Course description

  • What are the course objectives?

    This CISM certification training from Simplilearn will give you the requisite skillsets to design, deploy and manage security architecture for your organization. The course is aligned with ISACA best practices and is designed to help you pass the CISM exam on your first attempt. Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification, and it is considered essential to ongoing education and career development. This course will see that you are well-equipped to manage the ongoing security, compliance and governance of your IT organization.

  • What skills will you learn?

    By the end of this training you will be able to:
    • Define and design security architecture for your IT operation
    • Develop a working knowledge of the four domains prescribed by the ISACA Exam Candidate Information Guide 2015
    • Demonstrate a deep understanding of the relationship between information security programs and broader business goals and objectives.
    • Focus on IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework
    • Earn the requisite 16 CPEs required to take the CISM certification exam
    • Acquire the relevant knowledge and skills required to pass the CISM certification exam

  • Who should take this course?

    CISM certification is a globally recognized professional requirement in the IT Security domain. This certification is best suited for:
    • Security consultants and managers
    • IT directors and managers
    • Security auditors and architects
    • Security systems engineers
    • Chief Information Security Officers (CISOs)
    • Information security managers
    • IS/IT consultants
    • Chief Compliance/Privacy/Risk Officers

Course preview

    • Domain 01: Information Security Governance 3:47:44
      • Lesson 1: Information Security Governance Overview 00:53
      • Information Security Governance Overview Part 1 01:12
      • Information Security Governance Overview Part 2 02:00
      • Information Security Governance Overview Part 3 01:22
      • Information Security Governance Overview Part 4 01:32
      • Information Security Governance Overview Part 5 00:29
      • Importance of Information Security Governance Part 1 01:19
      • Importance of Information Security Governance Part 2 06:20
      • Outcomes of Information Security Governance Part 1 00:33
      • Outcomes of Information Security Governance Part 2 01:26
      • Outcomes of Information Security Governance Part 3 02:45
      • Outcomes of Information Security Governance Part 4 01:27
      • Outcomes of Information Security Governance Part 5 01:54
      • Outcomes of Information Security Governance Part 6 01:28
      • Lesson 2: Effective Information Security Governance 00:31
      • Business Goals and Objectives Part 1 01:31
      • Business Goals and Objectives Part 2 02:00
      • Roles and Responsibilities of Senior Management Part 1 01:02
      • Roles and Responsibilities of Senior Management Part 2 00:43
      • Domain Tasks Part 1 01:21
      • Domain Tasks Part 2 03:16
      • Business Model for Information Security Part 1 00:45
      • Business Model for Information Security Part 2 01:09
      • Business Model for Information Security Part 3 03:16
      • Business Model for Information Security Part 4 01:37
      • Dynamic Interconnections Part 1 00:34
      • Dynamic Interconnections Part 2 02:55
      • Dynamic Interconnections Part 3 01:55
      • Dynamic Interconnections Part 4 00:51
      • Lesson 3: Information Security Concepts and Technologies 03:26
      • Information Security Concepts and Technologies Part 1 02:58
      • Information Security Concepts and Technologies Part 2 03:25
      • Information Security Concepts and Technologies Part 3 01:50
      • Technologies Part 1 01:41
      • Technologies Part 2 06:12
