Course description

  • What are the course objectives?

    This CISM certification training from Simplilearn will give you the requisite skillsets to design, deploy and manage security architecture for your organization. The course is aligned with ISACA best practices and is designed to help you pass the CISM exam on your first attempt. Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification, and it is considered essential to ongoing education and career development. This course will see that you are well-equipped to manage the ongoing security, compliance and governance of your IT organization.

  • What skills will you learn?

    By the end of this training you will be able to:
    • Define and design security architecture for your IT operation
    • Develop a working knowledge of the four domains prescribed by the ISACA Exam Candidate Information Guide 2015
    • Demonstrate a deep understanding of the relationship between information security programs and broader business goals and objectives.
    • Focus on IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework
    • Earn the requisite 16 CPEs required to take the CISM certification exam
    • Acquire the relevant knowledge and skills required to pass the CISM certification exam

  • Who should take this course?

    CISM certification is a globally recognized professional requirement in the IT Security domain. This certification is best suited for:
    • Security consultants and managers
    • IT directors and managers
    • Security auditors and architects
    • Security systems engineers
    • Chief Information Security Officers (CISOs)
    • Information security managers
    • IS/IT consultants
    • Chief Compliance/Privacy/Risk Officers

Course preview

    • Domain 01: Information Security Governance

      3:47:44
      • Lesson 1: Information Security Governance Overview
        00:53
      • Information Security Governance Overview Part 1
        01:12
      • Information Security Governance Overview Part 2
        02:00
      • Information Security Governance Overview Part 3
        01:22
      • Information Security Governance Overview Part 4
        01:32
      • Information Security Governance Overview Part 5
        00:29
      • Importance of Information Security Governance Part 1
        01:19
      • Importance of Information Security Governance Part 2
        06:20
      • Outcomes of Information Security Governance Part 1
        00:33
      • Outcomes of Information Security Governance Part 2
        01:26
      • Outcomes of Information Security Governance Part 3
        02:45
      • Outcomes of Information Security Governance Part 4
        01:27
      • Outcomes of Information Security Governance Part 5
        01:54
      • Outcomes of Information Security Governance Part 6
        01:28
      • Lesson 2: Effective Information Security Governance
        00:31
      • Business Goals and Objectives Part 1
        01:31
      • Business Goals and Objectives Part 2
        02:00
      • Roles and Responsibilities of Senior Management Part 1
        01:02
      • Roles and Responsibilities of Senior Management Part 2
        00:43
      • Domain Tasks Part 1
        01:21
      • Domain Tasks Part 2
        03:16
      • Business Model for Information Security Part 1
        00:45
      • Business Model for Information Security Part 2
        01:09
      • Business Model for Information Security Part 3
        03:16
      • Business Model for Information Security Part 4
        01:37
      • Dynamic Interconnections Part 1
        00:34
      • Dynamic Interconnections Part 2
        02:55
      • Dynamic Interconnections Part 3
        01:55
      • Dynamic Interconnections Part 4
        00:51
      • Lesson 3: Information Security Concepts and Technologies
        03:26
      • Information Security Concepts and Technologies Part 1
        02:58
      • Information Security Concepts and Technologies Part 2
        03:25
      • Information Security Concepts and Technologies Part 3
        01:50
      • Technologies Part 1
        01:41
      • Technologies Part 2
        06:12
      • Lesson 4: Information Security Manager
        00:33
      • Responsibilities
        01:48
      • Senior Management Commitment Part 1
        00:48
      • Senior Management Commitment Part 2
        02:27
      • Obtaining Senior Management Commitment Part 1
        00:24
      • Obtaining Senior Management Commitment Part 2
        00:53
