Data Breach Support

CISM Training

Home / Security Training / Certified Information Security Manager (CISM)

CISM training is a gateway to security management

Who is the course aimed at?

The CISM Course is a globally recognised certification focusing on developing a professional’s expertise in managing Information Security systems and practices. This CISM Certification Course can be beneficial for professionals, including:

Information Security Managers
Internal Auditors
Risk Management Specialists
Compliance Officers
Security Analysts
IT Consultants
Data Protection Officers

Course overview

The Certified Information Security Manager (CISM) Training equips professionals with the skills and knowledge to safeguard valuable information assets. It is a highly relevant and crucial discipline in a technology-driven landscape. CISM, offered by ISACA, is a globally recognised certification that ensures individuals are well-versed in managing and governing an organisation’s information security.

Proficiency in the CISM Training Course is vital as it empowers professionals to navigate the complex landscape of Information Security, ensuring the confidentiality, integrity, and availability of data. IT and Cyber Security Experts, Risk Managers, Compliance Officers, and those aspiring to lead and manage information security teams should aim to master CISM.

This 4-day CISM Training gives delegates a comprehensive understanding of Information Security Management. Delegates will gain expertise in risk management, governance, incident response, and security development. Through real-world case studies and practical exercises, delegates will learn how to apply their knowledge effectively, making them invaluable assets to their organisations.

Enrol Today
  • Recognised Certification
  • Course Duration is 4 Days
  • Multiple Course Dates
  • Course Discounts Available
  • Online Course Available
  • Highly Experienced Trainers

What is the course curriculum?

The course consists of 4 domains and 27 modules covered over a 4 day period.

Domain 1: Information Security Governance

Module 1: Introduction to Information Security Governance

  • About Information Security Governance
  • Reason for Security Governance
  • Security Governance Activities and Results
  • Risk Appetite
  • Organisation Culture

Module 2: Legal, Regulatory and Contractual Requirements

  • Introduction
  • Requirements for Content and Retention of Business Records

Module 3: Organisational Structures, Roles and Responsibilities

  • Roles and Responsibilities
  • Monitoring Responsibilities

Module 4: Information Security Strategy Development

  • Introduction
  • Business Goals and Objectives
  • Information Security Strategy Objectives
  • Ensuring Objective and Business Integration
  • Avoiding Common Pitfalls and Bias
  • Desired State
  • Elements of a Strategy

Module 5: Information Governance Frameworks and Standards

  • Security Balanced Scorecard
  • Architectural Approaches
  • Enterprise Risk Management Framework
  • Information Security Management Frameworks and Models

Module 6: Strategic Planning

  • Workforce Composition and Skills
  • Assurance Provisions
  • Risk Assessment and Management
  • Action Plan to Implement Strategy
  • Information Security Programme Objectives
Domain 2: Information Security Risk Management

Module 7: Emerging Risk and Threat Landscape

  • Risk Identification
  • Threats
  • Defining a Risk Management Framework
  • Emerging Threats
  • Risk, Likelihood and Impact
  • Risk Register

Module 8: Vulnerability and Control Deficiency Analysis

  • Introduction
  • Security Control Baselines
  • Events Affecting Security Baselines

Module 9: Risk Assessment and Analysis

  • Introduction
  • Determining the Risk Management Context
  • Operational Risk Management
  • Risk Management Integration with IT Life Cycle Management Processes
  • Risk Scenarios
  • Risk Assessment Process
  • Risk Assessment and Analysis Methodologies
  • Other Risk Assessment Approaches
  • Risk Analysis
  • Risk Evaluation
  • Risk Ranking

Module 10: Risk Treatment or Risk Response Options

  • Risk Treatment/Risk Response Options
  • Determining Risk Capacity and Acceptable Risk (Risk Appetite)
  • Risk Response Options
  • Risk Acceptance Framework
  • Inherent and Residual Risk
  • Impact
  • Controls
  • Legal and Regulatory Requirements
  • Costs and Benefits

Module 11: Risk and Control Ownership

  • Risk Ownership and Accountability
  • Risk Owner
  • Control Owner

Module 12: Risk Monitoring and Reporting

  • Risk Monitoring
  • Key Risk Indicators
  • Reporting Changes in Risk
  • Risk Communication, Awareness and Consulting
  • Documentation
Domain 3: Information Security Programme Development and Management

Module 13: Information Security Programme Resources

  • Introduction
  • Information Security Programme Objectives
  • Information Security Programme Concepts
  • Common Information Security Programme Challenges
  • Common Information Security Programme Constraints

Module 14: Information Asset Identification and Classification

  • Information Asset Identification and Valuation
  • Information Asset Valuation Strategies
  • Information Asset Classification
  • Methods to Determine Criticality of Assets and Impact of Adverse Events

Module 15: Industry Standards and Frameworks for Information Security

  • Enterprise Information Security Architectures
  • Information Security Management Frameworks
  • Information Security Frameworks Components

Module 16: Information Security Policies, Procedures, and Guidelines

  • Policies
  • Standards
  • Procedures
  • Guidelines

Module 17: Information Security Programme Metrics

  • Introduction
  • Effective Security Metrics
  • Security Programme Metrics and Monitoring
  • Metrics Tailored to Enterprise Needs

Module 18: Information Security Control Design and Selection

  • Introduction
  • Managing Risk Through Controls
  • Controls and Countermeasures
  • Control Categories
  • Control Design Considerations
  • Control Methods