      • Lesson 4: Information Security Manager 00:33
      • Responsibilities 01:48
      • Senior Management Commitment Part 1 00:48
      • Senior Management Commitment Part 2 02:27
      • Obtaining Senior Management Commitment Part 1 00:24
      • Obtaining Senior Management Commitment Part 2 00:53
      • Establishing Reporting and Communication Channels Part 1 01:13
      • Establishing Reporting and Communication Channels Part 2 01:07
      • Lesson 5: Scope and Charter of Information Security Governance 01:55
      • Assurance Process Integration and Convergence 02:24
      • Convergence 02:32
      • Governance and Third-Party Relationships 02:38
      • Lesson 6: Information Security Governance Metrics 00:56
      • Metrics 01:38
      • Effective Security Metrics Part 1 01:46
      • Effective Security Metrics Part 2 01:01
      • Effective Security Metrics Part 3 01:51
      • Effective Security Metrics Part 4 00:39
      • Security Implementation Metrics 01:17
      • Strategic Alignment Part 1 02:56
      • Strategic Alignment Part 2 01:10
      • Risk Management 01:14
      • Value Delivery 01:02
      • Resource Management Part 1 00:47
      • Resource Management Part 2 00:41
      • Performance Measurement 03:06
      • Assurance Process Integration/Convergence 02:54
      • Lesson 7: Information Security Strategy Overview 00:53
      • Another View of Strategy 00:41
      • Lesson 8: Creating Information Security Strategy 00:16
      • Information Security Strategy 01:22
      • Common Pitfalls Part 1 04:38
      • Common Pitfalls Part 2 02:19
      • Objectives of the Information Security Strategy 01:33
      • What is the Goal? 01:40
      • Defining Objectives 01:23
      • Business Linkages 01:48
      • Business Case Development Part 1 01:44
      • Business Case Development Part 2 02:36
      • Business Case Development Part 3 00:45
      • Business Case Objectives 00:57
      • The Desired State 01:48
      • COBIT 01:08
      • COBIT Controls 01:09
      • COBIT Framework 00:48
      • Capability Maturity Model 01:38
      • Balanced Scorecard 01:22
      • Architectural Approaches 01:03
      • ISO/IEC 27001 and 27002 01:00
      • Risk Objectives Part 1 01:39
      • Risk Objectives Part 2 03:11
      • Lesson 9: Determining Current State Of Security 00:45
      • Current Risk Part 1 02:37
      • Current Risk Part 2 01:11
      • BIA 01:11
      • Lesson 10: Information Security Strategy Development 01:52
      • The Roadmap 01:01
      • Elements of a Strategy 03:27
      • Strategy Resources and Constraints 02:45
      • Lesson 11: Strategy Resources 00:32
      • Policies and Standards 01:00
      • Definitions 05:48
      • Enterprise Information Security Architectures 01:30
      • Controls 03:00
      • Countermeasures 00:55
      • Technologies 01:50
      • Personnel 01:54
      • Organizational Structure 03:47
      • Employee Roles and Responsibilities 00:28
      • Skills 01:16
      • Audits 01:41
      • Compliance Enforcement 02:24
      • Threat Assessment 01:41
      • Vulnerability Assessment 02:21
      • Risk Assessment 02:19
      • Insurance 02:04
      • Business Impact Assessment 02:32
      • Outsourced Security Providers 02:57
      • Lesson 12: Strategy Constraints 00:23
      • Legal and Regulatory Requirements 01:43
      • Physical Constraints 02:56
      • The Security Strategy 01:36
      • Lesson 13: Action Plan to Implement Strategy 01:13
      • Gap Analysis Part 1 01:35
      • Gap Analysis Part 2 00:52
      • Gap Analysis Part 3 03:01
      • Policy Development Part 1 01:41
      • Policy Development Part 2 01:00
      • Standards Development 02:44
      • Training and Awareness 00:35
      • Action Plan Metrics 01:23
      • General Metric Considerations Part 1 00:23
      • General Metric Considerations Part 2 00:35
      • General Metric Considerations Part 3 00:43