      • Establishing Reporting and Communication Channels Part 1
        01:13
      • Establishing Reporting and Communication Channels Part 2
        01:07
      • Lesson 5: Scope and Charter of Information Security Governance
        01:55
      • Assurance Process Integration and Convergence
        02:24
      • Convergence
        02:32
      • Governance and Third-Party Relationships
        02:38
      • Lesson 6: Information Security Governance Metrics
        00:56
      • Metrics
        01:38
      • Effective Security Metrics Part 1
        01:46
      • Effective Security Metrics Part 2
        01:01
      • Effective Security Metrics Part 3
        01:51
      • Effective Security Metrics Part 4
        00:39
      • Security Implementation Metrics
        01:17
      • Strategic Alignment Part 1
        02:56
      • Strategic Alignment Part 2
        01:10
      • Risk Management
        01:14
      • Value Delivery
        01:02
      • Resource Management Part 1
        00:47
      • Resource Management Part 2
        00:41
      • Performance Measurement
        03:06
      • Assurance Process Integration/Convergence
        02:54
      • Lesson 7: Information Security Strategy Overview
        00:53
      • Another View of Strategy
        00:41
      • Lesson 8: Creating Information Security Strategy
        00:16
      • Information Security Strategy
        01:22
      • Common Pitfalls Part 1
        04:38
      • Common Pitfalls Part 2
        02:19
      • Objectives of the Information Security Strategy
        01:33
      • What is the Goal?
        01:40
      • Defining Objectives
        01:23
      • Business Linkages
        01:48
      • Business Case Development Part 1
        01:44
      • Business Case Development Part 2
        02:36
      • Business Case Development Part 3
        00:45
      • Business Case Objectives
        00:57
      • The Desired State
        01:48
      • COBIT
        01:08
      • COBIT Controls
        01:09
      • COBIT Framework
        00:48
      • Capability Maturity Model
        01:38
      • Balanced Scorecard
        01:22
      • Architectural Approaches
        01:03
      • ISO/IEC 27001 and 27002
        01:00
      • Risk Objectives Part 1
        01:39
      • Risk Objectives Part 2
        03:11
      • Lesson 9: Determining Current State Of Security
        00:45
      • Current Risk Part 1
        02:37
      • Current Risk Part 2
        01:11
      • BIA
        01:11
      • Lesson 10: Information Security Strategy Development
        01:52
      • The Roadmap
        01:01
      • Elements of a Strategy
        03:27
      • Strategy Resources and Constraints
        02:45
      • Lesson 11: Strategy Resources
        00:32
      • Policies and Standards
        01:00
      • Definitions
        05:48
      • Enterprise Information Security Architectures
        01:30
      • Controls
        03:00
      • Countermeasures
        00:55
      • Technologies
        01:50
      • Personnel
        01:54
      • Organizational Structure
        03:47
      • Employee Roles and Responsibilities
        00:28
      • Skills
        01:16
      • Audits
        01:41
      • Compliance Enforcement
        02:24
      • Threat Assessment
        01:41
      • Vulnerability Assessment
        02:21
      • Risk Assessment
        02:19
      • Insurance
        02:04
      • Business Impact Assessment
        02:32
      • Outsourced Security Providers
        02:57
      • Lesson 12: Strategy Constraints
        00:23
      • Legal and Regulatory Requirements
        01:43
      • Physical Constraints
        02:56
      • The Security Strategy
        01:36
      • Lesson 13: Action Plan to Implement Strategy
        01:13
      • Gap Analysis Part 1
        01:35
      • Gap Analysis Part 2
        00:52
      • Gap Analysis Part 3
        03:01
      • Policy Development Part 1
        01:41
      • Policy Development Part 2
        01:00
      • Standards Development
        02:44
      • Training and Awareness
        00:35
      • Action Plan Metrics
        01:23
      • General Metric Considerations Part 1
        00:23
      • General Metric Considerations Part 2
        00:35
      • General Metric Considerations Part 3
        00:43
      • General Metric Considerations Part 4
        00:23
      • CMM4 Statements
        02:00
      • Objectives for CMM4
        00:47
      • Section Review
        00:44
    • Knowledge Check

