Certified Information Security Manager Training

Live Online & Classroom Enterprise Training

Validates advanced skills in information security governance, risk management, and incident response, aligning IT security with business objectives.

Looking for a private batch ?

REQUEST A CALLBACK

Enterprise Reporting
Lifetime Access
CloudLabs
24x7 Support
Real-time code analysis and feedback

What is Certified Information Security Manager Training about?

The Certified Information Security Manager (CISM) certification by ISACA is a globally recognized credential for professionals responsible for managing, designing, and assessing enterprise information security programs. This course provides in-depth knowledge of information risk management, governance, incident response, and security program development. It helps participants bridge the gap between technical expertise and business strategy, positioning them as trusted leaders in information security management.

What are the objectives of Certified Information Security Manager Training ?

Understand and implement information security governance frameworks.
Manage information risk and establish risk response strategies.
Develop and maintain an enterprise information security program.
Plan and manage security incidents to minimize business impact.
Prepare effectively for the ISACA CISM certification exam.

Who is Certified Information Security Manager Training for?

Information Security Managers and Officers.
IT and Security Consultants.
Risk and Compliance Professionals.
Security Auditors and Assessors.
Professionals aspiring to leadership roles in cybersecurity management.

What are the prerequisites for Certified Information Security Manager Training?

Prerequisites:

Basic understanding of information security concepts.
Minimum of five years of work experience in information security (as per ISACA requirement).
Familiarity with risk management and governance processes.
Knowledge of IT operations and business processes.
Strong analytical, communication, and leadership skills.

Learning Path:

Information Security Governance
Information Risk Management
Information Security Program Development and Management
Information Security Incident Management
Exam Preparation and Practice Assessments

Related Courses:

Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
ISO 27001 Lead Auditor
CompTIA Security+

Available Training Modes

Live Online Training

4 Days

Course Outline Expand All

Expand All

Module 1: Introduction to Information Security Governance

About Information Security Governance

Reason for Security Governance

Security Governance Activities and Results

Risk Appetite

Organization Culture

Module 2: Legal, Regulatory and Contractual Requirements

Introduction

Requirements for Content and Retention of Business Records

Module 3: Organizational Structures, Roles and Responsibilities

Roles and Responsibilities

Monitoring Responsibilities

Module 4: Information Security Strategy Development

Introduction

Business Goals and Objectives

Information Security Strategy Objectives

Ensuring Objective and Business Integration

Avoiding Common Pitfalls and Bias

Desired State

Elements of a Strategy

Module 5: Information Governance Frameworks and Standards

Security Balanced Scorecard

Architectural Approaches

Enterprise Risk Management Framework

Information Security Management Frameworks and Models

Module 6: Strategic Planning

Workforce Composition and Skills

Assurance Provisions

Risk Assessment and Management

Action Plan to Implement Strategy

Information Security Program Objectives

Module 7: Emerging Risk and Threat Landscape

Risk Identification

Threats

Defining a Risk Management Framework

Emerging Threats

Risk, Likelihood and Impact

Risk Register

Module 8: Vulnerability and Control Deficiency Analysis

Introduction

Security Control Baselines

Events Affecting Security Baselines

Module 9: Risk Assessment and Analysis

Introduction

Determining the Risk Management Context

Operational Risk Management

Risk Management Integration with IT Life Cycle Management Processes

Risk Scenarios

Risk Assessment Process

Risk Assessment and Analysis Methodologies

Other Risk Assessment Approaches

Risk Analysis

Risk Evaluation

Risk Ranking

Module 10: Risk Treatment or Risk Response Options

Risk Treatment/Risk Response Options

Determining Risk Capacity and Acceptable Risk

(Risk Appetite)