Module 19: Security Programme Management

  • Risk Management
  • Risk Management Programme
  • Risk Treatment
  • Audit and Reviews
  • Third-Party Risk Management

Module 20: Security Programme Operations

  • Event Monitoring
  • Vulnerability Management
  • Security Engineering and Development
  • Network Protection
  • Endpoint Protection and Management
  • Identity and Access Management
  • Security Incident Management
  • Security Awareness Training
  • Managed Security Service Providers
  • Data Security
  • Cryptography
  • Symmetric Key Algorithms

Module 21: IT Service Management

  • Service Desk
  • Incident Management
  • Problem Management
  • Change Management
  • Configuration Management
  • Release Management
  • Service Levels Management
  • Financial Management
  • Capacity Management
  • Service Continuity Management
  • Availability Management
  • Asset Management

Module 22: Controls

  • Internal Control Objectives
  • Information Systems Control Objectives
  • General Computing Controls
  • Control Frameworks
  • Controls Development
  • Control Assessment

Module 23: Metrics and Monitoring

  • Types of Metrics
  • Audiences
  • Continuous Improvement
Domain 4: Information Security Incident Management

Module 24: Security Incident Response Overview

  • Phases of Incident Response

Module 25: Incident Response Plan Development

  • Objectives
  • Maturity
  • Resources
  • Roles and Responsibilities
  • Gap Analysis
  • Plan Development

Module 26: Responding to Security Incidents

  • Detection
  • Initiation
  • Evaluation
  • Recovery
  • Remediation
  • Closure
  • Post-Incident Review

Module 27: Business Continuity and Disaster Recovery Planning

  • Business Continuity Planning
  • Disaster
  • Disaster Recovery Planning
  • Testing BC and DR Planning
  • Types of Social Engineering Attacks
  • Why Employees are Susceptible to Social Engineering?
  • Social Engineering Defences

Module 23: Asset Security

  • Asset Inventory and Configuration
  • Secure Configuration Baselines
  • Vulnerability Management
  • Asset Security Techniques

Module 24: Data Security

  • Data at Rest
  • Data in Transit
  • Data in Use
  • Data Life Cycle

Module 25: Identity and Access Management

  • Identity and Access Management Fundamentals
  • Identity Management Technologies
  • Authentication Factors and Mechanisms
  • Access Control Principles
  • Access Control Models
  • Access Control Administration
  • Identity and Access Management Life Cycle

Module 26: Communication and Network Security

  • WANs and LANs
  • IP Addressing
  • Network Address Translation
  • Network Protocols and Communications
  • Wireless
  • Network Technologies and Defences

Module 27: Cryptography

  • Cryptography
  • Cryptographic Definitions
  • Cryptographic Services
  • Symmetric, Asymmetric, And Hybrid Cryptosystems
  • Hash Algorithms
  • Message Authentication Codes
  • Digital Signatures
  • Public Key Infrastructure

Module 28: Cloud Security

  • Cloud Security
  • Cloud Computing Characteristics
  • Cloud Deployment Models
  • Cloud Service Models
  • Cloud Security Risks and Assurance Levels
  • Cloud Security Resources

Module 29: Physical Security

  • Making Security Decisions
  • Physical Security Threats
  • Physical Security Programme Planning
  • Physical Security Resources
  • Physical Security Controls
  • Physical Security Auditing and Measurement

Module 30: Personnel Security

  • Personnel Security
  • Software Development Security
  • Integrating Security into the SDLC
  • Security SDLC Roles and Responsibilities
  • Software Vulnerabilities
  • Secure Coding Practices
  • Software Vulnerability Analysis and Assessments

Module 31: Forensics, Incident Handling, and Investigations

  • Relevant Law
  • Logging and Monitoring
  • Incident Response and Investigations
  • Forensics and Digital Evidence

Module 32: Security Assessment and Testings

  • Introduction to Security Assessment and Testings
  • Vulnerability Assessments
  • Penetration Testing
  • Security Programme Assessments

Module 33: Business Continuity and Disaster Recovery

  • Introduction to Business Continuity and Disaster Recovery
  • Continuity Planning Initiation
  • Business Impact Analysis
  • Identify Preventive Controls
  • Develop Recovery Strategies and Solutions
  • Develop the Plan
  • Test the Plan
  • Maintain the Plan
DPO Training

What’s included?

World-Class Training Sessions from Experienced Instructors
CISM Certificate
Digital Delegate Pack

Find Out More

Other Courses

CISSP Training
CCISO Training
CCSP Training
CCS-PRO Training
Security Awareness Training

Certified Information Security Manager (CISM) Training Course

£2295.00 + VAT

Enrol Today

Take your career to the next level

Enrol Today

WE CAN PROVIDE A DISCOUNT FOR MULTIPLE PEOPLE

We can enrol you today, you will get the course details via email

Contact Us

Contact us.

CISM Training
First
Last
Data Protection - Please give your explicit consent for the processing of your personal data.

logo

Office Hours

We are available during UK office hours.

Call Us : +44 330 027 2161
We are open from Monday to Friday
9.00 AM - 5.00 PM

Quick Links

Services

Company Overview

Cyber Security 4 you is a trading name of Cyber21 Limited, a UK registered Limited Company.

The company provides affordable and cost-effective cyber security and data protection services and solutions.

Cyber21 Limited © Copyright 2025

Cyber Security 4 you
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.