Certified Information Security Manager (CISM) Course Agenda
Domain 01: Information Security Governance
Lesson 1: Information Security Governance Overview
Lesson 2: Effective Information Security Governance
Lesson 3: Information Security Concepts and Technologies
Lesson 4: Information Security Manager
Lesson 5: Scope and Charter of Information Security Governance
Lesson 6: Information Security Governance Metrics
Lesson 7: Information Security Strategy Overview
Lesson 8: Creating an Information Security Strategy
Lesson 9: Determining the Current State Of Security
Lesson 10: Information Security Strategy Development
Lesson 11: Strategy Resources
Lesson 12: Strategy Constraints
Lesson 13: Action Plan to Implement Strategy.

Domain 02: Information Risk Management and Compliance
Lesson 1: Risk Management Overview
Lesson 2: Good Information Security Risk Management
Lesson 3: Information Security Risk Management Concepts
Lesson 4: Implementing Risk Management
Lesson 5: Risk Assessment
Lesson 6: Controls Countermeasures
Lesson 7: Recovery Time Objectives
Lesson 8: Risk Monitoring and Communication

Domain 03: Information Security Program Development and Management
Lesson 1: Development of Information Security Program
Lesson 2: Information Security Program Objectives
Lesson 3: Information Security Program Development Concepts
Lesson 4: Scope and Charter of Information Security Program Development
Lesson 5: Information Security Management Framework
Lesson 6: Information Security Framework Components

Domain 04: Information Security Incident Management
Lesson 1: Incident Management Overview
Lesson 2: Incident Response Procedures
Lesson 3: Incident Management Organization
Lesson 4: Incident Management Resources
Lesson 5: Incident Management Objectives
Lesson 6: Incident Management Metrics and Indicators
Lesson 7: Current State of Incident Response Capability
Lesson 8: Developing an Incident Response Plan

Course Outline
General Information About the Exam
• About the CISA Exam
• Answering Questions
• Exam Scoring
• Certification Steps
• Example Questions
Domain 1: Information System Auditing Process
• Planning
o IS Audit Standards, Guidelines and Codes of Ethics
o Business Processes
o Types of Controls
o Risk-based Audit Planning
o Types of Audits and Assessments
• Execution
o Audit Project Management
o Sampling Methodology
o Audit Evidence Collection Techniques
o Data Analytics
o Reporting and Communication Techniques
o Quality Assurance and Improvement of the Audit Process
Domain 2: Governance and Management of IT
• IT Governance and IT Strategy
o IT-related Frameworks
o IT Standards, Policies and Procedures
o Organizational Structure
o Enterprise Architecture
o Enterprise Risk Management
o Maturity Models
o Laws, Regulations and Industry Standards Affecting the Organization
• IT Management
o IT Resource Management
o IT Service Provider Acquisition and Management
o IT Performance Monitoring and Reporting
o Quality Assurance and Quality Management of IT
Domain 3: Information Systems Acquisition, Development and Implementation
• Information Systems Acquisition and Development
o Project Governance and Management
o Business Case and Feasibility Analysis
o System Development Methodologies
o Control Identification and Design
• Information Systems Implementation
o Testing Methodologies
o Configuration and Release Management
o System Migration, Infrastructure Deployment and Data Conversion
o Post-implementation Review
Domain 4: IS Operations and Business Resilience
• Information Systems Operations
o Common Technology Components
o IT Asset Management
o Job Scheduling and Production Process Automation
o System Interfaces
o End-user Computing
o Data Governance
o Systems Performance Management
o Problem and Incident Management
o Change, Configuration, Release and Patch Management
o IT Service Level Management
o Database Management
• Business Resilience
o Business Impact Analysis
o System Resiliency
o Data Backup, Storage and Restoration
o Business Continuity Plan
o Disaster Recovery Plans
Domain 5: Information Asset Security and Control
• Information Asset Security Frameworks, Standards and Guidelines
o Privacy Principles
o Physical Access and Environmental Controls
o Identity and Access Management
o Network and End-point Security
o Data Classification
o Data Encryption and Encryption-related Techniques
o Public Key Infrastructure
o Web-based Communication Technologies
o Virtualized Environments
o Mobile, Wireless and Internet-of-things Devices
• Security Event Management
o Security Awareness Training and Programs
o Information System Attack Methods and Techniques
o Security Testing Tools and Techniques
o Security Monitoring Tools and Techniques
o Incident Response Management
o Evidence Collection and Forensics