Certified Information Security Manager (CISM): Part 1 — Foundations
The CISM (Certified Information Security Manager) is one of the most-in demand certifications for information security professionals worldwide. It has been developed and maintained by ISACA at the highest level of quality to meet the ANSI standard 17024 of 2012, a very strict standard that sets a very high bar for the training and certifying of professionals. Shared with the ISO, the 17024 ensures that the CISM is recognized and accepted by the security profession, commercial employers, and government agencies worldwide.
This learning path lays the foundation for your studies towards the CISM certification, before taking our ‘CISM Domains’ Learning Path (to be released soon!), but even if you’re not interested in taking the exam, you will obtain a comprehensive understanding of information security that will ultimately be useful for you and your organization.
We begin with an introduction to the CISM: background information about the certification, how you will be assessed, how the exams are structured and carried out, the requirements of the exam, and recommendations for passing. We then move on to look at security topics themselves.
This learning path covers risk appetite, tolerance, and capacity, cost considerations for managing risk, risk analysis and risk management frameworks, controlling and monitoring security threats, and risk management strategies and metrics.
We'll also take a look at business continuity and disaster recovery method and strategies and look at how we can test their efficacy within an organization. You'll learn about cybersecurity and how to keep your cloud infrastructure safe.
After completing this learning path, you’ll have a solid grounding in the subject of information security and will be ready to move on to the CISM Domains to learn about the specific topics within the assessment criteria for the CISM Certification. You can find out CISM Domains learning path here. If you have any feedback relating to this learning path, feel free to tell us about it at firstname.lastname@example.org.
- Understand the CISM certification: the structure, requirements, and tips for passing
- Understand how to analyze risk, control and measure it, and put controls in place to minimize it
- Learn about business continuity and disaster recovery planning and how to test it
- Learn about cybersecurity and cloud security
- Gain a solid understanding of the various security frameworks that exist
- Learn how to build security into your infrastructure and create a security-aware culture in your organization
This learning path is intended for those looking to take the CISM (Certified Information Security Manager) exam or anyone who wants to improve their understanding of information security.
Any experience relating to information security would be advantageous, but not essential. All topics discussed are thoroughly explained and presented in a way allowing the information to be absorbed by everyone, regardless of experience within the security field.
Mr. Leo has been in Information System for 38 years, and an Information Security professional for over 36 years. He has worked internationally as a Systems Analyst/Engineer, and as a Security and Privacy Consultant. His past employers include IBM, St. Luke’s Episcopal Hospital, Computer Sciences Corporation, and Rockwell International. A NASA contractor for 22 years, from 1998 to 2002 he was Director of Security Engineering and Chief Security Architect for Mission Control at the Johnson Space Center. From 2002 to 2006 Mr. Leo was the Director of Information Systems, and Chief Information Security Officer for the Managed Care Division of the University of Texas Medical Branch in Galveston, Texas.
Upon attaining his CISSP license in 1997, Mr. Leo joined ISC2 (a professional role) as Chairman of the Curriculum Development Committee, and served in this role until 2004. During this time, he formulated and directed the effort that produced what became and remains the standard curriculum used to train CISSP candidates worldwide. He has maintained his professional standards as a professional educator and has since trained and certified nearly 8500 CISSP candidates since 1998, and nearly 2500 in HIPAA compliance certification since 2004. Mr. leo is an ISC2 Certified Instructor.