Cy Certified Information Security Manager (CISM)

Introducing the Certified Information Security Manager

• Role of the Certified Information Security Manager.
• Purpose of the job practices.

Information Security Governance

• Understand the following regarding governance:
  • Purpose of information security governance.
  • Understand its make up and how to achieve it.
  • Purpose of the information security strategy.
  • Understand the objectives, content and creation of the strategy.
  • Understand the meaning, content and creation of policies, standards, procedures and guidelines.
  • Development of business cases and gaining commitment from senior management for the information security program.
  • Define governance metrics requirements, selection of them and their creation.

Information Security Risk Management

• Understand the following regarding governance:
  • Recognise the importance of risk management in meeting business needs.
  • Supporting the development of an information security program to align with business needs.
  • Understand methods of identifying, prioritising and responding appropriately to risk.
  • Evaluate and assess information security controls and assure fitness for purpose.
  • Report effectively on the status of risks within the organisation.

Managing Information Security Incidents

• Understand the following regarding the management of security incidents:
  • The lifecycle of information incident management: Identifying, analysing, managing and responding to unexpected negative information security events.
  • Identify the components of an incident response plan.
  • Evaluate the effectiveness of an incident response plan.
  • Recognise the relationship between incident response, disaster recovery and business continuity planning.