Certified Information Security Manager® (CISM®) – Curriculum
The CISM® certification is the primary certification for information security professionals who manage, design, oversee and/or assess an enterprise’s information security. This certification was developed by ISACA in response to a need for a higher-level information security credential that goes beyond the practitioner level. Developed in 2002, CISM has rapidly earned a spot among the top certifications. Did you know:
More than 1,000 CISMs serve as CIOs, CEOs or IS security directors.
More than 2,000 CISMs serve as an information security manager or in a related information security position.
Nearly 1,000 CISMs are employed in security consulting or training positions.
More than 1,000 CISMs serve as CIOs, CEOs or IS security directors.
More than 2,000 CISMs serve as an information security manager or in a related information security position.
Nearly 1,000 CISMs are employed in security consulting or training positions.
In less than two years, more than 5,000 professionals have been certified.
The CISM exam saw a 160 percent increase in registrations during its second year.
Offered for senior professionals who manage an organization’s information security and possess the knowledge and experience to implement and direct an IT security structure that manages risk effectively, the CISM designation is for managers who understand and support the closely linked relationship between business strategy and security.
Businesses today face increasingly complex security threats, and the CISM designation provides assurance to senior executives and boards of directors that their information security managers have the expertise to reduce risks and protect the organization. Professionals and their companies have responded positively to the CISM certification. In less than two years, more than 5,000 professionals have been certified, and the CISM exam saw a 160 percent increase in registrations during its second year.
Legal and regulatory issues associated with Internet businesses, global transmissions and transborder data flows
Common insurance policies and imposed conditions
Information security process improvement
Recovery time objectives (RTO) for information resources
Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
Security metrics design, development and implementation.
Information security management due diligence activities and reviews of the infrastructure.
Events affecting security baselines that may require risk reassessments
Changes to information security requirements in security plans, test plans and reperformance
Disaster recovery testing for infrastructure and critical business applications.
The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence.
External vulnerability reporting sources
The key components of cost benefit analysis and enterprise migration plans
Privacy and tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security
CISM information classification methods
Life-cycle-based risk management principles and practices.
Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
Security baselines and configuration management in the design and management of business applications and the infrastructure.
Acquisition management methods and techniques
Evaluation of vendor service level agreements, preparation of contracts)
