[0]

ISACA - CISM

Overview CurriculumWhat's IncludedTestimonialsPricing

Getting CISM certified shows you have arrived.
The knowledge that comes with it shows how you got there.

During our 5-day ISACA CISM (Certified Information Security Manager) Certification Training Camp, students will live, learn, and take the exams at one of our state-of-the-art education centers. This blended-learning course employs outcome-based (Lecture | Lab | Review)™ delivery that focuses on preparing you with the real-world skills required to pass the certification exams (and to hit the ground running in your career). The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise’s information security (IS).

HOW WE ARE BETTER

You will get certified.

We save you time. And money.

Our experts make learning easier.

We guarantee it.

Contact Us

A few reasons to get certified.

75% of managers believe that certification is important to team performance.

66% of managers believe that certification improves the level of service and support offered to IT end users/customers.

55% of hiring managers consider employee certification as criterion for hiring.

65% of certified professionals surveyed had been in their jobs 24 months or longer.

(Sources: Fairfield Research survey, Zoomerang, “Prometric IT Candidate Study”, IDC whitepaper, “Value of Certification, Nov 2006”)

Is this course right for you?

Students must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. Relevant job titles include:

Computing/Networking/Information Technology (IT) Security Consultant
Computing / Networking / Information Technology Security Engineer
Chief Information Officer (CIO)
Information Systems Auditor
Security Architect

Each training day is segmented into Lecture, Lab, and Review components that cater to a student's multiple learning styles (auditory, visual, and kinesthetic-tactual).

*Note that significant changes may be made to the schedule on a daily basis to ensure that the goals of the course are met.

Information Security Governance
Topics	Information security concepts. The relationship between information security and business operations techniques used to secure senior management commitment and support of information security management. Methods of integrating information security governance into the overall enterprise governance framework. Practices associated with an overall policy directive that captures senior management. Level direction and expectations for information security in laying the foundation for information security management within an organization. An information security steering group function. Information security management roles, responsibilities and organizational structure. Areas of governance (for example, risk management, data classification management, network security, system access). Centralized and decentralized approaches to coordinating information security. Legal and regulatory issues associated with Internet businesses, global transmissions and transborder data flows (for example, privacy, tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security). Common insurance policies and imposed conditions (for example, crime or fidelity insurance, business interruptions). The requirements for the content and retention of business records and compliance. The process for linking policies to enterprise business objectives. The function and content of essential elements of an information security program (for example, policy statements, procedures and guidelines). Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures. Information security process improvement and its relationship to traditional process management. Information security process improvement and its relationship to security architecture development and modeling. Information security process improvement and its relationship to security infrastructure. Generally accepted international standards for information security management and related process improvement models. The key components of cost benefit analysis and enterprise transformation/migration plans (for example, architectural alignment, organizational positioning, change management, benchmarking, market/competitive analysis). Methodology for business case development and computing enterprise value proposition.
Risk Management
Topics	Information resources used in support of business processes. Information resource valuation methodologies. Information classification. The principles of development of baselines and their relationship to risk-based assessments of control requirements. Life-cycle-based risk management principles and practices. Threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources. Quantitative and qualitative methods used to determine sensitivity and criticality of information resources and the impact of adverse events. Use of gap analysis to assess generally accepted standards of good practice for information security management against current state. Recovery time objectives (RTO) for information resources and how to determine RTO. RTO and how it relates to business continuity and contingency planning objectives and processes. Risk mitigation strategies used in defining security requirements for information resources supporting business applications. Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels. Managing and reporting status of identified risks.
Information Security Program Management
Topics	Methods to develop an implementation plan that meets security requirements identified in risk analyses. Project management methods and techniques. The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise. Security baselines and configuration management in the design and management of business applications and the infrastructure. Information security architectures: (for example, single sign-on, rules-based as opposed to list-based system access control for systems, limited points of systems administration). Information security technologies (for example, cryptographic techniques and digital signatures, to enable management to select appropriate controls). Security procedures and guidelines for business processes and infrastructure activities. The systems development life cycle methodologies (for example, traditional SDLC, prototyping). Planning, conducting, reporting and follow-up of security testing. Certifying and accrediting the compliance of business applications and infrastructure to the enterprise's information security governance framework. Types, benefits and costs of physical, administrative and technical controls. Planning, designing, developing, testing and implementing information security requirements into an enterprise's business processes. Security metrics design, development and implementation. Acquisition management methods and techniques (for example, evaluation of vendor service level agreements, preparation of contracts).
Information Security Management
Topics	How to interpret information security policies into operational use. Information security administration process and procedures. Methods for managing the implementation of the enterprise's information security program through third parties including trading partners and security services providers. Continuous monitoring of security activities in the enterprise's infrastructure and business applications. Methods used to manage success/failure in information security investments through data collection and periodic review of key performance indicators. Change and configuration management activities. Information security management due diligence activities and reviews of the infrastructure. Liaison activities with internal/external assurance providers performing information security reviews. Due diligence activities, reviews and related standards for managing and controlling access to information resources. External vulnerability reporting sources, which provide information that may require changes to the information security in applications and infrastructure. Events affecting security baselines that may require risk reassessments and changes to information security requirements in security plans, test plans and performance. Information security problem management practices. Information security manager facilitative roles as change agents, educators and consultants. The ways in which culture and cultural differences affect the behavior of staff. The activities that can change culture and behavior of staff. Methods and techniques for security awareness training and education.
Response Management
Topics	The components of an incident response capability. Information security emergency management practices (for example, production change control activities, development of computer emergency response team). Disaster recovery planning and business recovery processes. Disaster recovery testing for infrastructure and critical business applications. Escalation processes for effective security management. Intrusion detection policies and processes. Help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks. The notification process in managing security incidents and recovery: (for example, automated notice and recovery mechanisms for example in response to virus alerts in a real-time fashion). The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence. Post-incident reviews and follow-up procedures.

Training Camp offers the highest quality technical education and certification training in an all-inclusive course package specifically designed for the needs and ease of our students. We attend to every detail so our students can focus solely on learning and certification objectives.

	Intensive Hands-on Training by Certified Trainers Utilizing Our (Lecture \| Lab \| Review)™ Delivery		Extended Lab and Instructor Access
	Optional Package of Hotel Accommodations, Lunch, Unlimited Beverages, Snacks, and Freshly-brewed Coffee Available		Blended-learning Instruction Comprised of Comprehensive Study Materials, Lab Manuals, and Practice Exams
	Examination Passing Policy Guarantee More Details
	Should a student complete a Training Camp Program without having successfully passed all vendor examinations, the student may re-attend that program for a period of one year. Students will only be responsible for accommodation and vendor exam fees.

Training Camp is proud to share in our students' success. Here is what they are saying about us:

The class was very good and informative. Andrew was a great instructor and added a lot to the class with anecdotes from experience.

Gary Holtz, Hewlett Packard

The experience in Training Camp was amazing. Having an instructor that is currently working on the field is one of the most valuable assets of the course. The material is covered in a very eloquent manner in which it is easy to understand and apply

Christian Nanne, Sisap, inc

I thought the Training Camp was a very intense experience that allowed me to learn a great deal in a small amount of time. All of the amenities where there and the objectives were fulfilled.

James M. Bean, jmbEnterprise