • Risk Assessment and Management
  • Action Plan to Implement Strategy
  • Information Security Program Objectives

Domain 2: Information Security Risk Management

Emerging Risk and Threat Landscape

  • Risk Identification
  • Threats
  • Defining a Risk Management Framework
  • Emerging Threats
  • Risk, Likelihood and Impact
  • Risk Register

Vulnerability and Control Deficiency Analysis

  • Introduction
  • Security Control Baselines
  • Events Affecting Security Baselines

Risk Assessment and Analysis

  • Introduction
  • Determining the Risk Management Context
  • Operational Risk Management
  • Risk Management Integration with IT Life Cycle Management Processes
  • Risk Scenarios and Risk Assessment Process
  • Risk Assessment and Analysis Methodologies
  • Other Risk Assessment Approaches
  • Risk Analysis
  • Risk Evaluation
  • Risk Ranking

Risk Treatment or Risk Response Options

  • Introduction to Risk Treatment/Risk Response Options
  • Determining Risk Capacity and Acceptable Risk
  • Risk Response Options
  • Inherent and Residual Risk
  • Risk Acceptance Framework
  • Impact and Controls
  • Legal and Regulatory Requirements
  • Costs and Benefits

Risk and Control Ownership

  • Risk Ownership and Accountability
  • Risk Owner and Control Owner

Risk Monitoring and Reporting

  • Risk Monitoring
  • Key Risk Indicators
  • Reporting Changes in Risk
  • Risk Communication, Awareness and Consulting
  • Documentation

Domain 3: Information Security Programme Development and Management

Information Security Program Resources

  • Information Security Program Objectives
  • Information Security Program Concepts
  • Common Information Security Program Challenges
  • Common Information Security Program Constraints

Information Asset Identification and Classification

  • Information Asset Identification and Valuation
  • Information Asset Valuation Strategies
  • Information Asset Classification
  • Methods to Determine Criticality of Assets and Impact of Adverse Events

Industry Standards and Frameworks for Information Security

  • Enterprise Information Security Architectures
  • Information Security Management Frameworks
  • Information Security Frameworks Components

Information Security Policies, Procedures, and Guidelines

  • Policies
  • Standards
  • Procedures
  • Guidelines

Information Security Program Metrics

  • Introduction
  • Effective Security Metrics
  • Security Program Metrics and Monitoring
  • Metrics Tailored to Enterprise Needs

Information Security Control Design and Selection

  • Introduction
  • Managing Risk Through Controls
  • Controls and Countermeasures
  • Control Categories
  • Control Design Considerations
  • Control Methods

Information Security Control Implementation and Integration

  • Introduction
  • Baseline Controls

Information Security Control Testing and Evaluation

  • Introduction
  • Control Strength
  • Control Recommendations
  • Control Testing and Modification

Information Security Awareness and Training

  • Security Awareness Training and Education
  • Developing an Information Security Awareness Program
  • Role Based Training

Management of External Services

  • Governance of Third-Party Relationships
  • Third Party Service Providers
  • Outsourcing Challenges
  • Outsourcing Contracts
  • Third-Party Access

Information Security Program Communications and Reporting

  • Program Management Evaluation
  • Plan-Do-Check-Act Cycle
  • Security Reviews and Audits
  • Compliance Monitoring and Enforcement
  • Monitoring Approaches
  • Measuring Information Security Management Performance
  • Ongoing Monitoring and Communication

Domain 4: Incident Management

Incident Response Plan

  • Relationship Between Incident Management and Incident Response
  • Goals of Incident Management and Incident Response
  • Incident Handling and Management Life Cycle
  • Outcomes of Incident Management
  • Importance of Incident Management
  • Incident Management Resources
  • Policies and Standards
  • Strategic Alignment
  • Incident Management Objectives
  • Response and Recovery Plan
  • Role of Information Security Manager in Incident Management
  • Risk Management
  • Assurance Process Integration
  • Value Delivery
  • Resource Management
  • Detailed Plan of Action for Incident Management
  • Defining Incident Management Procedures
  • Current State of Incident Response Capability
  • Developing and Incident Response Plan
  • Organising, Training and Equipping the Resource Staff
  • Incident Management Response Teams
  • Incident Notification Process
  • Challenges in Developing an Incident Management Plan

Business Impact Analysis

  • Elements of Business Impact Analysis
  • Benefits of Conducting a Business Impact Analysis