      • General Metric Considerations Part 4 00:23
      • CMM4 Statements 02:00
      • Objectives for CMM4 00:47
      • Section Review 00:44
    • Knowledge Check
      • Knowledge Check 1
    • Domain 02: Information Risk Management and Compliance 2:22:21
      • Lesson 1: Risk Management Overview 00:59
      • Risk Management Overview 01:51
      • Types of Risk Analysis 07:08
      • The Importance of Risk Management 02:14
      • Risk Management Outcomes 01:35
      • Risk Management Strategy 01:49
      • Lesson 2: Good Information Security Risk Management 04:14
      • Context and Purpose 03:08
      • Scope and Charter 00:39
      • Assets 02:31
      • Other Risk Management Goals 02:02
      • Roles and Responsibilities 02:51
      • Lesson 3: Information Security Risk Management Concepts 06:06
      • Technologies 06:39
      • Lesson 4: Implementing Risk Management 02:08
      • The Risk Management Framework 02:00
      • The External Environment 01:48
      • The Internal Environment 02:06
      • The Risk Management Context 00:47
      • Gap Analysis 02:21
      • Other Organizational Support 04:09
      • Lesson 5: Risk Assessment 01:19
      • NIST Risk Assessment Methodology 03:49
      • Aggregated or Cascading Risk 02:54
      • Other Risk Assessment Approaches 01:18
      • Identification of Risks 01:49
      • Threats 01:08
      • Vulnerabilities Part 1 02:11
      • Vulnerabilities Part 2 04:10
      • Risks 01:36
      • Analysis of Relevant Risks 01:48
      • Risk Analysis 02:29
      • Semi -Quantitative Analysis 01:52
      • Quantitative Analysis Example 04:14
      • Evaluation of Risks 00:46
      • Risk Treatment Options 04:39
      • Impact 02:59
      • Lesson 6: Controls Countermeasures 00:25
      • Controls 04:43
      • Residual Risk 03:38
      • Information Resource Valuation 01:33
      • Methods of Valuing Assets 01:36
      • Information Asset Classification 03:32
      • Determining Classification 02:05
      • Impact Part 1 03:53
      • Impact Part 2 01:03
      • Lesson 7: Recovery Time Objectives 00:49
      • Recovery Point Objectives 04:18
      • Service Delivery Objectives 01:58
      • Third-Party Service Providers 01:44
      • Working with Lifecycle Processes 02:08
      • IT System Development 02:11
      • Project Management Part 1 00:46
      • Project Management Part 2 02:10
      • Lesson 8: Risk Monitoring and Communication 01:17
      • Risk Monitoring and Communication 00:38
      • Other Communications 01:25
      • Section Review 01:01
    • Knowledge Check
      • Knowledge Check 2
    • Domain 03: Information Security Program Development and Management 4:07:00
      • Introduction 00:30
      • Lesson 1: Development of Information Security Program 02:50
      • Importance of the Program 00:52
      • Outcomes of Security Program Development 01:47
      • Effective Information Security Program Development 04:59
      • Lesson 2: Information Security Program Objectives 01:55
      • Cross Organizational Responsibilities 00:10
      • Program Objectives Part 1 02:23
      • Program Objectives Part 2 01:18
      • Defining Objectives Part 1 02:11
      • Defining Objectives Part 2 01:08
      • Lesson 3: Information Security Program Development Concepts Part 1 04:02
      • Information Security Program Development Concepts Part 2 05:39
      • Technology Resources 02:44
      • Information Security Manager 01:25
      • Lesson 4: Scope and Charter of Information Security Program Development 00:30
      • Assurance Function Integration 01:35
      • Challenges in Developing Information Security Program 01:54
      • Pitfalls 02:48
      • Objectives of the Security Program 02:06
      • Program Goals 02:52
      • The Steps of the Security Program 01:46
      • Defining the Roadmap Part 1 01:38
      • Defining the Roadmap Part 2 00:58