      • Knowledge Check 1
    • Domain 02: Information Risk Management and Compliance

      2:22:21
      • Lesson 1: Risk Management Overview
        00:59
      • Risk Management Overview
        01:51
      • Types of Risk Analysis
        07:08
      • The Importance of Risk Management
        02:14
      • Risk Management Outcomes
        01:35
      • Risk Management Strategy
        01:49
      • Lesson 2: Good Information Security Risk Management
        04:14
      • Context and Purpose
        03:08
      • Scope and Charter
        00:39
      • Assets
        02:31
      • Other Risk Management Goals
        02:02
      • Roles and Responsibilities
        02:51
      • Lesson 3: Information Security Risk Management Concepts
        06:06
      • Technologies
        06:39
      • Lesson 4: Implementing Risk Management
        02:08
      • The Risk Management Framework
        02:00
      • The External Environment
        01:48
      • The Internal Environment
        02:06
      • The Risk Management Context
        00:47
      • Gap Analysis
        02:21
      • Other Organizational Support
        04:09
      • Lesson 5: Risk Assessment
        01:19
      • NIST Risk Assessment Methodology
        03:49
      • Aggregated or Cascading Risk
        02:54
      • Other Risk Assessment Approaches
        01:18
      • Identification of Risks
        01:49
      • Threats
        01:08
      • Vulnerabilities Part 1
        02:11
      • Vulnerabilities Part 2
        04:10
      • Risks
        01:36
      • Analysis of Relevant Risks
        01:48
      • Risk Analysis
        02:29
      • Semi -Quantitative Analysis
        01:52
      • Quantitative Analysis Example
        04:14
      • Evaluation of Risks
        00:46
      • Risk Treatment Options
        04:39
      • Impact
        02:59
      • Lesson 6: Controls Countermeasures
        00:25
      • Controls
        04:43
      • Residual Risk
        03:38
      • Information Resource Valuation
        01:33
      • Methods of Valuing Assets
        01:36
      • Information Asset Classification
        03:32
      • Determining Classification
        02:05
      • Impact Part 1
        03:53
      • Impact Part 2
        01:03
      • Lesson 7: Recovery Time Objectives
        00:49
      • Recovery Point Objectives
        04:18
      • Service Delivery Objectives
        01:58
      • Third-Party Service Providers
        01:44
      • Working with Lifecycle Processes
        02:08
      • IT System Development
        02:11
      • Project Management Part 1
        00:46
      • Project Management Part 2
        02:10
      • Lesson 8: Risk Monitoring and Communication
        01:17
      • Risk Monitoring and Communication
        00:38
      • Other Communications
        01:25
      • Section Review
        01:01
    • Knowledge Check

      • Knowledge Check 2
    • Domain 03: Information Security Program Development and Management

