Request new password

We Are All About You

XpertSkills - the parent company under which iCollege operates - was established in South Africa in 2003 and since then, we have grown globally in leaps and bounds with customers and partners in more than 120 countries. With employees on 3 continents and as a next-generation, virtual organization we are unconstrained by the limits that are usually associated with traditional “brick & mortar” companies.

This allows us to focus, without distraction, on reaching our ultimate goal – ensuring your ongoing success – by providing affordable, reliable, high quality and relevant learning products whilst remaining innovative and agile.

Contact Details:

Skype: xpertskills

Physical Address:

Head Office - South Africa
16 Monte Carlo Crescent
Kyalami business Park
South Africa 1684

You are here

Certified Information Security Manager (CISM)


Certified Information Security Manager (CISM)

Interactive and entertaining talk-show style format presented by industry leading experts.

Certified Information Security Manager (CISM) is a certification offered by ISACA, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management, and governance. CISM is an advanced certification that provides validation for individuals who have demonstrated they possess the knowledge and experience required to develop and manage an enterprise information security program. The certification intended for information security managers, aspiring managers or IT consultants who support information security program management


By the end of this training you will be able to:

  • Define and design security architecture for your IT operation.
  • Develop a working knowledge of the four domains prescribed by the ISACA Exam Candidate Information Guide.
  • Demonstrate a deep understanding of the relationship between information security programs and broader business goals and objectives.
  • Focus on IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework.
  • Earn the requisite 16 CPEs required to take the CISM certification exam.
  • Acquire the relevant knowledge and skills required to pass the CISM certification exam.
  • As the case with the CISM certification exam, the candidates are required to have a minimum of five years of experience in information security management.
  • Experience in the fields of information security governance, risk management, compliance, and incident management is also preferable.
Target Audience

The ideal candidates for the course must be:

  • Experienced information security managers and officers
  • IT consultants and managers
  • IT auditors
  • IT security policy makers
  • Privacy officers
  • Network administrators
  • Network security engineers
  • Candidates seeking CISM certification

