Certified Information Security Manager (CISM)

The Course

IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM Certification is one of the most valued credentials in the marketplace!

This course promotes international practices and provides management with assurance that those earning this designation have the necessary knowledge and experience to provide effective security management. Students are trained for a position in Risk Management, Security Auditor, Compliance Officer or an executive management position as a CSO, CTO or CIO.

Are you looking to advance your career in the field of information security management? If so, becoming a Certified Information Security Manager (CISM) may be the next step for you. In this blog, we’ll explore what CISM is, the benefits of obtaining this certification, the employment opportunities available, and the types of jobs you can expect to pursue.

What is CISM?

The Certified Information Security Manager (CISM) is a globally recognized certification that focuses on the management aspects of information security. It is offered by the Information Systems Audit and Control Association (ISACA) and is designed for individuals who manage, design, and oversee the security of an organization’s information assets.

To become a CISM, you must meet the following requirements:

– Pass the CISM exam
– Have a minimum of five years of experience in information security, with at least three years of experience in information security management
– Adhere to the ISACA Code of Professional Ethics

Benefits of CISM Certification

The benefits of obtaining a CISM certification are numerous, including increased knowledge and skills in information security management, higher salary potential, and improved career opportunities.

1. Increased knowledge and skills in information security management

The CISM certification provides a comprehensive understanding of information security management, including risk management, security program development, and incident management. This knowledge can help you better understand and manage the security of an organization’s information assets, which can ultimately lead to a stronger security posture.

2. Higher salary potential

CISM certification is highly valued in the information security industry, and as such, those who hold this certification are often compensated at a higher rate than those who do not. According to the Global Knowledge 2020 IT Skills and Salary Report, the average salary for CISM certified professionals in North America is $148,622 per year.

3. Improved career opportunities

The demand for information security professionals is rapidly growing, and holding a CISM certification can help set you apart from other candidates. With this certification, you may be eligible for a wider range of job opportunities, including those in leadership positions.

Employment Opportunities for CISM Holders

CISM holders have a wide range of employment opportunities available to them, including roles in security management, risk management, compliance, and auditing.

1. Security management

Security management roles involve overseeing the security of an organization’s information assets, including the development and implementation of security policies and procedures. CISM holders may be eligible for positions such as Chief Information Security Officer (CISO), Director of Information Security, or Security Manager.

2. Risk management

Risk management roles involve identifying and mitigating potential risks to an organization’s information assets. CISM holders may be eligible for positions such as Risk Manager or Security Risk Analyst.

3. Compliance

Compliance roles involve ensuring an organization complies with applicable laws and regulations related to information security. CISM holders may be eligible for positions such as Compliance Manager or Information Security Officer.

4. Auditing

Auditing roles involve evaluating an organization’s information security controls to ensure they are effective and comply with relevant standards and regulations. CISM holders may be eligible for positions such as Information Security Auditor or Compliance Auditor.

Types of Jobs CISM Holders Can Pursue

CISM holders can pursue a wide range of jobs in the information security field, including the following:

1. Chief Information Security Officer (CISO)

The CISO is responsible for overseeing the development and implementation of an organization’s information security program. This includes identifying and mitigating potential security risks, developing security policies and procedures, and ensuring compliance with relevant laws and regulations.

2. Director of Information Security

The Director of Information Security is responsible for overseeing the day-to-day operations of an organization’s information security program. This includes managing security personnel, developing security policies and procedures, and ensuring compliance with relevant standards and regulations.

3. Security Manager

The Security Manager is responsible for managing the security of an organization’s information assets. This includes developing and implementing security policies and procedures, managing security personnel, and ensuring compliance with relevant laws and regulations.

4. Risk Manager

The Risk Manager is responsible for identifying and mitigating potential risks to an organization’s information assets. This includes developing risk management strategies, conducting risk assessments, and implementing risk mitigation measures.

5. Information Security Officer

The Information Security Officer is responsible for ensuring an organization’s compliance with applicable laws and regulations related to information security. This includes developing and implementing security policies and procedures, conducting security audits, and managing security incidents.

6. Information Security Auditor

The Information Security Auditor is responsible for evaluating an organization’s information security controls to ensure they are effective and comply with relevant standards and regulations. This includes conducting security audits, developing audit reports, and making recommendations for improvement.

Conclusion

Becoming a Certified Information Security Manager (CISM) can provide numerous benefits, including increased knowledge and skills in information security management, higher salary potential, and improved career opportunities. CISM holders have a wide range of employment opportunities available to them, including roles in security management, risk management, compliance, and auditing. Whether you are looking to advance your career in the information security field or transition into a new role, obtaining a CISM certification may be the next step for you.

Course Outline

Module 1: Introduction

Instructor Introduction

Course Introduction

Exam Overview

Module 2: Information Security Governance

Module Overview

InfoSec Strategic Context Part 1

InfoSec Strategic Context Part 2

GRC Strategy and Assurance

Roles and Responsibilities

GMA Tasks Knowledge and Metrics

IS Strategy Overview

Strategy Implemenation

Strategy Development Support

Architecture and Controls

Considerations and Action Plan

InfoSec Prog Objectives and Wrap-Up

Module 3: Information Security Risk Management

Module Overview

Risk Identification Task and Knowledge

Risk Management Strategy

Additional Considerations

Risk Analysis and Treatment Tasks & Knowledge

Leveraging Frameworks

Assessment Tools and Analysis

Risk Scenario Development

Additional Risk Factors

Asset Classification and Risk Management

Risk Monitoring and Communication

Information Risk Management Summary

Module 4: InfoSec Prog Development and Management

Module Overview

Alignment and Resource Management – Task and Knowledge

Key Relationships

Standards Awareness and Training – Tasks and Knowledge

Awareness and Training

Building Security into Process and Practices – Tasks and Knowledge

Additional Technology Infrastructure Concerns

Security monitoring and reporting Overview Tasks and Knowledge

Metrics and Monitoring

Summary

Module 5: Information Security Incident Management

Module Overview

Planning and Integration Overview Task and Knowledge

Incident Response Concepts and Process

Forensics and Recovery

Readiness and Assessment – Overview Tasks and Knowledge

Identification and Response Overview Tasks and Knowledge

Incident Processes

Module 6: Exam Prep

Case Study – Security On a Shoestring Budget

Case Study – APT In Action

Summary

Exam Prep

Your Training Instructor

Roger St Hilaire

CISM, CGEIT, CRISC, TOGAF, Certified Trainer and Governance Specialist

Roger is an experienced IT professional with a proven track record of designing and managing large-scale technology systems. Successfully designed the first knowledge engine for UNDP Sub-Regional Resource Facility, known as the Request Tracker, which facilitated workflow-based tracking of queries and increased productivity. Managed and grew a $70 million USD dual data centre national network system for the Trinidad and Tobago government, expanding it from 400+ sites to 512 and increasing customer satisfaction. Skilled in vendor negotiations, securing approximately $200K USD in committed support during a crisis event. Adept in saving clients money and improving their operations, saving one BPR client $60K USD and improving their security processes. Committed to driving positive change and delivering results in fast-paced and dynamic environments.