Certified Information Security Manager (CISM)

(CISM)/ISBN:978-1-61691-183-6

This course includes
Lessons
TestPrep
Hand-on Lab (Add-on)

Prepare for the ISACA CISM certification exam with the Certified Information Security Manager course and lab. The lab comes with a well-organized component library for every task. The CISM training course covers the CISM exam objectives and teaches how to define and design enterprise security architecture, deliver reliable service to customers, and more. The course comprehensively covers all the CISM domains including information security governance and information risk management.

Here's what you will get

The ISACA CISM certification exam validates a candidate's expertise in analyzing, implementing, and assessing security management principles. The ISACA CISM certification provides business leaders with the ability to understand complex and challenging security management issues that can impact an enterprise's success. This one-of-a-kind credential helps you become part of the best peer network and create opportunities for your career.

Lessons

5+ Lessons | 529+ Exercises | 115+ Quizzes | 107+ Flashcards | 107+ Glossary of terms

TestPrep

15+ Pre Assessment Questions | 3+ Full Length Tests | 150+ Post Assessment Questions | 450+ Practice Test Questions

Hand on lab

39+ LiveLab | 39+ Video tutorials | 52+ Minutes

Video Lessons

347+ Videos | 12:57+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Information Security Governance

  • Security Strategy
  • Information Security Governance framework
  • Integrating security governance into corporate governance
  • Security Policies: standards, procedures, and guidelines
  • Business cases to support investments
  • Internal and external influences on information security strategy
  • Management and other stakeholder commitment
  • Roles and Responsibilities
  • Measuring the effectiveness of the information security strategy

Lessons 2: Information Risk Management and Compliance

  • Information asset classification
  • Risk management, assessments, vulnerability assessments and threat analyses
  • Risk treatment options
  • Manage risk of noncompliance
  • Information security controls
  • Current and desired risk levels: Gap analysis
  • Monitoring risk

Lessons 3: Information Security Program Development and Management

  • Alignment of IS program with information security strategy
  • Information security manager's role and responsibilities in alignment
  • Information security frameworks
  • Information security architectures
  • Evaluating the effectiveness and efficiency of the IS program
  • Integrating the IS program with IT processes
  • Integrating the IS program into contracts and activities of third parties
  • Controls and countermeasures
  • Security Program Metrics and Monitoring

Lessons 4: Information Security Incident Management

  • Organizational definition and severity hierarchy for security incidents
  • Incident response plan
  • Processes for timely identification
  • Testing and review
  • Investigating and documenting information security incidents
  • Integration of incident response plan, disaster recovery plan and business continuity plan

Lessons 5: Video Tutorials

  • Introduction
  • Information Security Threats, Management, And Protection
  • Security Compliance And Strategy
  • Business Functions And Policies
  • Security Standards, Activities, And Strategy Development
  • Information Security Governance Framework
  • Regulatory Requirements And Liability Management
  • Business Case, Budgetary Reporting Methods And Planning Strategy
  • Organizational Drivers And Their Impacts
  • Commitment To Info Security
  • Management Roles And Responsibilities
  • Reporting And Communicating
  • Risks Assessment
  • Information: Classification, Ownership, And Resource Valuation
  • Baseline And BIAs
  • Risk: Countermeasures, Mitigation Strategies, And Life Cycle
  • Risk: Management And Reporting
  • Information Security Strategies And Programs
  • Security Technologies, Cryptography, And Access Controls
  • Monitoring Tools, Security Programs And Controls
  • Business Assurance Function And SLAs
  • Resources, Services, And Skills
  • Security Architecture, Model, And Deployment
  • Info Security: Policies, Awareness And Training Programs
  • Documentation
  • Organizational Processes
  • Contracts, Joint Ventures, Business Partners And Customers
  • Third Parties, Suppliers, And Subcontractors
  • Info Security Metrics
  • Goals And Methods Of Evaluating Info Security Controls
  • Vulnerability
  • Assessment Tools And Tracking Info Security Awareness Training And Education Programs
  • Evaluation And Management Metrics
  • Data Collection, Reviews, And Measurement
  • Assurance Providers, Line Management, Budgeting, And Staff Management
  • Facilities And Program Resources
  • Security Policy, Administrative Processes, And Procedures
  • Access Control, Access Security Policy Principles, And Identity Management
  • Authentication, Remote Access And User Registration
  • Procurement And Enforcing Policy Standard and Compliance
  • Third Party Relationships
  • SLAs, SDLC, And Security Enforcement
  • Maintenance, Monitoring, And Configuration Management
  • Maintaining Info Security And Due Diligence Activities
  • Info Access, Security Advice, Guidance, And Awareness
  • Stakeholders
  • Testing Info Security Control
  • Noncompliance Issues And Security Baselines
  • Incident Response And Continuity Of Operations
  • Disaster Recovery And Business Continuity Plan
  • Incident Management And Response Plan
  • Processes, Requirements, And Plans
  • Incident Response, Disaster Recovery And Business Continuity Plans
  • Forensics Procedures And Incident Review Process
  • Conclusion