Module 1: Information Security Governance

1.1 C I S M Introduction

1.2 Information Security

1.3 Business Goals Objectives And Functions

1.4 Business Goals And Information Security

1.5 Information Security Threats

1.6 Information Security Management

1.7 Identity Management

1.8 Data Protection

1.9 Network Security

1.10 Personnel Security

1.11 Facilty Security

1.12 Security Complianceand Standards

1.13 Information Security Strategy

1.14 Inputs And Outputs Of The Informtion Security Strategy

1.15 Processes In An Information Security Strategy

1.16 People In An Information Security Strategy

1.17 Technologies In An Information Security Strategy

1.18 Logical And Physical Information Security Strategy Architectures

1.19 Information Security And Business Functions

1.20 Information Security Policies And Enterprise Objectives

1.21 International Standards For The Security Management

1.22 I S O- I E C27000 Standards

1.23 International Info Government Standards

1.24 Information Security Government Standards In The United States

1.25 Methods Of Coordinating Information Security Activities

1.26 How To Develop An Information Security Strategy

1.27 Information Security Governance

1.28 Role Of The Security In Governance

1.29 Scope Of Information Security Governance

1.30 Charter Of Information Security Governance

1.31 Information Security Governance And Enterprise Governance

1.32 How To Align Information Security Strategy With Corporate Governance

1.33 Regulatory Requirements And Information Security

1.34 Business Impact Of Regulatory Requirements

1.35 Liability Management

1.36 Liability Management Strategies

1.37 How To Identify Legal And Regulatory Requirements

1.38 Business Case Development

1.39 Budgetary Reporting Methods

1.40 Budgetary Planning Strategy

1.41 How To Justify Investment In InfOSecurity

1.42 Organizational Drivers

1.43 Impact Of Drivers On InfOSecurity

1.44 Third Party Relationships

1.45 How To Identify Drivers Affecting The Organization

1.46 Purpose Of Obtaining Commitment To InfOSecurity

1.47 Methods For Obtaining Commitment

1.48 I S S G

1.49 I S S G Roles And Responsibilities

1.50 I S S G Operation

1.51 How To Obtain Senior Managements Commitment To InfOSecurity

1.52 InfOSecurity Management Roles And Responsibilities

1.53 How To Define Roles And Responsibilities For InfOSecurity

1.54 The Need For Reporting And Communicating

1.55 Methods For Reporting In An Organization

1.56 Methods Of Communication In An Organization

1.57 How To Establish Reporting And Communicating Channels

Module 2: Risk Management

2.1 Risk

2.2 Risk Assessment

2.3 Info Threat Types

2.4 Info Vulnerabilities

2.5 Common Points Of Exposure

2.6 InfOSecurity Controls

2.7 Types Of InfOSecurity Controls

2.8 Common InfOSecurity Countermeasures

2.9 Overview Of The Risk Assessment Process

2.10 Factors Used In Risk Assessment And Analysis

2.11 Risk Assessment Methodologies

2.12 Quantitative Risk Assessment- Part1

2.13 Quantitative Risk Assessment- Part2

2.14 Qualitative Risk Assessment

2.15 Hybrid Risk Assessment

2.16 Best Practices For InfOSecurity Management

2.17 Gap Analysis

2.18 How To Implement An Info Risk Assessment Process

2.19 Info Classification Schemas

2.20 Components Of Info Classification Schemas

2.21 Info Ownership Schemas

2.22 Components Of Info Ownership Schemas

2.23 Info Resource Valuation

2.24 Valuation Methodologies

2.25 How To Determine Info Asset Classification And Ownership

2.26 Baseline Modeling

2.27 Control Requirements

2.28 Baseline Modeling And Risk Based Assessment Of Control Requirements

2.29 How To Conduct Ongoing Threat And Vulnerability Evaluations

2.30 B I As

2.31 B I A Methods

2.32 Factors For Determining Info Resource Sensitivity And Critically

2.33 Impact Of Adverse Events

2.34 How To Conduct Periodic B I As

2.35 Methods For Measuring Effectiveness Of Controls And Countermeasures

2.36 Risk Mitigation

2.37 Risk Mitigation Strategies

2.38 Effect Of Implementing Risk Mitigation Strategies

2.39 Acceptable Levels Of Risk

2.40 Cost Benefit Analysis

2.41 How To Identify And Evaluate Risk Mitigation Strategies

2.42 Life Cycle Processes

2.43 Life Cycle- Based Risk Management

2.44 Risk Management Life Cycle

2.45 Business Life Cycle Processes Affected By Risk Management

2.46 Life Cycled- Based Risk Management Principles And Practices

2.47 How To Integrate Risk Management Into Business Life Cycle Processes

2.48 Significant Changes

2.49 Risk Management Process

2.50 Risk Reporting Methods

2.51 Components Of Risk Reports

2.52  How To Report Changes In Info Risk

Module 3: Information Security Program Development

3.1 InfOSecurity Strategies

3.2 Common InfOSecurity Strategies

3.3 InfOSecurity Implementation Plans

