CISM: Information Security Program Development and Management (Part 4)

Experienced IT security professionals seeking to pass the Certified Information Security Manager (CISM) exam, or otherwise gain knowledge in managing, designing, and overseeing an enterprise’s information security

Please contact us for information about prerequisites.

Expected Duration
120 minutes

Information security programs typically have numerous operational responsibilities and provide a variety of security services. While programs vary from organization to organization, there are operations and services that are typically found in all well conceived security programs. This course examines the activities and responsibilities of an information security manager related to operations and services within an organization. The course will examine different organizational units such as IT, HR, and Legal that are affected by security programs, and how their needs are integrated into the program. This course also examines how audits and compliance enforcement are performed. Finally, this course examines how technology – both legacy and new technologies such as cloud computing – are managed in modern security programs. This course prepares you for the Certified Information Security Manager (CISM) exam and follows the 2015 ISACA Candidate Information Guide.


Operational Responsibilities

  • match information organizational roles to their corresponding responsibilities
  • determine the responsibilities of individuals within an organization related to standard security program components
  • sequence the steps of a security review, given a scenario
  • identify key points regarding audits that an information security manager should remember during program implementation
  • identify preventive measures that minimize security risk
  • identify the responsibilities of an information security manager with relation to compliance monitoring and enforcement
  • recognize the results of commonly used risk analysis methods
  • recognize the responsibilities of an information security manager related to monitoring and compliance

Integration and Outsourcing Responsibilities

  • identify activities that allow an information security manager to integrate a security program within an organization
  • recognize strategies for managing risk of outsourcing when using third-party service providers
  • recognize examples of cloud computing models
  • recognize the responsibilities of an information security manager related to process integration and outsourcing





Multi-license discounts available for Annual and Monthly subscriptions.