Around the world, demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area. The uniquely management-focused CISM certification ensures holders understand business, and know how to manage and adapt technology to their enterprise and industry. Since its inception in 2002, thousands of professionals worldwide have earned the industry-leading CISM to affirm both their high level of technical competence and qualifications for top caliber leadership and management roles.
Objective
- In addition to technical competence, CISM demonstrates a deep understanding of the relationship between information security programs and broader business goals and objectives.
- Earning a CISM is considered a great way to pave the path from security technologist to security manager, and helps you rise to the top of hiring managers’ resume/CV stacks. CISM holders are consistently recognized among the most-qualified professionals in the information security and risk management fields.
- CISM promotes international security practices and CISM-certified employees provide enterprises with an information security management certification recognized by organizations and clients around the globe. So having a CISM certification adds directly to the value you offer the enterprise you serve.
- The credibility CISM offers is strengthened by its real-world experience requirement. Unlike some security certifications, CISM verifies that holders have a minimum of five years of information security work experience, in addition to having passed an exam.
Target Audience
The CISM certification was developed specifically for experienced information security managers and those with information security management responsibilities who include:
- Information Security Managers
- Aspiring Information Security Managers
- IS/IT Consultants
- Chief Information Officers
Syllabus
The curriculum of CISM® Review Program is in line with the CISM® examination guidelines. They are:
- Information Security Governance
- Information Security Governance Overview
- Effective Information Security Governance
- Governance and Third-party Relationship
- Information Security Governance Metrics
- Information Security Strategy Overview
- Developing an Information Security Strategy
- Information Security Strategy Objectives
- Determining Current State of Security
- Information Security Strategy Development
- Strategy Resources
- Strategy Constraints
- Action Plan to Implement Strategy
- Implementing Security Governance-Example
- Action Plan Intermediate Goals
- Information Security Program Objectives
- Case Study
- Information Risk Management and Compliance
- Risk Management Overview
- Risk management Strategy
- Effective Information Risk Management
- Information Risk Management Concepts
- Implementing Risk Management
- Risk Assessment and Analysis Methodologies
- Risk Assessment
- Information Resource Valuation
- Recovery Time Objectives
- Integration With Life Cycle Processes
- Security Control Baselines
- Risk Monitoring and Communication
- Training and Awareness
- Documentation
- Information Security Program Development and Management
- Information Security Program Management Overview
- Information Security Program Objective
- Information Security Program Concepts
- Scope and Character of an Information Security Program
- The Information Security Management Framework
- Information Security Framework Components
- Defining an Information Security Program Road Map
- Information Security Infrastructure and Architecture
- Architecture Implementation
- Security Program Management and Administration activities
- Security Program Services and Operational Activities
- Controls and Countermeasures
- Security Program Metrics and Monitoring
- Common Information Security Program Challenges
- Information Security Incident Management
- Incident Management Overview
- Incident Response Procedures
- Incident Management Organization
- Incident Management Resources
- Incident Management Objectives
- Incident Management Metrics and Indicators
- Defining Incident Management Procedures
- Current State of Incident Response Capability
- Developing and Incident Response Plan
- Business Continuity and Disaster Recovery Procedures
- Testing Incident Response and Business Continuity/Disaster Recovery Plans
- Executing Response and Recovery Plans4.13. Post Incident Activities and Investigation
*Material is presented in English, while lecturing is in Bahasa Indonesia.