      4:07:00
      • Introduction
        00:30
      • Lesson 1: Development of Information Security Program
        02:50
      • Importance of the Program
        00:52
      • Outcomes of Security Program Development
        01:47
      • Effective Information Security Program Development
        04:59
      • Lesson 2: Information Security Program Objectives
        01:55
      • Cross Organizational Responsibilities
        00:10
      • Program Objectives Part 1
        02:23
      • Program Objectives Part 2
        01:18
      • Defining Objectives Part 1
        02:11
      • Defining Objectives Part 2
        01:08
      • Lesson 3: Information Security Program Development Concepts Part 1
        04:02
      • Information Security Program Development Concepts Part 2
        05:39
      • Technology Resources
        02:44
      • Information Security Manager
        01:25
      • Lesson 4: Scope and Charter of Information Security Program Development
        00:30
      • Assurance Function Integration
        01:35
      • Challenges in Developing Information Security Program
        01:54
      • Pitfalls
        02:48
      • Objectives of the Security Program
        02:06
      • Program Goals
        02:52
      • The Steps of the Security Program
        01:46
      • Defining the Roadmap Part 1
        01:38
      • Defining the Roadmap Part 2
        00:58
      • Elements of the Roadmap Part 1
        01:18
      • Elements of the Roadmap Part 2
        00:34
      • Elements of the Roadmap Part 3
        01:57
      • Elements of the Roadmap Part 4
        01:17
      • Elements of the Roadmap Part 5
        00:18
      • Gap Analysis
        00:44
      • Lesson 5: Information Security Management Framework
        00:15
      • Security Management Framework
        04:55
      • COBIT 5
        05:59
      • ISO/IEC 27001
        04:30
      • Lesson 6: Information Security Framework Components
        00:13
      • Operational Components Part 1
        01:56
      • Operational Components Part 2
        03:11
      • Management Components
        01:31
      • Administrative Components
        03:29
      • Educational and Informational Components
        01:25
      • Lesson 7: Information Security Program Resources
        01:32
      • Resources
        03:27
      • Documentation
        00:54
      • Enterprise Architecture Part 1
        04:29
      • Enterprise Architecture Part 2
        01:54
      • Enterprise Architecture Part 3
        01:11
      • Controls as Strategy Implementation Resources Part 1
        03:42
      • Controls as Strategy Implementation Resources Part 2
        02:19
      • Controls as Strategy Implementation Resources Part 3
        04:35
      • Controls as Strategy Implementation Resources Part 4
        02:19
      • Common Control Practices
        01:41
      • Countermeasures
        00:37
      • Technologies Part 1
        01:13
      • Technologies Part 2
        01:52
      • Technologies Part 3
        01:39
      • Technologies Part 4
        05:38
      • Personnel Part 1
        02:00
      • Personnel Part 2
        02:56
      • Security Awareness
        01:28
      • Awareness Topics
        05:18
      • Formal Audits
        01:16
      • Compliance Enforcement
        01:03
      • Project Risk Analysis
        03:09
      • Other Actions
        02:58
      • Other Organizational Support
        01:21
      • Program Budgeting Part 1
        01:03
      • Program Budgeting Part 2
        02:19
      • Lesson 8: Implementing an Information Security Program
        00:13
      • Policy Compliance
        02:38
      • Standards Compliance
        02:44
      • Training and Education
        01:43
      • ISACA Control Objectives
        03:52
      • Third-party Service Providers Part 1
        01:08
      • Third-party Service Providers Part 2
        04:22
      • Integration into Lifecycle Processes
        02:14
      • Monitoring and Communication
        03:33
      • Documentation
        01:33
      • The Plan of Action Part 1
        01:17
      • The Plan of Action Part 2
        01:36
      • Lesson 9: Information Infrastructure and Architecture
        00:53
      • Managing Complexity Part 1
        04:42
      • Managing Complexity Part 2
        01:45
      • Objectives of Information Security Architectures Part 1
        01:30
      • Objectives of Information Security Architectures Part 2
        01:15
      • Physical and Environmental Controls
        03:32
      • Lesson 10: Information Security Program
        03:03
      • Information Security Program Deployment Metrics
        02:27
      • Metrics
        02:02
      • Strategic Alignment
        00:53
      • Risk Management
        01:41
      • Value Delivery
        00:35
      • Resource Management
        01:22
      • Assurance Process Integration
        00:27
      • Performance Measurement
        00:41
      • Security Baselines
        00:38
      • Lesson 11: Security Program Services and Operational Activities
        00:48
      • IS Liaison Responsibilities Part 1
        10:17
      • IS Liaison Responsibilities Part 2
        02:28
      • Cross-Organizational Responsibilities
        01:34
      • Security Reviews and Audits Part 1
        03:27
      • Security Reviews and Audits Part 2
        01:38
      • Management of Security Technology
        01:25
      • Due Diligence Part 1
        04:10
      • Due Diligence Part 2
        01:36
      • Compliance Monitoring and Enforcement Part 1
        02:02
      • Compliance Monitoring and Enforcement Part 2
        01:46
      • Assessment of Risk and Impact Part 1
        02:16
      • Assessment of Risk and Impact Part 2
        01:28
      • Outsourcing and Service Providers
        02:33
      • Cloud Computing Part 1
        01:36
      • Cloud Computing Part 2
        01:54
      • Cloud Computing Part 3
        02:23
      • Integration with IT Processes
        00:42
      • Section Review
        01:13
    • Knowledge Check