      • Elements of the Roadmap Part 1 01:18
      • Elements of the Roadmap Part 2 00:34
      • Elements of the Roadmap Part 3 01:57
      • Elements of the Roadmap Part 4 01:17
      • Elements of the Roadmap Part 5 00:18
      • Gap Analysis 00:44
      • Lesson 5: Information Security Management Framework 00:15
      • Security Management Framework 04:55
      • COBIT 5 05:59
      • ISO/IEC 27001 04:30
      • Lesson 6: Information Security Framework Components 00:13
      • Operational Components Part 1 01:56
      • Operational Components Part 2 03:11
      • Management Components 01:31
      • Administrative Components 03:29
      • Educational and Informational Components 01:25
      • Lesson 7: Information Security Program Resources 01:32
      • Resources 03:27
      • Documentation 00:54
      • Enterprise Architecture Part 1 04:29
      • Enterprise Architecture Part 2 01:54
      • Enterprise Architecture Part 3 01:11
      • Controls as Strategy Implementation Resources Part 1 03:42
      • Controls as Strategy Implementation Resources Part 2 02:19
      • Controls as Strategy Implementation Resources Part 3 04:35
      • Controls as Strategy Implementation Resources Part 4 02:19
      • Common Control Practices 01:41
      • Countermeasures 00:37
      • Technologies Part 1 01:13
      • Technologies Part 2 01:52
      • Technologies Part 3 01:39
      • Technologies Part 4 05:38
      • Personnel Part 1 02:00
      • Personnel Part 2 02:56
      • Security Awareness 01:28
      • Awareness Topics 05:18
      • Formal Audits 01:16
      • Compliance Enforcement 01:03
      • Project Risk Analysis 03:09
      • Other Actions 02:58
      • Other Organizational Support 01:21
      • Program Budgeting Part 1 01:03
      • Program Budgeting Part 2 02:19
      • Lesson 8: Implementing an Information Security Program 00:13
      • Policy Compliance 02:38
      • Standards Compliance 02:44
      • Training and Education 01:43
      • ISACA Control Objectives 03:52
      • Third-party Service Providers Part 1 01:08
      • Third-party Service Providers Part 2 04:22
      • Integration into Lifecycle Processes 02:14
      • Monitoring and Communication 03:33
      • Documentation 01:33
      • The Plan of Action Part 1 01:17
      • The Plan of Action Part 2 01:36
      • Lesson 9: Information Infrastructure and Architecture 00:53
      • Managing Complexity Part 1 04:42
      • Managing Complexity Part 2 01:45
      • Objectives of Information Security Architectures Part 1 01:30
      • Objectives of Information Security Architectures Part 2 01:15
      • Physical and Environmental Controls 03:32
      • Lesson 10: Information Security Program 03:03
      • Information Security Program Deployment Metrics 02:27
      • Metrics 02:02
      • Strategic Alignment 00:53
      • Risk Management 01:41
      • Value Delivery 00:35
      • Resource Management 01:22
      • Assurance Process Integration 00:27
      • Performance Measurement 00:41
      • Security Baselines 00:38
      • Lesson 11: Security Program Services and Operational Activities 00:48
      • IS Liaison Responsibilities Part 1 10:17
      • IS Liaison Responsibilities Part 2 02:28
      • Cross-Organizational Responsibilities 01:34
      • Security Reviews and Audits Part 1 03:27
      • Security Reviews and Audits Part 2 01:38
      • Management of Security Technology 01:25
      • Due Diligence Part 1 04:10
      • Due Diligence Part 2 01:36
      • Compliance Monitoring and Enforcement Part 1 02:02
      • Compliance Monitoring and Enforcement Part 2 01:46
      • Assessment of Risk and Impact Part 1 02:16
      • Assessment of Risk and Impact Part 2 01:28
      • Outsourcing and Service Providers 02:33
      • Cloud Computing Part 1 01:36
      • Cloud Computing Part 2 01:54
      • Cloud Computing Part 3 02:23