Business Continuity Plan

  • Integrating Incident Response with Business Continuity
  • Methods for Providing Continuity of Network Services
  • High-Availability Considerations
  • Insurance

Disaster Recovery Plan

  • Disaster
  • Business Continuity and Disaster Recovery Procedures
  • Recovery Operations
  • Evaluating Recovery Strategies
  • Addressing Threats
  • Recovery Sites
  • Basis for Recovery Site Selection
  • Response and Recovery Strategy Implementation

Incident Classification/Categorisation

  • Introduction
  • Escalation Process for Effective Incident Management
  • Help/Service Desk Processes for Identifying Security Incidents

Incident Management Training, Testing and Evaluation

  • Incident Management Roles and Responsibilities
  • Incident Management Metrics and Indicators
  • Performance Measurement
  • Updating Recovery Plans
  • Testing Incident Response and Business Continuity/Disaster Recovery Plans
  • Periodic Testing of the Response and Recovery Plans
  • Types of Tests
  • Testing for Infrastructure and Critical Business Applications
  • Test Results
  • Recovery Test Metrics

Incident Management Tools and Technologies

  • Incident Management Systems
  • Incident Response Technology Foundations
  • Personnel and Skills
  • Awareness Education, and Audits
  • Outsourced Security Providers

Incident Investigation and Evaluation

  • Introduction
  • Executing Response and Recovery Plans

Incident Containment Methods

  • Incident Containment Methods

Incident Response Communication

  • Introduction
  • Notification Requirements
  • Communication Networks

Incident Eradication and Recovery

  • Eradication Activities
  • Recovery

Post-incident Review Practices

  • Introduction
  • Identifying Causes and Corrective Actions
  • Documenting Events
  • Establishing Legal Procedures to Assist Post-Incident Activities
  • Requirements for Evidence
  • Legal Aspects of Forensic Evidence

Who may take the course?

The Certified Information Security Manager (CISM) course is suitable for:

  • Information Security Professionals: Those seeking to advance their careers in security management and governance.
  • IT Managers and Consultants: Individuals responsible for implementing and managing secure IT systems.
  • Risk Management Professionals: Those specializing in assessing and mitigating organizational risks.
  • Compliance Officers: Experts ensuring adherence to industry standards and regulatory requirements.
  • Aspiring Security Leaders: Individuals aiming for leadership roles in cybersecurity and information security.
  • System Administrators and Network Engineers: Professionals wanting to enhance their expertise in safeguarding infrastructure.
  • Business Executives: Leaders requiring a deeper understanding of security strategies to align with organizational goals.

Benefits

The CISM (Certified Information Security Manager) course offers several benefits, such as:

  • Career Advancement: Demonstrates expertise in information security management, opening doors to leadership roles in cybersecurity.
  • Global Recognition: CISM is a prestigious certification, recognized by organizations worldwide.
  • Enhanced Skills: Develops strategic skills in governance, risk management, and security program management.
  • Higher Earning Potential: Certified professionals often enjoy higher salaries and better job prospects.
  • Industry Compliance: Equips you to align security strategies with business and regulatory requirements.
  • Networking Opportunities: Connects you with a global community of cybersecurity professionals.
  • Boosts Organizational Value: Validates your ability to implement and manage effective security systems, contributing to organizational success.

Why choose us?

At GetLink Networks, your growth and success are our top priorities with that we offer the following:

  • Experienced Instructors: Learn from seasoned professionals with a wealth of industry experience and expertise.
  • Comprehensive Curriculum: Our courses are thoughtfully designed to combine theoretical concepts with hands-on practical learning.
  • State-of-the-Art Resources: Gain access to advanced tools, materials, and modern learning facilities for an immersive educational experience.
  • Career Guidance: Benefit from personalized résumé assistance, interview preparation, and job placement services to kickstart your career.
  • Proven Track Record: Join a community of successful alumni who have achieved their career goals through our courses.
  • Supportive Environment: Experience a collaborative and encouraging learning space where your growth is prioritized.

Fee Plan

$1399

Mode – Online

Register

Reach out to us for a consultation.

GetLink Networks offers comprehensive IT training courses online, catering to a global audience. Our expert-led programs include certifications in Networking, Cybersecurity, and various IT disciplines, ensuring our students are well-equipped for success in the tech industry.

Contact Us

Home
Courses
Blogs

About

+44 7598 981339

Email: info@getlinknetworks.com

© GetLink Networks

Privacy Policy Terms of Service