      • Knowledge Check 3
    • Domain 04: Information Security Incident Management

      3:31:11
      • Lesson 1: Incident Management Overview Part 1
        00:47
      • Incident Management Overview Part 2
        03:08
      • Incident Management Overview Part 3
        03:45
      • Types of Events Part 1
        02:43
      • Types of Events Part 2
        03:20
      • Goals of Incident Management Part 1
        04:45
      • Goals of Incident Management Part 2
        06:31
      • Goals of Incident Management Part 3
        03:26
      • Lesson 2: Incident Response Procedures Part 1
        00:23
      • Incident Response Procedures Part 2
        03:40
      • Importance of Incident Management
        01:53
      • Outcomes of Incident Management
        03:50
      • Incident Management
        01:34
      • Concepts Part 1
        02:07
      • Concepts Part 2
        01:35
      • Concepts Part 3
        01:34
      • Incident Management Systems Part 1
        04:02
      • Incident Management Systems Part 2
        00:53
      • Lesson 3: Incident Management Organization
        02:30
      • Responsibilities Part 1
        03:01
      • Responsibilities Part 2
        02:58
      • Responsibilities Part 3
        05:10
      • Senior Management Commitment
        01:02
      • Lesson 4: Incident Management Resources
        00:25
      • Policies and Standards
        00:36
      • Incident Response Technology Concepts
        00:42
      • Personnel
        03:11
      • Roles and Responsibilities (eNotes)
        03:10
      • Skills
        08:09
      • Awareness and Education
        01:20
      • Audits
        02:49
      • Lesson 5: Incident Management Objectives
        00:17
      • Defining Objectives
        00:48
      • The Desired State
        02:36
      • Strategic Alignment
        06:42
      • Other Concerns
        02:32
      • Lesson 6: Incident Management Metrics and Indicators
        04:55
      • Implementation of the Security Program Management
        03:01
      • Management Metrics and Monitoring Part 1
        00:21
      • Management Metrics and Monitoring Part 2
        02:48
      • Other Security Monitoring Efforts
        01:55
      • Lesson 7: Current State of Incident Response Capability
        00:11
      • Threats
        04:39
      • Vulnerabilities
        04:09
      • Lesson 8: Developing an Incident Response Plan
        00:44
      • Elements of an Incident Response Plan
        00:53
      • Gap Analysis
        03:05
      • BIA Part 1
        03:04
      • BIA Part 2
        02:48
      • Escalation Process for Effective IM
        02:41
      • Help Desk Processes for Identifying Security Incidents
        01:27
      • Incident Management and Response Teams
        01:30
      • Organizing, Training, and Equipping the Response Staff
        01:55
      • Incident Notification Process
        00:55
      • Challenges in making an Incident Management Plan
        00:56
      • Lesson 9: BCP/DRP
        07:49
      • Goals of Recovery Operations Part 1
        02:02
      • Goals of Recovery Operations Part 2
        01:57
      • Choosing a Site Selection Part 1
        05:37
      • Choosing a Site Selection Part 2
        00:45
      • Implementing the Strategy
        03:58
      • Incident Management Response Teams
        02:10
      • Network Service High-availability
        04:17
      • Storage High-availability
        04:01
      • Risk Transference
        01:27
      • Other Response Recovery Plan Options
        01:29
      • Lesson 10: Testing Response and Recovery Plans
        00:18
      • Periodic Testing
        01:17
      • Analyzing Test Results Part 1
        02:06
      • Analyzing Test Results Part 2
        03:39
      • Measuring the Test Results
        00:57
      • Lesson 11: Executing the Plan
        01:56
      • Updating the Plan
        01:15
      • Intrusion Detection Policies
        01:38
      • Who to Notify about an Incident
        01:52
      • Recovery Operations
        01:53
      • Other Recovery Operations
        01:57
      • Forensic Investigation
        02:02
      • Hacker / Penetration Methodology
        11:50
      • Section Review
        01:15
      • Sequence 05
        01:53
    • Knowledge Check

      • Knowledge Check 4
    • {{childObj.title}}

      • {{childObj.childSection.chapter_name}}

        • {{lesson.title}}
      • {{lesson.title}}

    View More

    View Less

Exam & certification FREE PRACTICE TEST

  • To become CISM certified, you must meet the following requirements:

