Certified Information Security Manager® (CISM®) affirms your ability to assess risks, implement effective governance, and proactively respond to incidents. With a highlight on emerging technologies such as AI and blockchain, it guarantees your skillset meets evolving security threats and industry requirements. By addressing top-of-mind concerns like data breaches and ransomware attacks, crucial for IT professionals, this certification ensures you are staying ahead of the pace of change.
Course Content
Domain 1: Information Security Governance
Domain 2: Information Security Risk Management
Domain 3: Information Security Program
Domain 4: Incident Management
Lesson 1.1: Governance Framework Development
You don't currently have access to this content
5 Topics
1 Quiz
Aligning security strategy with business objectives (COBIT 2019, NIST CSF)
You don't currently have access to this content
Roles of board, executives, and security steering committees
You don't currently have access to this content
Developing and maintaining the information security strategy plan
You don't currently have access to this content
Establishing a security governance organizational structure
You don't currently have access to this content
Integrating security into enterprise architecture and strategic planning
You don't currently have access to this content
Domain 1, Lesson 1.1: Governance Framework Development
You don't currently have access to this content
Lesson 1.2: Laws & Regulations
You don't currently have access to this content
5 Topics
1 Quiz
GDPR, CCPA, HIPAA compliance mapping
You don't currently have access to this content
Industry standards (PCI DSS, ISO 27001) integration
You don't currently have access to this content
Legal and regulatory compliance requirements analysis
You don't currently have access to this content
Contractual and third-party agreement compliance
You don't currently have access to this content
Privacy principles and data protection impact assessments
You don't currently have access to this content
Domain 1, Lesson 1.2: Laws & Regulations
You don't currently have access to this content
Lesson 1.3: Security Metrics & Reporting
You don't currently have access to this content
5 Topics
1 Quiz
KRIs and KPIs for security governance
You don't currently have access to this content
Dashboard development for executive communication
You don't currently have access to this content
Defining and collecting baseline and performance metrics
You don't currently have access to this content
Analyzing and reporting on governance effectiveness
You don't currently have access to this content
Using metrics to drive strategic security investments
You don't currently have access to this content
Domain 1, Lesson 1.3: Security Metrics & Reporting
You don't currently have access to this content
Lesson 2.1: Risk Assessment Methodologies
You don't currently have access to this content
5 Topics
1 Quiz
Qualitative vs. quantitative risk analysis (FAIR, OCTAVE)
You don't currently have access to this content
Third-party risk management (TPRM) frameworks
You don't currently have access to this content
Asset identification and valuation methodologies
You don't currently have access to this content
Threat modeling and vulnerability analysis techniques
You don't currently have access to this content
Risk identification, analysis, and evaluation processes
You don't currently have access to this content
Domain 2, Lesson 2.1: Risk Assessment Methodologies
You don't currently have access to this content
Lesson 2.2: Risk Treatment Strategies
You don't currently have access to this content
5 Topics
1 Quiz
Risk appetite vs. tolerance statements
You don't currently have access to this content
Insurance, outsourcing, and risk transfer options
You don't currently have access to this content
Risk mitigation, avoidance, and acceptance strategies
You don't currently have access to this content
Implementing and managing risk treatment plans
You don't currently have access to this content
Continuous monitoring and review of risk treatment effectiveness
You don't currently have access to this content
Domain 2, Lesson 2.2: Risk Treatment Strategies
You don't currently have access to this content
Lesson 2.3: Emerging Risk Landscape
You don't currently have access to this content
5 Topics
1 Quiz
Cloud security risks (Shared Responsibility Model)
You don't currently have access to this content
AI/ML threat modeling
You don't currently have access to this content
IoT and OT (Operational Technology) security challenges
You don't currently have access to this content
Managing risks from remote work and BYOD policies
You don't currently have access to this content
Geopolitical and supply chain risk considerations
You don't currently have access to this content
Domain 2, Lesson 2.3: Emerging Risk Landscape
You don't currently have access to this content
Lesson 3.1: Program Development & Management
You don't currently have access to this content
5 Topics
1 Quiz
Security awareness training strategies (phishing simulations)
You don't currently have access to this content
Secure SDLC integration (DevSecOps)
You don't currently have access to this content
Defining the program roadmap and strategic objectives
You don't currently have access to this content
Security program scope and charter development
You don't currently have access to this content
Program communications and stakeholder engagement
You don't currently have access to this content
Domain 3, Lesson 3.1: Program Development & Management
You don't currently have access to this content
Lesson 3.2: Security Controls Implementation
You don't currently have access to this content
5 Topics
1 Quiz
Technical controls (DLP, SIEM, PAM)
You don't currently have access to this content
Administrative controls (policies, procedures)
You don't currently have access to this content
Physical and environmental security controls
You don't currently have access to this content
Control frameworks and baseline selection (NIST SP 800-53, CIS Controls)
You don't currently have access to this content
Control testing, evaluation, and assurance methods
You don't currently have access to this content
Domain 3, Lesson 3.2: Security Controls Implementation
You don't currently have access to this content
Lesson 3.3: Resource & Budget Management
You don't currently have access to this content
5 Topics
1 Quiz
Security ROI calculation
You don't currently have access to this content
Vendor management (MSSPs, cloud providers)
You don't currently have access to this content
Building and justifying the security budget
You don't currently have access to this content
Security team structure, roles, and competency development
You don't currently have access to this content
Managing capital expenditures (CapEx) vs. operational expenditures (OpEx) for security
You don't currently have access to this content
Domain 3, Lesson 3.3: Resource & Budget Management
You don't currently have access to this content
Lesson 4.1: Incident Response Planning
You don't currently have access to this content
5 Topics
1 Quiz
NIST SP 800-61 incident handling phases
You don't currently have access to this content
Tabletop exercise design
You don't currently have access to this content
Developing the Incident Response Plan (IRP) and playbooks
You don't currently have access to this content
Establishing the Computer Security Incident Response Team (CSIRT)
You don't currently have access to this content
Incident classification and severity categorization schemes
You don't currently have access to this content
Domain 4, Lesson 4.1: Incident Response Planning
You don't currently have access to this content
Lesson 4.2: Business Continuity Integration
You don't currently have access to this content
5 Topics
1 Quiz
RTO/RPO determination
You don't currently have access to this content
Disaster recovery testing methods
You don't currently have access to this content
Integrating IRP with Business Continuity (BCP) and Disaster Recovery (DRP) plans
You don't currently have access to this content
Crisis communication and public relations management
You don't currently have access to this content
Identifying and protecting mission-critical assets and processes
You don't currently have access to this content
Domain 4, Lesson 4.2: Business Continuity Integration
You don't currently have access to this content
Lesson 4.3: Post-Incident Activities
You don't currently have access to this content
5 Topics
1 Quiz
Root cause analysis (5 Whys, Fishbone)
You don't currently have access to this content
Lessons learned workshops
You don't currently have access to this content
Evidence preservation and forensic analysis coordination
You don't currently have access to this content
Legal, regulatory, and contractual notification requirements
You don't currently have access to this content
Implementing corrective actions and tracking to closure
You don't currently have access to this content
Domain 4, Lesson 4.3: Post-Incident Activities
You don't currently have access to this content
