CISM® Preparation Course

Register nowBook as incompany

What will you learn?

  • 9Establish and maintain an information security governance framework and supporting processes;
  • 9Manage information risk to an acceptable level based on risk appetite;
  • 9Develop and maintain an information security program;
  • 9Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents;

Information

  • 5 course days
  • 20 hours of self study
  • €3.450,- excluding VAT

Your trainers

Geert Vandenbranden
Information Security,
Data Protection

& Business Continuity

About Geert

Geert Vandenbranden has extensive experience in ICT (23 years), Information Security (18 years) and Business Continuity (14 years), at strategic, tactical and technical level. In ’93 he started as an IT analyst, distributed service architect and middleware release manager at a large bank. When he started working for a major system integrator, he took on the role of network administrator and Windows security specialist. After a successful Y2K transition, he took advantage of his Windows and network security experience and started working as a Security Engineer and Consultant, rapidly evolving into Information Security Consultancy, providing information on security management and management, business continuity and risk management services.
In addition to these advisory activities, he managed corresponding competence centers, providing tools, reference information, knowledge, training and educational support to colleagues and customers.

Rob van der Staaij
Cybersecurity &
Identity & Access Management

About Rob

Rob has more than twenty years of experience in many organizations and sectors. Rob is also affiliated with the University of Groningen, Faculty of Law, Department of Criminal Law and Criminology, where he focuses on cyber crime and cyber security. He gives presentations at international conferences and has published dozens of articles and various books.

Rob is analytical and has a broad knowledge of cyber security. He finds it a challenge to explain complex subjects in clear and simple language.

Theo Heinsbroek
Security Officer

About Theo

Theo Heinsbroek has over 10 years of experience in the field of information security, identity and access management, risk management and IT audit. In these areas, Theo advises clients on compliance with laws and regulations, risk management and operational effectiveness. Larger organizations in various branches in the Netherlands belong to the clientele. SeKuRiGo helps organizations make strategic and tactical choices in the areas of information security, identity and access management, risk management and IT audit.

About the CISM® Preparation course

The CISM® Preparation Course is intended for students who are involved with or have the ambition to manage security programs in the organization. It benefits professionals who want to focus on the managerial aspect of information security, without necessarily diving into the inner workings of different information security concepts. It also benefits students that want to make the next step in their career, transitioning from a technical to a management role. Typical attendees of this training include security managers, CISO’s, IT Managers, information security officers, security consultants, security program managers and IT Auditors

Prerequisites

The CISM® Preparation Course is intended for students who are involved with or have the ambition to manage security programs in the organization. It benefits professionals who want to focus on the managerial aspect of information security, without necessarily diving into the inner workings of different information security concepts. It also benefits students that want to make the next step in their career, transitioning from a technical to a management role. Typical attendees of this training include security managers, CISO’s, IT Managers, information security officers, security consultants, security program managers and IT Auditors

Who should attend?

At the start of the training you will receive the course materials through our student portal. The course materials are in English and the language during the course is either English or Dutch, depending on the students participating.

Classroom training or Online Live?

  • Classroom Training: You’re our guest and threated as such

When you take our Classroom Training you are our guest, and that’s how we’ll threat you! You’ll train in an inspiring training environment handpicked based on the highest quality standards. All trainings include a delicious lunch, when you register to your training you can indicate any dietary requirements that we should consider.

  • Online Live Training: Prepare, train and certify from the comfort of your home or work

For those of you preferring an online experience, we offer Online Live Training through the SECO – Institute Online Learning Platform based on BigBlueButton, a secure platform specifically designed for Online Training that requires collaboration and (hands on) exercises. Course materials are delivered via a designated Student Portal prior to your training. For the SECO – Institute trainings, the examination is also conducted online via a certified Proctor. Everything you need to prepare, train and certify from the comfort of your home or work.

* Our classroom trainings are delivered in Dutch or English, depending on the composition of the student group
* Our Online Live Trainings are delivered either in Dutch or in English. Make sure that you register for the right class!

The following is included:

  • The official ISACA CISM® course materials
  • Additional course materials (slides, use cases, exam questions)
  • Practice exam, evaluation and discussion on the last day
  • A delicious lunch

Course modules

Module 1: Information Security Governance

‘Establish and maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives’

This module evaluates the organization and management of the information security function within the organization and its objectives. This includes describing information security goals (in measurable terms), determining roles and responsibilities, describing the current and desired situation, performing a gap analysis, translated to a plan of action; to work!

Topics covered:

  • Develop an information security strategy aligned with business goals and objectives
  • Align information security strategy with corporate governance
  • Develop business cases justifying investment in information security
  • Identify current and potential legal and regulatory requirements affecting information security.
  • Identify drivers affecting the organization and their impact on information security
  • Obtain senior management commitment to information security.
  • Define roles and responsibilities for information security throughout the organization
  • Establish internal and external reporting and communication channels that support information security.