    • Successful completion of the CISM examination
    • Adherence to the ISACA Code of Professional Ethics
    • Agree to comply with the Continuing Education Policy
    • Five years of work experience in the field of information security, three of which must be as an information security manager. Work experience must be gained in three of the four CISM domains. All information must be verified independently by employers.
    • Submit an application for CISM certification within five years from the date of initially passing the exam

     
    For additional information on how to become a certified CISM professional and to understand the CISM certification requirements, please visit:
    http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/How-to-Become-Certified/Pages/default.aspx

  • To become a CISM certified professional, you need to fulfill the following criteria:
    • A completed application must be submitted within 5 years from the date of initially passing the examination.
    • All experience must be verified independently with employers.
    • This experience must have been gained within the 10-year period preceding the application date for certification or within five years of passing the examination.
    • Three (3) years of the five (5) years of work experience must be gained performing the role of an information security manager
    • In addition, this work experience must be broad and gained in three (3) of the four (4) CISM® domains

  • What do I need to do to unlock my certificate?

    Online Self-learning
    • Complete 85% of the course
    • Complete one simulation test with a minimum score of 60%

Course advisor

Dean Pompilio
Dean Pompilio Technical Trainer, Owner- Steppingstonesolutions Inc

Mr.Pompilio has been an IT Professional since 1989. He has worn many hats along the way and holds over 20 IT certifications which include EC-Council CEI, CEH, CHFI, CISSP, CISA, CISM. His passion is to help IT professionals achieve their training goals and career growth.

    FAQs

    • What do I get with the training program?

      You will gain access to our e-learning content, practice simulation tests to help you tackle the toughest CISM exam questions and an online participant handbook to cross-reference an reinforce your learning.

    • Is the exam fee included in the course fee?

      No. The CISM exam fee is not included in the course fee as it is directly paid to ISACA for membership, application and examination.

    • What is the structure of the CISM certification exam?

      ISACA uses and reports scores on a common scale of 200 to 800. For example, the scaled score of 800 represents a perfect score with all questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly. You must achieve a score of 450 or higher to pass the CISM exam.

    • What is the CISM certification cost?

      The CISM Certification cost varies from $450 - $760 based on the type of registration and whether you are a registered member or not.
       
      For additional information, please visit:
      http://www.isaca.org/certification/pages/exam-registration.aspx

    • What certification will I receive after completing the training?

      After successful completion of the CISM training, you will be awarded the course completion certificate along with the 16 CPE certificate from Simplilearn.

    • What is the date of the next CISM exam?

      CISM exams are conducted three times a year, in July, September and December. To find exam locations and dates please visit: www.isaca.org/certification/pages/exam-locations.aspx

    • Can I defer my exam?

      If you are unable to take the exam, you can request a deferral of your registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit: http://www.isaca.org/certification/pages/exam-deferral.aspx.

    • Do you provide assistance for the exam application process?

      Yes, we do provide assistance for the exam application process. You can submit any questions or concerns you have at community.simplilearn.com.

    • How does Simplilearn assure that the material and the training delivered are effective?

      Our CISM certification training is designed for you to pass the exams on your first attempt. With a hands-on learning approach and Global Learning Framework, the training not only gives you the confidence to pass the exam, but also helps you retain knowledge beyond the exam.

    • If I need to cancel my enrollment, can I get a refund?

      Yes, you can cancel your enrollment if necessary. We will refund the course price after deducting an administration fee. To learn more, please read our Refund Policy.

    • How can I learn more about this training program?

      Contact us using the form on the right of any page on the Simplilearn website, or select the Live Chat link. Our customer service representatives can provide you with more details.

    • What is Global Teaching Assistance?

      Our teaching assistants are a dedicated team of subject matter experts here to help you get certified in your first attempt. They engage students proactively to ensure the course path is being followed and help you enrich your learning experience, from class onboarding to project mentoring and job assistance. Teaching Assistance is available during business hours.

    • What is covered under the 24/7 Support promise?

      We offer 24/7 support through email, chat, and calls. We also have a dedicated team that provides on-demand assistance through our community forum. What’s more, you will have lifetime access to the community forum, even after completion of your course with us.

    • Disclaimer
    • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.