(CISM) Certified Information Security Manager

DOMAIN 1: INFORMATION SECURITY GOVERNANCE

• Alignment of policy security information on the business strategy and direction.
• Policy security information development.
• Commitment of senior management and support for information security across the enterprise.
• Roles and responsibilities in the governance of information security.
• Exercices : questions from previous sessions (CISM or comparable examinations).

DOMAIN 2: INFORMATION RISK MANAGEMENT AND COMPLIANCE

• Development of a systematic and analytical approach and the ongoing process of risk management.
• Identification, analysis and risk assessment.
• Definition of strategies risk treatment.
• Risk management communication.
• Exercices : questions from previous sessions (CISM or comparable examinations).

DOMAIN 3: INFORMATION SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT

• The safety information architecture.
• Methods to define the required security measures.
• Contract management and information security requirements.
• Metrics and evaluation of IT security performance.
• Exercices : questions from previous sessions (CISM or comparable examinations).

DOMAIN 4: INFORMATION SECURITY INCIDENT MANAGEMENT

• Components of a security incident management plan.
• Concepts and practices in the management of security incidents.
• Method classification.
• Notification and escalation process.
• Detection techniques and incidents analysis.
• Exercices : questions from previous sessions (CISM or comparable examinations).

PREPARATION AND CERTIFICATION

• Partial simulation of the review conducted at the end of the training.
• Subscribe to the www.isaca.org site, the registration deadline was made two months before the date of the examination.
• Duration and conduct of the exam : 3 hours with 150 questions (review available only in English).