      • Integration with IT Processes 00:42
      • Section Review 01:13
    • Knowledge Check
      • Knowledge Check 3
    • Domain 04: Information Security Incident Management 4:17:31
      • Lesson 1: Incident Management Overview Part 1 00:47
      • Incident Management Overview Part 2 03:08
      • Incident Management Overview Part 3 03:45
      • Types of Events Part 1 02:43
      • Types of Events Part 2 03:20
      • Goals of Incident Management Part 1 04:45
      • Goals of Incident Management Part 2 06:31
      • Goals of Incident Management Part 3 03:26
      • Lesson 2: Incident Response Procedures Part 1 00:23
      • Incident Response Procedures Part 2 03:40
      • Importance of Incident Management 08:01
      • Outcomes of Incident Management 03:50
      • Incident Management 01:34
      • Concepts Part 1 03:44
      • Concepts Part 2 01:35
      • Concepts Part 3 01:34
      • Incident Management Systems Part 1 04:02
      • Incident Management Systems Part 2 00:53
      • Lesson 3: Incident Management Organization 02:30
      • Responsibilities Part 1 03:44
      • Responsibilities Part 2 02:58
      • Responsibilities Part 3 05:10
      • Senior Management Commitment 01:02
      • Lesson 4: Incident Management Resources 00:25
      • Policies and Standards 00:36
      • Incident Response Technology Concepts 11:11
      • Personnel 03:11
      • Roles and Responsibilities (eNotes) 08:24
      • Skills 08:09
      • Awareness and Education 01:20
      • Audits 02:49
      • Lesson 5: Incident Management Objectives 00:17
      • Defining Objectives 00:48
      • The Desired State 03:29
      • Strategic Alignment 06:42
      • Other Concerns 02:32
      • Lesson 6: Incident Management Metrics and Indicators 05:14
      • Implementation of the Security Program Management 03:01
      • Management Metrics and Monitoring Part 1 01:35
      • Management Metrics and Monitoring Part 2 02:48
      • Other Security Monitoring Efforts 04:24
      • Lesson 7: Current State of Incident Response Capability 00:11
      • Threats 04:39
      • Vulnerabilities 06:15
      • Lesson 8: Developing an Incident Response Plan 00:44
      • Elements of an Incident Response Plan 08:19
      • Gap Analysis 03:05
      • BIA Part 1 05:05
      • BIA Part 2 02:48
      • Escalation Process for Effective IM 02:45
      • Help Desk Processes for Identifying Security Incidents 01:27
      • Incident Management and Response Teams 02:10
      • Organizing, Training, and Equipping the Response Staff 01:55
      • Incident Notification Process 00:55
      • Challenges in making an Incident Management Plan 02:18
      • Lesson 9: BCP/DRP 07:49
      • Goals of Recovery Operations Part 1 02:02
      • Goals of Recovery Operations Part 2 01:57
      • Choosing a Site Selection Part 1 05:37
      • Choosing a Site Selection Part 2 01:18
      • Implementing the Strategy 03:58
      • Incident Management Response Teams 02:10
      • Network Service High-availability 04:17
      • Storage High-availability 04:01
      • Risk Transference 01:27
      • Other Response Recovery Plan Options 01:29
      • Lesson 10: Testing Response and Recovery Plans 02:17
      • Periodic Testing 01:17
      • Analyzing Test Results Part 1 02:06
      • Analyzing Test Results Part 2 03:39
      • Measuring the Test Results 00:57
      • Lesson 11: Executing the Plan 01:56
      • Updating the Plan 01:15
      • Intrusion Detection Policies 01:38
      • Who to Notify about an Incident 01:52
      • Recovery Operations 01:53
      • Other Recovery Operations 01:57
      • Forensic Investigation 03:05
      • Hacker / Penetration Methodology 11:50
      • Section Review 01:15
      • Sequence 05 01:53
    • Knowledge Check
      • Knowledge Check 4
    • {{childObj.title}}
      • {{childObj.childSection.chapter_name}}
        • {{lesson.title}}
      • {{lesson.title}}

