LENGTH: 5 days

International Security Expert Practitioner: Krag Brotby, CISM, CGEIT
Principal author and editor of the official ISACA CISM Review Manual

OVERVIEW

CISM defines the core competencies and international standards of performance that professional information security managers are expected to master. It provides executive management with the assurance that those who have earned their CISM have the experience and knowledge to offer effective business oriented security management and advice.

This 5-day boot camp is presented by international security expert Krag Brotby, principal author and editor of the official ISACA CISM Review manual since 2005. The training provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information security manager. In the process the course provides outstanding preparation for the CISM exam.

Whether preparing for the CISM exam or providing training to ensure a standard and comprehensive proficiency baseline for information security, this intensive five-day boot camp provides the skills and knowledge of the core competencies required by the successful information security manager.

This 5-day intensive boot camp is structured to follow the CISM review manual and examination flow. A full day is provided for each of the core competencies and associated task and knowledge statements, thereby ensuring a detailed and thorough coverage of all areas that will be tested. The fundamental thrust of examination is on understanding the concepts and critical thinking, not on memorizing facts. As a result, the course will be presented in an interactive manner to ensure the underlying concepts are understood and examination questions can be analyzed properly to achieve the best answers.

Objectives:

This boot camp has been developed over more than seven years with two objectives:

To provide an environment in which security professionals can acquire the broad range of skills and knowledge expected of a world class information security manager. Whether or not you intend to take the CISM exam, this course is a powerful way to equip yourself with the knowledge of the core competencies that define the successful information security manager. To maximize your prospects at the CISM exam if you choose to take it.

OUTLINE:

1. Information Security Governance & Strategy

Information Security Governance Overview
Effective Information Security Governance
Information Security Concepts
Information Security Manager
Scope and Charter of IS Governance
Information Security Governance Metrics

Information Security Strategy Overview
Developing an Information Security Strategy
Information Security Strategy Objectives
Determining Current State of Security
Information Security Strategy
Strategy Resources
Strategy Constraints
Action Plan for Strategy
Implementing Security Governance
Action Plan Intermediate Goals

2. Risk Management

Risk Management Overview
Risk Management Strategy
Effective IS Risk Management
IS Risk Management Concepts
Implementing Risk Management
Risk Assessment and Analysis Methodologies
Risk Assessment
Controls and Countermeasures
Information Resource Valuation
Recovery Time Objectives
Integration With Life Cycle Processes
Security Control Baselines
Risk Monitoring and Communication
Training and Awareness
Documentation

3. Information Security Program Development and Management

IS Program Development Overview
Effective IS Program Development
IS Program Development Concepts
Information Security Manager
Scope and Charter of IS Program Development
IS Program Development Objectives
Defining an IS Program Development Road Map

IS Program Resources
Implementing an IS Program
Information Infrastructure and Architecture
Physical and Environmental Controls
IS Program Integration
IS Program Development Metric

Information Security Program Management
IS Management Overview
Organizational Roles and Responsibilities
The IS Management Framework
Measuring IS Management Performance
Common IS Management Challenges
Determining the State of IS Management
IS Management Resources
Other IS Management Considerations
Implementing IS Management

4. Incident Management and Response
Incident Management Concepts
Scope and Charter of Incident Management
Information Security Manager
Incident Management Objectives
Incident Management Metrics and Indicators
Defining Incident Management Procedures
Incident Management Resources
Current State of Incident Response Capability
Developing an Incident Response Plan
Developing Response and Recovery Plans
Testing Response and Recovery Plans
Executing Response and Recovery Plans
Post event Reviews

ADDENDUM:

Review Questions
Review of Practice Questions
Reference Materials
Glossary

WHO SHOULD ATTEND:

The CISM Boot camp Training is for IS Security professionals who have at least 3-5 years experience. This training is geared towards IS managers and those whom have information security management responsibilities.

Why CISM (Certified Information Security Manager)?

The most prestigious qualification available for information security managers today, the Certified Information Security Manager (CISM) certification sets a high bar for managers. Organizations around the world, including the government, are finding the time-tested, internationally respected CISM certification the best approach to ensuring the necessary level of information security practitioner and management competence. CISM qualified information security managers consistently rank amongst the highest paid professionals in the information sector.

Conducted by the principal author and editor of the CISM Review Manual, expert instructor, Mr. Brotby’s unique qualificaions ensures this intensive training bootcamp is current and relevant to the ISACA certification standard.

CISM focuses on the job performed by professional information security managers. Other security certifications are characterized by a focus on technical skills or platform, or product-specific knowledge, or they are aimed at the practitioner in the earlier years of their career. Only CISM targets the information security manager – the individual who has progressed beyond the practitioner focus. CISM is for the individual who must manage and oversee the enterprise’s information security effort, including the practitioners, many of whom may hold other certifications the field offers.

The focus on management that makes CISM unique is demonstrated in its experience requirement and curriculum, which calls for a minimum of five years in information security management, and in its exam focus that is based on the practices performed by information security managers. Some experience credit may be granted for relevant education or other certification.

ABOUT THE INSTRUCTOR:

Krag Brotby has more than twenty five years of experience in enterprise computer security architecture, governance, risk and metrics and is certified as a CISM and CGEIT. Experience includes intensive involvement in current and emerging security architectures and is a principle in the SABSA Institute. He holds a foundation patent for digital rights management and has published a variety of technical and IT security related articles and books. Brotby has served as the principal author, SME and editor of the ISACA Certified Information Security Manager Review Manual for the last 6 years, and the researcher and author of the widely circulated Information Security Governance, A Guide for Directors and Executive Management, 2nd ed., and the Information Security Governance : Guidance for Information Security Managers. He is the author of Information Security Management Metrics; Auerbach ’09 and Information Security Governance; a practical development and implementation approach; Wiley ’09 and currently under contract for another information security book for Auerbach.

Mr. Brotby has served on the ISACA Security Practice Development Committee, appointed to the Test Enhancement Committee responsible for exam question development, and to a committee that developed a systems approach to information security called the Business Model for Information Security (BMIS). Brotby is the recipient of the prestigious 2009 ISACA John W. Lainhart IV Common Body of Knowledge Award for noteworthy contributions to the information security body of knowledge for the benefit of the global security community and currently serves on the QAT committee developing CISM training materials.

Mr. Brotby has taught CISM courses globally during the past decade including the US Pentagon, US Marine Corp, Navy and Army. He is a member of the California High Tech Task Force Steering Committee, an advisory board for law enforcement. Mr. Brotby is a frequent workshop presenter and speaker at conferences globally and lectures on information security governance, metrics, information security management, GRC and CISM exam preparation throughout Oceana, Asia, Europe, the Middle East and North America.

Mr. Brotby currently teaches a variety of computer security courses for MEGAMIND, and all are available on-site.

Exam is NOT included in the course fees. You must register directly with ISACA (www.isaca.org) for the CISM Exam.

WORKBOOK MATERIALS:

All attendees will receive a course workbook with a copy of the instructor’s actual presentation,
the official CISM Review Manual ($160 value), and the CISM Review Questions, Answers & Explanations Manual 2012 ($60 value).

REGISTRATION:

Early registration is recommended as this course fills up quickly. To ensure admission, fees must be paid in advance. Fees include: tuition, coffee breaks and all course materials.

CANCELLATIONS:

Cancellations will be accepted up to 10 working days before the scheduled course. After that time, no refunds can be given but substitutions can be sent at any time. Megamind reserves the right to cancel or postpone any scheduled training class. CISM® is a federally licensed certification mark of ISACA