Hands-on LAB Activities

Information Risk Management and Compliance

  • Demonstrating Network Mapping and Quarantining a Vulnerable System
  • Conducting Vulnerability Scanning Using Nessus
  • Performing Vulnerability Scanning Using OpenVAS
  • Performing Vulnerability Scanning Using OSSIM
  • Using Social Engineering Techniques to Plan an Attack

Information Security Program Development and Management

  • Observing an MD5-Generated Hash Value
  • Observe an SHA-Generated Hash Value
  • Assigning File or Folder Permissions
  • Configuring a Linux Firewall Using Iptables
  • Using the Windows Firewall
  • Configuring User Access Control Settings
  • Scanning Ports Using Metasploit
  • Completing the Chain of Custody
  • Configuring IPSec
  • Using OpenSSL to Create a Public/Private Key Pair
  • Configuring RAID 5
  • Configuring a VPN
  • Configuring the Audit Group Policy 
  • Defending against IP Spoofing
  • Configuring an Extended Access Control List
  • Configuring VLAN
  • Configuring Static NAT
  • Configuring Dynamic NAT
  • Scanning Using nmap
  • Configuring Snort
  • Taking an Incremental Backup
  • Taking a Full Backup
  • Restricting Local Accounts
  • Encrypting Files with EFS
  • Encrypting the Disk
  • Enabling Intrusion Prevention and Detection
  • Exploiting a Website Using SQL Injection
  • Conducting a Cross-Site Request Forgery Attack
  • Performing Session Hijacking Using Burp Suite
  • Performing ARP Spoofing
  • Attacking a Website Using XSS Injection
  • Exploiting Windows 7 Using Metasploit
  • Causing a DarkComet Trojan Infection
  • Conducting a DoS Attack Using a SYN Flood

Exam FAQs

  • ISACA Member: USD 575
  • ISACA Non-Member: USD 760

The exam consists of multiple choice questions.

ISACA has the following pre-requisites for CISM certification exam:

  • Attain and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CISM s knowledge or ability to perform CISM-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
  • Submit annual CPE maintenance fees to ISACA International Headquarters in full.
  • Attain and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting period.
  • Submit required documentation of CPE activities if selected for the annual audit.
  • Comply with ISACA's Code of Professional Ethics.

The exam contains 200 questions.

240 minutes

450

If you do not pass the exam, you can retake the exam a maximum of three (3) times in a twelve-month period.

  • To protect the integrity of ISACA s certificate exams, ISACA has implemented the following retake policy: Individuals have 4 attempts within a rolling twelve-month period to pass the exam. Those that do not pass on their first attempt are allowed to retake the exam a total of 3 more times within 12 months from the date of the first attempt.
    • Retake 1 (attempt 2): Customers must wait 30 days from the date of the first attempt
    • Retake 2 (attempt 3): Customers must wait 90 days after the date of the second attempt
    • Retake 3 (attempt 4): Customers must wait 90 days after the date of the third attempt

CISM certification expires after three years from date of issue, after which the certification holder will need to renew their certification. Click here for more information.