Course Syllabus
Certified Information Security Manager (CISM)
Instructor Name: Kelly Handerhan Course Creation Date: 9/29/22
Course Description and Goals
Course Description: This course will prepare you to understand the core concepts required of
a security manager, as well as pass the CISM certification exam.
Prerequisites: While there are no prerequisites for this course, we assume you have
experience in the field of information assurance management. The CISM exam does require five
years of security experience and/or appropriate education to obtain the certification.
Target Audience: This course is designed for IT and information security professionals,
including network engineers, network administrators, IT auditors, IT managers, and anyone else
that wants to learn more about information security management. If you want to advance your
career in IT security or are interested in earning the CISM certification, then you are in the right
place.
Course Outcomes: By the end of this course, you should be able to:
● Pass the CISM exam and know all four CISM domains
● Understand the role a CISM plays in an organization.
● Present the business value and requirements of information security.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
� Course Outline
Module 1 | Governance
● Lesson 1.1: Introduction and Overview
● Lesson 1.2: Information Security Governance
● Lesson 1.3: Frameworks
● Lesson 1.4: Governance, Risk, and Compliance
● Lesson 1.5: COBIT 2019
● Lesson 1.6: ISO 27000 Series
● Lesson 1.7: NIST Cybersecurity Framework
● Lesson 1.8: General Data Privacy Regulation (GDPR)
● Lesson 1.9: Capability Maturity Model Integration (CMMI)
● Lesson 1.10: Legal and Compliance
● Lesson 1.11: Information Security Strategy
● Lesson 1.12: Organizational Culture
Module 2: Risk Management
● Lesson 2.1: Risk Definitions
● Lesson 2.2: Bias
● Lesson 2.3: Developing a Risk Management Program
● Lesson 2.4: NIST 800-39
● Lesson 2.5: NIST 800-30
● Lesson 2.6: Risk Management Lifecycle
● Lesson 2.7: Risk Assessment and Analysis
● Lesson 2.8: NIST SP 800-37 Rev 1 and SDLC
● Lesson 2.9: Risk Response
● Lesson 2.10: Risk Action Plan
● Lesson 2.11: Risk Acceptance
● Lesson 2.12: Risk Mitigation
● Lesson 2.13: Risk Avoidance, Sharing, and Transfer
● Lesson 2.14: Risk Scenarios
● Lesson 2.15: Risk Register
● Lesson 2.16: Cost-Benefit Analysis and ROI
● Lesson 2.17: Risk Monitoring and Communications
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
� ● Lesson 2.18: Risk Governance and Management
● Lesson 2.19: Risk Review
Module 3 | Information Security Program
● Lesson 3.1: Information Security Program Concepts
● Lesson 3.2: Elements of an Information Security Program
● Lesson 3.3: Business Case and Budget
● Lesson 3.4: Asset Identification and Classification
● Lesson 3.5: Management Controls
● Lesson 3.6: Operational Controls - Part 1
● Lesson 3.7: Operational Controls - Part 2
● Lesson 3.8: Technical Controls
● Lesson 3.9: Symmetric Cryptography
● Lesson 3.10: Asymmetric Cryptography
● Lesson 3.11: Integrity and Non-Repudiation
● Lesson 3.12: Data Security and Endpoint Protection
● Lesson 3.13: Network Protection - Segmentation
● Lesson 3.14: Network Address Translation
● Lesson 3.15: Wireless Networks
● Lesson 3.16: Network Services
● Lesson 3.17: Cloud Integration
Module 4 | Incident Management
● Lesson 4.1: Incident Management Overview
● Lesson 4.2: Incident Management Processes
● Lesson 4.3: Incident Response Plan
● Lesson 4.4: Business Continuity and Disaster Recovery Planning
● Lesson 4.5: Contingency Planning and Sub-Planning
● Lesson 4.6: Contingency Planning and Project Initiation
● Lesson 4.7: Business Impact Analysis (BIA)
● Lesson 4.8: Preventative Controls and Contingency Strategies
● Lesson 4.9: Data Backup and Recovery Phase
● Lesson 4.10: Components of Contingency Plans
● Lesson 4.11: Plan Testing, Training, and Exercise
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
� ● Lesson 4.12: ISO 27031
● Lesson 4.13: Course Conclusion
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