Module 2: Information Risk Management and Compliance

‘Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives’

This module provides insight into formulating a risk management strategy, associated roles and responsibilities, determining the risk management framework, performing risk gap analysis, assessing and treating options for risks, integrating with life cycle processes, working with baseline measures, as well as risk monitoring and communication.

Topics covered:

  • Establish a process for information asset classification and ownership
  • Implement a systematic and structured information risk assessment process.
  • Ensure that business impact assessments are conducted periodically.
  • Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
  • Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels
  • Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., project management, development, procurement and employment life cycles).
  • Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and event-driven basis.

Module 3: Information Security Program Development

‘Develop an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture’

Here you’ll start translating the action plan made in module 1 into an information security program: You’ll determine program objectives and the scope of the program, perform a gap analysis of the current and desired situation with regard to the development and management of an IB program, paying attention to IB architectures, management tasks, operational aspects of the program -implementation, the importance of third parties, types of measures that can be implemented and establish metrics to evaluate the effectiveness of the information security program.

Topics covered:

  • Develop and maintain plans to implement the information security strategy.
  • Specify the activities to be performed within the information security program.
  • Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources (HR), quality, IT).
  • Identify internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
  • Ensure the development of information security architectures (e.g., people, processes, technology).
  • Establish, communicate and maintain information security policies that support the security strategy
  • Design and develop a program for information security awareness, training and education.
  • Ensure the development, communication, and maintenance of standards, procedures and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.
  • Integrate information security requirements into the organization’s processes (e.g., change control, mergers and acquisitions) and life cycle activities (e.g., development, employment, procurement).
  • Develop a process to integrate information security controls into contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties).
  • Establish metrics to evaluate the effectiveness of the information security program.

Module 4: Managing an Information Security Program

‘In module 3 you evaluated Information Security Program Development. In this module you will learn how to manage that security program which you just developed’

Topics covered:

  • Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
  • Ensure that processes and procedures are performed in compliance with the organization’s information security policies and standards.
  • Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.
  • Ensure that information security is an integral part of the systems development process and acquisition processes.Ensure that information security is maintained throughout the organization’s processes (e.g., change control, mergers and acquisitions) and life cycle activities (e.g., development, employment, procurement).
  • Provide information security advice and guidance (e.g., risk analysis, control selection) in the organization.
  • Provide information security awareness, training and education to stakeholders (e.g., business process owners, users, information technology).
  • Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
  • Ensure that noncompliance issues and other variances are resolved in a timely manner.

Module 5: Incident Management and Response

‘Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact’

And what if the unexpected happens, when an incident turns into a disaster? Incident response goals and procedures must be developed, a competent and trained incident response team established, including incident response plans, disaster recovery plans and procedures in place. Those plans need to be extensively tested and integrated with the organization’s disaster recovery (DR) and business continuity plan. And after an incident, reviews to identify its causes must be conducted, corrective actions defined and risk reassessed.

Topics covered:

  • Develop and implement processes for detecting, identifying, analyzing and responding to information security incidents
  • Establish escalation and communication processes and lines of authority.
  • Develop plans to respond to, and document, information security incidents.
  • Establish the capability to investigate information security incidents (e.g. forensics, evidence collection and preservation, log analysis, interviewing).
  • Develop a process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).
  • Integrate information security incident response plans with the organization’s disaster recovery (DR) and business continuity plan.
  • Organize, train, and equip teams to respond to information security incidents.
  • Periodically test and refine information security incident response plans.
  • Manage the response to information security incidents.
  • Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk.

Practice Exam

On the last day of training you’ll take an extensive test exam, so that you can judge for yourself to what extent you are ready for the official CISM® exam and which domains need some more attention. The test exam is followed up with an evaluation and interactive discussion.

About the Exam

The CISM® exam is conducted by ISACA® and is not included in the course. From the moment that you first register for an exam, you have one year to successfully complete it (including second attempts). The minimum time in between two consecutive attempts is set at 48 hours. After successful completion of the CISM® exam (and if you have the required working experience) you can apply for your CISM® title at ISACA®.

It’s important as an information security manager to understand the domains covered (not just to pass the exam, but to provide value to the Information Security Management process). The CISM® is a theoretical exam that requires a lot of detailed knowledge. You’ll need to spend a good portion of your time on self – study after the training towards exam preparation. The stated amount of self-study is a minimum. This may very well be higher and varies greatly from person to person.

Practical Information

  • Course times: 9 am to approximately 4:30 pm. The coffee is ready at 8:30.
  • Lunch is included and consists of a buffet with, among other things, fresh sandwiches. Do you have allergies or dietary requirements? Please communicate this in time.
  • Training location:
    Quinten Matsijslei 25
    2018 Antwerp
    Belgium
  • By participating in a course or training you agree with our terms and conditions

Register now

Book as incompany or stay up to date