Certified Information Security Manager

Certified Information Security Manager

USD 1,620.00

Faculty Instructors: Goutama Bachtiar

Five day course. Growing demand for Information Security (InfoSec) management skills has led to the ISACA’s Certified Information Security Manager (CISM) becoming a leading InfoSec professional certification around the world. It will provide you with the international practices and assurance to implement effective InfoSec management and consulting services. Register for this course.

Clear selection
Download Course Programme PDF

Course Information

Module 01 Understanding Information Security Governance

1.1. Effective Information Security Governance; 1.2. Key Information Security Concepts and Issues; 1.3. The IS Manager; 1.4. Scope and Charter of Information Security Governance; 1.5. IS Governance Metrics; 1.6. Developing an IS Strategy – Common Pitfalls; 1.7. IS Strategy Objectives; 1.8. Determining Current State of Security; 1.9. Strategy Resources; 1.10. Strategy Constraints; 1.11. Action Plan Immediate Goals; 1.12. Action Plan Intermediate Goals.

Module 02 Conducting Risk Management and Compliance

2.1. Effective Information Security Risk Management; 2.2. Integration into Life Cycle Processes; 2.3. Implementing Risk Management; 2.4. Risk Identification and Analysis Methods.

Module 03 Valuing Information Security Programme Development and Management

3.1. Planning; 3.2. Security Baselines; 3.3. Business Processes; 3.4. Infrastructure; 3.5. Malicious Code (Malware); 3.6. Life Cycles; 3.7. Impact on End Users; 3.8. Accountability; 3.9. Security Metrics; 3.10. Managing Internal and External Resources.

Module 04 Comprehending Information Security Management

4.1. Implementing Effective Information Security Management; 4.2. Security Controls and Policies; 4.3. Standards and Procedures; 4.4. Trading Partners and Service Providers; 4.5. Security Metrics and Monitoring; 4.6. The Change Management Process; 4.7. Vulnerability Assessments; 4.8. Due Diligence; 4.9. Resolution of Non-Compliance Issues; 4.10. Culture, Behaviour and Security Awareness.

Module 05 Valuing Information Security Response and Incident Management

5.1. Performing a Business Impact Analysis; 5.2. Developing Response and Recovery Plans; 5.3. Incident Response Processes; 5.4. Executing Response and Recovery Plans; 5.5. Documenting Events; 5.6. Post Event Reviews.


14 – 18 Mar | Kuala Lumpur, Malaysia

Examination Details

1. ISACA provides an Exam Candidate Information Guide. ISACA also provides a CISM Self Assessment Test to help you assess your knowledge.
2. 200 multiple choice question exam; test time of 4 hours. Passing score is 450. A retake is permitted.
3.The exam is paper-based and may be taken at selected test centres around the world.

The qualification

Passing the exam does not grant the CISM designation – you must also earn the required job experience and submit a CISM application.

Exam fees

The exam fees are not included in the registration fees quoted and are to be purchased separately at ISACA. All information pertaining to registering for the exam, exam dates, test centres and maintaining your CISM is on the ISACA website.

Certification by :ISACA

ISACA is an independent, non profit, global association which engages in the development, adoption and global use of accepted, industry-leading knowledge and practices for information systems. With more than 100,000 members worldwide, ISACA provides practical guidance, benchmarks and other tools for the enterprise that uses information systems.


Target Audience

1. New or experienced IT/Info Security/Information Systems executives,managers or consultants;
2. Compliance personnel;
3. Risk Managers, IT Security Auditors, Internal Auditors, External Auditors;
4. Those who are involved in or who manage Info Security functions within their organisations or deliver such services to their clients.

Learning Objectives

At the end of the course, you will be able to :
i) implement InfoSec governance;
ii) improve and enhance InfoSec processes;
iii)understand Cost Benefit Analysis to manage risks;
iv) value security metrics design, development and implementation;
v) conduct InfoSec Due Diligence and review the infrastructure;
vi) analyse, handle and manage security events;
vii) comprehend InfoSec requirements in planning, testing and maintenance; and
viii) test Disaster Recovery for infrastructure and critical business applications.

Job Practice Areas

1. A job practice serves the basis for the exam and experience requirements to earm the CISM. Each job practice comprises tasks and knowledge statements.

2. The four domains are :
i) Domain 1 – Information Security Governance (24%);
ii) Domain 2 – Information Risk Management and Compliance (33%);
iii) Domain 3 – Information Security Programme Development and Management (25%); and
iv) Domain 4 – Information Security Incident Management (18%).

Training Methodology

30 percent of the time will be devoted to important concepts and theory.70 percent will be allocated for discussion, presentation and case studies. Active participation through individual work and collaborative effort is encouraged.


You should have an educational background or working experience in Information Systems, Information Security, IT Security or IT.

Important Note

This course is brought to you in partnership with Goutama Bachtiar.

Training Grants – applicable to courses in Malaysia

Vertical Distinct Sdn Bhd is a PSMB (Pembangunan Sumber Manusia Berhad) Approved Training Provider and the courses offered in Malaysia are HRDF (Human Resource Development Fund) claimable. For guidelines and details on how to submit your application or claims to the HRDF, please visit HRDF.

Ask a question