3.4 Conversation Of Strategies Into Implementation Plans

3.5 InfOSecurity Programs

3.6 InfOSecurity Program Maintenance

3.7 Methods For Maintaining An InfOSecurity Program

3.8 Succession Planning

3.9 Allocation Of Jobs

3.10 Program Documentation

3.11 How To Develop Plans To Implement An InfOSecurity Strategy

3.12 Security Technologies And Controls

3.13 Cryptographic Techniques

3.14 Symmetric Cryptography

3.15 Public Key Cryptography

3.16 Hashes

3.17 Access Control

3.18 Access Control Categories

3.19 Physical Access Controls

3.20 Technical Access Controls

3.21 Administrative Access Controls

3.22 Monitoring Tools

3.23 I D Ss

3.24 Anti- Virus Systems

3.25 Policy- Compliance Systems

3.26 Common Activities Required In InfOSecurity Programs

3.27 Prerequisites For Implementing The Program

3.28 Implementation Plan Management

3.29 Types Of Security Controls

3.30 InfOSecurity Controls Development

3.31 How TOSpecify InfOSecurity Program Activities

3.32 Business Assurance Function

3.33 Common Business Assurance Functions

3.34 Methods For Aligning InfOSecurity Program With Business Assurance Functions

3.35 How To Coordinate InfOSecurity Programs With Business Assurance Functions

3.36 S L As

3.37 Internal Resources

3.38 External Resources

3.39 Services Provided By External Resources- Part1

3.40 Services Provided By External Resources- Part2

3.41 Skills Commonly Required For InfOSecurity Program Implementation

3.42 Identification Of Resources And Skills Required For A Particular Implementation

3.43 Resource Acquisition Methods

3.44 Skills Acquisition Methods

3.45 How To Identify Resources Needed For InfOSecurity Program Implementation

3.46 InfOSecurity Architectures

3.47 The S A B S A Model For Security Architecture

3.48 Deployment Considerations

3.49 Deployment Of InfOSecurity Architectures

3.50 How To Develop InfOSecurity Architectures

3.51 InfOSecurity Policies

3.52 Components Of InfOSecurity Policies

3.53 InfOSecurity Policies And The InfOSecurity Strategy

3.54 InfOSecurity Policies And Enterprise Business Objectives

3.55 InfOSecurity Policy Development Factors

3.56 Methods For Communicating InfOSecurity Policies

3.57 InfOSecurity Policy Maintenance

3.58 How To Develop InfOSecurity Policies

3.59 InfOSecurity Awareness Program Training Programs And Education Programs

3.60 Security Awareness Training And Education Gap Analysis

3.61 Methods For Closing The Security Awareness Training And Education Gaps

3.62 Security- Based Cultures And Behaviors

3.63 Methods For Establishing And Maintaining A Security- Based Culture In The Enterprise

3.64 How To Develop InfOSecurity Awareness Training And Education Programs

3.65 Supporting Documentation For InfOSecurity Policies

3.66 Standards Procedures Guidelines And Baselines

3.67 Codes Of Conduct

3.68 N D As

3.69 Methods For Developing Supporting Documentation

3.70 Methods For Implementing Supporting Documentation And For Communicating Supporting Documentation

3.71 Methods For Maintaining Supporting Documentation

3.72 C And A

3.73 C And A Programs

3.74 How To Develop Supporting Documentation For InfOSecurity Policies

Module 4: Information Security Program Implementation

4.1 Enterprise Business Objectives

4.2 Integrating Enterprise Business Objectives And InfOSecurity Policies

4.3 Organizational Processes

4.4 Change Control

4.5 Merges And Acquisitions

4.6 Organizational Processes And InfOSecurity Policies

4.7 Methods For Integrating InfOSecurity Policies And Organizational Processes

4.8 Life Cycle Methodologies

4.9 Types Of Life Cycle Methodologies

4.10 How To Integrate InfOSecurity Requirements Into Organizational Processes

4.11 Types Of Contracts Affected By InfOSecurity Programs

4.12 Joint Ventures

4.13 Outsourced Provides And InfOSecurity

4.14 Business Partners And InfOSecurity

4.15 Customers And InfOSecurity

4.16 Third Party And InfOSecurity

4.17 Risk Management

4.18 Risk Management Methods And Techniques For Third Parties

4.19 S L As And InfOSecurity

4.20 Contracts And InfOSecurity

4.21 Due Diligence And InfOSecurity

4.22 Suppliers And InfOSecurity

4.23 Subcontractors And InfOSecurity

4.24 How To Integrate InfOSecurity Controls Into Contracts

4.25 InfOSecurity Metrics

4.26 Types Of Metrics Commonly Used For InfOSecurity

4.27 Metric Design Development And Implementation

4.28 Goals Of Evaluating InfOSecurity Controls

4.29 Methods Of Evaluating InfOSecurity Controls

4.30 Vulnerability Testing

4.31 Types Of Vulnerability Testing

4.32 Effects Of Vulnerability Assessment And Testing

4.33 Vulnerability Correction

4.34 Commercial Assessment Tools

4.35 Goals Of Tracking InfOSecurity Awareness Training And Education Programs

4.36 Methods For Tracking InfOSecurity Awareness Training And Education Programs

4.37 Evaluation Of Training Effectiveness Relevance