Risk Response Options

Risk Acceptance Framework

Inherent and Residual Risk

Impact

Controls

Legal and Regulatory Requirements

Costs and Benefits

Module 11: Risk and Control Ownership

Risk Ownership and Accountability

Risk Owner

Control Owner

Module 12: Risk Monitoring and Reporting

Risk Monitoring

Key Risk Indicators

Reporting Changes in Risk

Risk Communication, Awareness and Consulting

Documentation

Module 13: Information Security Program Resources

Introduction

Information Security Program Objectives

Information Security Program Concepts

Common Information Security Program Challenges

Common Information Security Program Constraints

Module 14: Information Asset Identification and Classification

Information Asset Identification and Valuation

Information Asset Valuation Strategies

Information Asset Classification

Methods to Determine Criticality of Assets and Impact of Adverse Events

Module 15: Industry Standards and Frameworks for Information Security

Enterprise Information Security Architectures

Information Security Management Frameworks

Information Security Frameworks Components

Module 16: Information Security Policies, Procedures, and Guidelines

Policies

Standards

Procedures

Guidelines

Module 17: Information Security Program Metrics

Introduction

Effective Security Metrics

Security Program Metrics and Monitoring

Metrics Tailored to Enterprise Needs

Module 18: Information Security Control Design and Selection

Introduction

Managing Risk Through Controls

Controls and Countermeasures

Control Categories

Control Design Considerations

Control Methods

Module 19: Security Program Management

Risk Management

Risk Management Program

Risk Treatment

Audit and Reviews

Third-Party Risk Management

Module 20: Security Program Operations

Event Monitoring

Vulnerability Management

Security Engineering and Development

Network Protection

Endpoint Protection and Management

Identity and Access Management

Security Incident Management

Security Awareness Training

Managed Security Service Providers

Data Security

Cryptography

Symmetric Key Algorithms

Module 21: IT Service Management

Service Desk

Incident Management

Problem Management

Change Management

Configuration Management

Release Management

Service Levels Management

Financial Management

Capacity Management

Service Continuity Management

Availability Management

Asset Management

Module 22: Controls

Internal Control Objectives

Information Systems Control Objectives

General Computing Controls

Control Frameworks

Controls Development

Control Assessment

Module 23: Metrics and Monitoring

Types of Metrics

Audiences

Continuous Improvement

Module 24: Security Incident Response Overview

Phases of Incident Response

Module 25: Incident Response Plan Development

Objectives

Maturity

Resources

Roles and Responsibilities

Gap Analysis

Plan Development

Module 26: Responding to Security Incidents

Detection

Initiation

Evaluation

Recovery

Remediation

Closure

Post-Incident Review

Module 27: Business Continuity and Disaster Recovery Planning

Business Continuity Planning

Disaster

Disaster Recovery Planning

Testing BC and DR Planning

Who is the instructor for this training?

The trainer for this Certified Information Security Manager Training has extensive experience in this domain, including years of experience training & mentoring professionals.

Reviews

My outlook on training changed completely after attending SpringPeople BPC training. The content, the trainer and infrastructure at SpringPeople were top notch and perfectly in tune with the industry requirements. Regardless to say, training is now something that I look forward to to. Kudos to everyone at SpringPeople!

Shweta Priya

Sony

I attended the 3-day AngularJs training at SpringPeople. The trainer was an industry veteran with vast experience in the subject. Notably, the hands-on training, and the Q&A session stood out. Overall, I found SpringPeople a great place to learn with excellent facilities and great trainers. Would recommend SpringPeople to my colleagues and friends.

Swati Singh

I attended the training on API Design for Mulesoft. The sessions were well planned and value-laden. I benefited immensely from the hands-on experience enabled through virtual labs. I would like to specifically commend the efficiency of the support team who were always available to resolve my concerns.

Nikhil Kohli

Stryker

I attended the jQuery training batch, conducted by Mr. Vijay, an SME who did a thorough coverage of all the essentials. He took us through concepts such as jQuery animations, event handlers, plugins, and jQuery-UI by small programs, very easily. The sessions were useful and well structured. By the end of the training, I was well equipped to develop a SPA on Product Management System. Overall, the learning experience at SpringPeople was great!

Heena Rajan

Mindtree