CISSM Certified Information Systems Security Manager
8/24/2020 - 8/27/2020



COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
Register for this course


Today, when it comes to identifying critical issues and providing effective IS management solutions, companies are leaning on IS managers to create solutions for tomorrow’s problems. The knowledge and course content provided in the Certified Information Systems Security Manager - C)ISSM will not only cover ISACA®’s CISM exam but will provide a measurable certification that demonstrates proficiency in the IS Management Field.

The Certified Information Systems Security Manager covers the skills and knowledge to assess threat analysis and risks, Risk & incident management, Security programs and CISO roles, IS security strategy and frameworks, Audit and Risk management creation of policies, compliance and awareness, as well as DR and BCP development, deployment and maintenance.


  • Penetration Testers
  • Microsoft Administrators
  • Security Administrators
  • Active Directory Administrators
  • Anyone looking to learn more about security
A minimum of 1 year in Information Systems


Course will run as a live-virtual class unless a minimum enrollment is reached.

Exam Information: The Certified Information Systems Security Manager exam is taken online. The exam will take 2 hours, consist of 100 multiple choice questions, anc cost $400 dollars.


Module 1 Introduction
CISM Exam Review Course Overview
CISM Qualifications
The Learning Environment
Daily Format
Domain Structure
Course Structure

Module 2 Information Security Governance
Selling the Importance of Information Security
The First Priority for the CISM
Business Goals and Objectives
Benefits and Outcomes of Information Security Governance
Performance and Governance
Information Security Strategy
Objectives of Security Strategy
Business Linkages & Case Development
Security Program Priorities & Objectives
Security Integration & Architecture
Information Security Frameworks
The Maturity of the Security Program Using CMM

Module 3 Security Governance Applied
The ISO27001:2013 Framework
Constraints and Considerations for a Security Program
Elements of Risk, Security, and Management of each
Roles and Responsibilities of All Involved Departments
Centralized versus Decentralized Security
Effective Security Metrics & Key Performance Indicators (KPIs)
End to End Security
Correlation Tools
Reporting and Compliance
Regulations and Standards
Reporting and Analysis
Ethical Standards & Responsibility

Module 4 Information Risk Management and Compliance
Information Asset Classification & Considerations
Roles and Responsibilities
Regulations and Legislation
Asset Valuation
Information Asset Protection
Risk Management Definition, Objective, and Overview
Defining the Risk & Threats to the Environment
Aggregate and Cascading Risks
Identification of Vulnerabilities
The Effect and Impact of Risk
Risk Management and Assesment Methodology Process
Annualized Loss Expectancy (ALE)

Module 5 Information Risk Management and Compliance Applied
Qualitative Risk Assessment & Results
Data Gathering Techniques
Alignment of Risk Assessment and BIA
Risk Treatment, Mitigation, and Controls
Cost Benefit Analysis of Controls
Risk Mitigation Schematic
Control Types and Categories
Security Control Baselines & Ongoing Risk Assessment
Measuring Control Effectiveness
Ongoing Risk Management Monitoring and Analysis
Audit and Risk Managemen
Risk in Business Process Re-Engineering

Module 6 Managements Risk Mitigation
Risk in Project Management
Risk During Employment Process
New Employee Initiation
Risk During Employment
Risk at Termination of Employment
Risks During Procurement
Reporting to Management & Documentation
Training and Awareness
Training for End Users

Module 7 Information Security Program Development and Management
Security Strategy and Program Relationship
Importance and Effective Security Management
Security Program Development & Outcomes
Role of the Information Security Manager
(Agenda), Strategy, Creating Effective Policy, Awareness, Implementation, Monitoring & Compliance
Developing an Information Security Road Map
Inventory of Information Systems
Security Program and Project Planning and Development
Common Control Practices

Module 8 Security Program Elements (Agenda)
Acceptable Use & Other Polices
Standards, Procedures, Guidelines, Technology, and Personnel Security
Training and Skills Matrix
Organizational Structure
Outsourced & Third-Party Security Providers
Facilities & Enviromental Security

Module 9 Information Security Concepts
Access Control
Identification, Authentication, & Authorization
Accounting / Auditability
Criticality, Sensitivity, and Trust Models
Technology-based Security

Module 10 Security in Technical Components
Operations Security
Technologies –Access Control Lists
Filtering and Content Management
Technologies -SPAM, Databases, and DBMS Encryption
Cryptography, Encryption, and Hashing Algorithms
Communications OSI Model and TCP/IP
Operating Systems & Firewalls
Emerging Technologies
Intrusion Detection Policies, Processes, and Systems

Module 11 Security Procedures
Password Cracking
Vulnerability Assessments
Penetration Testing
Third Party Security Reviews
Integration into Life Cycle Processes
Security in External Agreements
Security Program Implementation
Phased Approach
Challenges During Implementation
Measuring Information Security Risk and Loss
Measuring Effectiveness of Technical Security Program and Management
Security Project Management

Module 12 Information Security Incident Management
Goals of Incident Management and Response
What is an Intentional & Unintentional Incident
History of Incidents
Developing Response and Recovery Plans
Incident Management and Response
Importance of Incident Management and Response
Incident Response Functions & Manager Responsibilities
Detailed Plan of Action for Incident Management Prepare, Protect, Detect, Triage, Response
Elements of an Incident Response Plan
Crisis Communications
Challenges in Developing an Incident Management Plan

Module 13 Testing Response and Recovery Plans
Types of Tests
Test Results
Plan Maintenance Activities
BCP and DRP Training

Module 14 Informaiton Security Management
Team Member Skills
Security Concepts and Technologies
Organizing, Training and Equipping the Response Staff
Performance Measurement
Reviewing the Current State of Incident Response Capability
Audits and Gap Analysis –Basis for an Incident Response Plan When an Incident Occurs
Containment Strategies & The Battle Box
Evidence Identification, Preservation, and Post Event Reviews
Disaster Recovery Planning (DRP) and Business Recovery Processes
Development of BCP and DRP
Plan Development, Recovery Strategies, Disaster Recovery Sites, Recovery of Communications, & Notification Requirements