4.38 How To Create InfOSecurity Program Evaluation Metrics

Module 5: Information Security Program Management

5.1 Management Metrics

5.2 Types Of Management Metrics

5.3 Data Collection

5.4 Periodic Reviews

5.5 Monitoring Approaches

5.6 K P Is

5.7 Types Of Measurements

5.8 Other Measurements

5.9 InfOSecurity Reviews

5.10 The Role Of Assurance Providers

5.11 Comparing Internal And External Assurance Providers

5.12 Line Management Technique

5.13 Budgeting

5.14 Staff Management

5.15 Facilities

5.16 How To Manage InfOSecurity Program Resources

5.17 Security Policies

5.18 Security Policy Components

5.19 Implementation Of InfOSecurity Policies

5.20 Administrative Processes And Procedures

5.21 Access Control Types

5.22 A C M

5.23 Access Security Policy Principles

5.24 Identity Management And Compliance

5.25 Authentication Factors

5.26 Remote Access

5.27 User Registration

5.28 Procurement

5.29 How To Enforce Policy And Standards Compliance

5.30 Types Of Third Party Relationships

5.31 Methods For Managing InfOSecurity Regarding Third Parties

5.32 Security Service Providers

5.33 Third Party Contract Provisions

5.34 Methods To Define Security Requirements In S L As Security Provisions

5.35 How To Enforce Contractual InfOSecurity Controls

5.36 S D L C

5.37 Code Development

5.38 Common Techniques For Security Enforcement

5.39 How To Enforce InfOSecurity During Systems Development

5.40 Maintenance

5.41 Methods Of Monitoring Security Activities

5.42 Impact Of Change And Configuration Management Activities

5.43 How To Maintain InfOSecurity Within An Organization

5.44 Due Diligence Activities

5.45 Types Of Due Diligence Activities

5.46 Reviews Of Info Access

5.47 Standards Of Managing And Controlling Info Access

5.48 How To Provide InfOSecurity Advice And Guidance

5.49 InfOSecurity Awareness

5.50 Types Of InfOSecurity Stakeholders

5.51 Methods Of Stakeholder Education

5.52 Security Stakeholder Education Process

5.53 How To Provide InfOSecurity Awareness And Training

5.54 Methods Of Testing The Effectiveness Of InfOSecurity Control

5.55 The Penetration Testing Process

5.56 Types Of Penetration Testing

5.57 Password Cracking

5.58 Social Engineering Attacks

5.59 Social Engineering Types

5.60 External Vulnerability Reporting Sources

5.61 Regulatory Reporting Requirements

5.62 Internal Reporting Requirements

5.63 How To Analyze The Effectiveness Of InfOSecurity Controls

5.64 Noncompliance Issues

5.65 Security Baselines

5.66 Events Affecting The Security Baseline

5.67 InfOSecurity Problem Management Process

5.68 How To Resolve Noncompliance Issues

Module 6: Incident Management and Response

6.1 Incident Response Capability

6.2 Components Of Incident Response

6.3 B C P

6.4 B I A Phase

6.5 Coop

6.6 D R P

6.7 Alternate Sites

6.8 Develop A B C P

6.9 Develop A D R P

6.10 M T D

6.11 R P O

6.12 R T O

6.13 Data Backup Strategies

6.14 Data Backup Types

6.15 Data Restoration Strategies

6.16 Info Incident Management Practices

6.17 I R P

6.18 Trigger Events And Types Of Trigger Events

6.19 Methods Of Containing Damage

6.20 How To Develop An I R P

6.21 Escalation Process

6.22 Notification Process

6.23 I R T

6.24 Crisis Communication

6.25 How To Establish An Escalation Process

6.26 Internal Reporting Requirements

6.27 External Reporting Requirements

6.28 Communication Process

6.29 How To Develop A Communication Process

6.30 I R P And D R P

6.31 I R P And B C P

6.32 Methods Of Identifying Business Resources Essential To Recovery

6.33 How To Integrate An I R P

6.34 Role Of Primary I R T Members And Role Of Additional I R T Members

6.35 Response Team Tools And Equipment

6.36 How To Develop I R Ts

6.37 B C P Testing

6.38 Disaster Recovery Testing

6.39 Schedule Disaster Recovery Testing

6.40 Refine I R P

6.41 How To Test An I R P

6.42 Damage Assessment

6.43 Business Impacts Caused By Security Incidents

6.44 How To Manage Responses To InfOSecurity Incidents

6.45 Computer And Digital Forensics

6.46 Forensic Requirements For Responding To InfOSecurity Incidents

6.47 Evidence Life Cycle

6.48 Evidence Collection

6.49 Evidence Types

6.50 Five Common Rules Of Evidence

6.51 Chain Of Custody

6.52 How To Investigate An InfOSecurity Incident

6.53 P I R Methods

6.54 Security Incident Review Process

6.55 Investigate Cause Of A Security Incident

6.56 Identify Corrective Actions

6.57 Reassess Security Risks After A Security Incident

6.58 How To Conduct A Post- Incident Review

6.59 Pre Test- Test Strategy

6.60 Post Test

?Interactive and entertaining talk-show style format presented by industry leading experts.
  • 13:06:14
    Hours of learning
  • Presented by highly qualified, industry leading experts
  • 12 Months access
Back to Top