CISM Exam Preparation
- Last Revised:
- 10. May 2017
- 2600.00 USD (VAT incl.)
- Not Specified
- Not Specified
- Not Specified
CISM Exam Preparation
Information Security Management: Managing security to reduce risk and protect the organization
While information has become more easily accessible and readily available, the associated risks and security threats have not only increased in number, but also complexity. As a result, the importance of ensuring that an enterprise’s information is protected has also increased. It is now more important than ever for executives to ensure that their IT security managers have the expertise needed to reduce risk and protect the enterprise.
Designed specifically for information security professionals who are preparing to sit for the CISM exam, the course focuses on the four content areas of the Certified Information Security Manager (CISM) job practice: information security governance, risk management and compliance, information security program development and management, information security incident management. Sample exam items will be used throughout the course to reinforce content and familiarize attendees with the CISM exam question format.
Day 1 – Information Security Governance
Attendees will understand the broad requirements for effective information security governance, the elements and actions required to develop an information security strategy, and be able to formulate a plan of action to implement this strategy.
· Establish and maintain an information security strategy and align the strategy with corporate governance
· Establish and maintain an information security governance framework
· Establish and maintain information security policies
· Develop a business case
· Identify internal and external influences to the organization
· Obtain management commitment
· Define roles and responsibilities
· Establish, monitor, evaluate and report metrics
Day 2 – Information Risk Management and Compliance
Students will be able to manage information security risks.
· Establish a process for information asset classification and ownership
· Identify legal, regulatory, organizational and other applicable requirements
· Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically.
· Determine appropriate risk treatment options.
· Evaluate information security controls
· Identify the gap between current and desired risk levels
· Integrate information risk management into business and IT processes
· Monitor existing risk.
· Report noncompliance and other changes in information risk
Day 3 – Information Security Program Development and Management
Students will be able to develop and manage an information security plan.
· Establish and maintain the information security program
· Ensure alignment between the information security program and other business functions
· Identify, acquire, manage and define requirements for internal and external resources
· Establish and maintain information security architectures
· Establish, communicate and maintain organizational information security standards, procedures, guidelines
· Establish and maintain a program for information security awareness and training
· Integrate information security requirements into organizational processes
· Integrate information security requirements into contracts and activities of third parties
· Establish, monitor and periodically report program management and operational metrics
Day 4 – Information Security Incident Management
Students will effectively manage information security within an enterprise and develop policies and procedures to respond to and recover from disruptive and destructive information security events.
· Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents
· Establish and maintain an incident response plan
· Develop and implement processes to ensure the timely identification of information security incidents
· Establish and maintain processes to investigate and document information security incidents
· Establish and maintain incident escalation and notification processes
· Organize, train and equip teams to effectively respond to information security incidents
· Test and review the incident response plan periodically
· Establish and maintain communication plans and processes
· Conduct post-incident reviews
· Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan
This is a binding contract, please read and understand the terms and conditions before signing as signed booking forms will not be cancelled 10 days after SAVANNAH TELECOM Management has received the registration form.
1. Terms of payment:
In order to secure your registration, payment is due in full upon receipt of invoice. Early registration is vital due to limited workshop space.
2. Right of Admission:
SAVANNAH TELECOM reserves the right to refuse admission to the conference where evidence of full payment cannot be shown.
3. Delegate Cancellation:
Provided the total fee has been settled, substitutions will be at no extra charge up till 7 days before the workshop date. Cancellations must be received in writing (14) days before the workshop in order to obtain a full credit voucher for our future events. Any cancellations received less than 14 days before the date of the conference, the full fee will be payable and no refunds or credit voucher will be given. If a delegate does not cancel and fails to attend the conference, he/she is liable for the full payment and no refund / credit voucher will be issued
4. SAVANNAH TELECOM Substitutions:
Please note that speakers and topics were confirmed at the time of publishing, however, circumstances beyond the control of the organizers may necessitate substitutions, alterations or cancellations of the speakers and/or topics. As such SAVANNAH TELECOM reserves the right to alter /modify the advertised speakers/ topics if necessary and all delegates will be notified as soon as possible.
5.SAVANNAH TELECOM Cancellation & Postponement:
In the event that SAVANNAH TELECOM Business Consulting cancels an event, delegate payments at the date of cancellation will be credited to a future SAVANNAH TELECOM conference. This credit will be available for a year from the date of issue. If the delegate is unable to attend the rescheduled conference, the delegate will receive a credit representing payments made towards a future SAVANNAH TELECOM conference & it will be available for 1 year from the date of issue. SAVANNAH TELECOM is not responsible for any loss/damage as a result of a substitution, alteration/cancellation /postponement of a conference