    View More

    View Less

Exam & certification FREE PRACTICE TEST

  • How do you become a CISM certified professional?

    To become CISM certified, you must meet the following requirements:

    • Successful completion of the CISM examination
    • Adherence to the ISACA Code of Professional Ethics
    • Agree to comply with the Continuing Education Policy
    • Five years of work experience in the field of information security, three of which must be as an information security manager. Work experience must be gained in three of the four CISM domains. All information must be verified independently by employers.
    • Submit an application for CISM certification within five years from the date of initially passing the exam
     
    For additional information on how to become a certified CISM professional and to understand the CISM certification requirements, please visit:
    http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/How-to-Become-Certified/Pages/default.aspx

  • What are the prerequisites for CISM certification?

    To become a CISM certified professional, you need to fulfill the following criteria:
    • A completed application must be submitted within 5 years from the date of initially passing the examination.
    • All experience must be verified independently with employers.
    • This experience must have been gained within the 10-year period preceding the application date for certification or within five years of passing the examination.
    • Three (3) years of the five (5) years of work experience must be gained performing the role of an information security manager
    • In addition, this work experience must be broad and gained in three (3) of the four (4) CISM® domains

  • What do I need to do to unlock my certificate?

    Online Self-learning
    • Complete 85% of the course
    • Complete one simulation test with a minimum score of 60%

Course advisor

Dean Pompilio
Dean Pompilio Technical Trainer, Owner- Steppingstonesolutions Inc

Mr.Pompilio has been an IT Professional since 1989. He has worn many hats along the way and holds over 20 IT certifications which include EC-Council CEI, CEH, CHFI, CISSP, CISA, CISM. His passion is to help IT professionals achieve their training goals and career growth.

FAQs

  • What do I get with the training program?

    You will gain access to our e-learning content, practice simulation tests to help you tackle the toughest CISM exam questions and an online participant handbook to cross-reference an reinforce your learning.

  • Is the exam fee included in the course fee?

    No. The CISM exam fee is not included in the course fee as it is directly paid to ISACA for membership, application and examination.

  • What is the structure of the CISM certification exam?

    ISACA uses and reports scores on a common scale of 200 to 800. For example, the scaled score of 800 represents a perfect score with all questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly. You must achieve a score of 450 or higher to pass the CISM exam.

  • What is the CISM certification cost?

    The CISM Certification cost varies from $450 - $760 based on the type of registration and whether you are a registered member or not.
     
    For additional information, please visit:
    http://www.isaca.org/certification/pages/exam-registration.aspx

  • What certification will I receive after completing the training?

    After successful completion of the CISM training, you will be awarded the course completion certificate along with the 16 CPE certificate from Simplilearn.

  • What is the date of the next CISM exam?

    CISM exams are conducted three times a year, in July, September and December. To find exam locations and dates please visit: www.isaca.org/certification/pages/exam-locations.aspx

  • Can I defer my exam?

    If you are unable to take the exam, you can request a deferral of your registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit: http://www.isaca.org/certification/pages/exam-deferral.aspx.

  • Do you provide assistance for the exam application process?

    Yes, we do provide assistance for the exam application process. You can submit any questions or concerns you have at community.simplilearn.com.

  • How does Simplilearn assure that the material and the training delivered are effective?

    Our CISM certification training is designed for you to pass the exams on your first attempt. With a hands-on learning approach and Global Learning Framework, the training not only gives you the confidence to pass the exam, but also helps you retain knowledge beyond the exam.

  • If I need to cancel my enrollment, can I get a refund?

    Yes, you can cancel your enrollment if necessary. We will refund the course price after deducting an administration fee. To learn more, please read our Refund Policy.

  • How can I learn more about this training program?

    Contact us using the form on the right of any page on the Simplilearn website, or select the Live Chat link. Our customer service representatives can provide you with more details.

  • What is Global Teaching Assistance?

    Our teaching assistants are a dedicated team of subject matter experts here to help you get certified in your first attempt. They engage students proactively to ensure the course path is being followed and help you enrich your learning experience, from class onboarding to project mentoring and job assistance. Teaching Assistance is available during business hours.

  • What is covered under the 24/7 Support promise?

    We offer 24/7 support through email, chat, and calls. We also have a dedicated team that provides on-demand assistance through our community forum. What’s more, you will have lifetime access to the community forum, even after completion of your course with us.

  • What does it mean to be GSA approved course?

    The course is part of Simplilearn’s contract with GSA (only US) with special pricing for GSA approved agencies & organizations. To know more click here

  • How do i know if I am eligible to buy this course at GSA price?

    You should be employed with GSA approved agencies & organizations. The list of approved agencies is provided here

    • Disclaimer
    • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.