-
CERTIFIED INFORMATION
SECURITY MANAGER
Vertical Technology
Type Certification -led
Sub-Category Audit, security, governance and risk
3
Hello there
You've considered embarking on an exciting journey to
strengthen your professional status and career trajectory. The
choice to obtain professional certification and/or further
credentials in the subject matter area that you choose to
specialise in, puts a powerful tool, right in your hands.
It will bring you competitive edge, career progression and
market opportunity.
This brochure will provide further information about the
course of your choice. There is a wide selection of other
courses on our website, a selection that is constantly added
and improved upon. Feel free to email or call us if you need
help with anything.
We welcome the chance to be part of your journey.
Sincerely
Rowena Morais
Programme Director
Welcome Note
Rowena Morais
Programme Director
2
3
Course Information
Rowena Morais
Programme Director
Course Overview
Rowena Morais
Programme Director
Five day course. Growing demand for Information Security
(InfoSec) management skills has led to the ISACA's Certified
Information Security Manager (CISM) becoming a leading
InfoSec professional certification around the world. It will provide you with the international practices and assurance to implement effective InfoSec management and consulting services.
Learning Objectives
At the end of the course, you will be able to :
implement InfoSec governance;
improve and enhance InfoSec processes;
understand Cost Benefit Analysis to manage risks;
value security metrics design, development and
implementation;
conduct InfoSec Due Diligence and review the
infrastructure;
analyse, handle and manage security events;
comprehend InfoSec requirements in planning,
testing and maintenance; and
test Disaster Recovery for infrastructure and critical
business applications.
Curriculum
Module 01 Understanding Information Security
Governance
1.1. Effective Information Security Governance;
1.2. Key Information Security Concepts and Issues;
1.3. The IS Manager;
1.4. Scope and Charter of Information Security Governance;
1.5. IS Governance Metrics;
1.6. Developing an IS Strategy – Common Pitfalls;
1.7. IS Strategy Objectives;
1.8. Determining Current State of Security;
1.9. Strategy Resources;
1.10. Strategy Constraints;
1.11. Action Plan Immediate Goals;
1.12. Action Plan Intermediate Goals.
2015 Courses
Rowena Morais
Programme Director
INFORMATION TECHNOLOGY
HUMAN RESOURCE
Certificate of Cloud Security Knowledge
Cloud Technology Associate
TOGAF® 9
Professional Scrum Master
Professional Scrum Developer
Professional Scrum Product Owner
Certified Kanban Foundation
Certified in the Governance of Enterprise IT
COBIT 5 Foundation
Certified in Risk and Information Systems
Control
Certified Professional in Health IT
ISTQB® Advanced Test Manager
ISTQB®Advanced Test Analyst
ISTQB® Advanced Technical Test Analyst
iSQI® Certified Agile Tester
ITIL® Lifecycle- Service Strategy
ITIL® Lifecycle- Service Operation
ITIL® Lifecycle - Service Transition
ITIL® Lifecycle - Service Design
ISTQB® Foundation
Certified Wireless Network Administrator
Certified Wireless Analysis Professional
Certified Wireless Design Professional
Certified Wireless Security Professional
Ethical Hacker and Penetration Tester
How to Implement Practical Data Quality
Management
Transitioning to Agile
and more
Change Management Foundation
Certified Mentor Practitioner (Level 1)
The Language of Effective Presentations
4
Course Information
Rowena Morais
Programme Director
[email protected] Module 02 Conducting
Risk Management and
Compliance
2.1. Effective Information
Security Risk Management;
2.2. Integration into Life
Cycle Processes;
2.3. Implementing Risk
Management;
2.4. Risk Identification and
Analysis Methods.
Module 03 Valuing
Information Security
Programme Development
and Management
3.1. Planning;
3.2. Security Baselines;
3.3. Business Processes;
3.4. Infrastructure;
3.5. Malicious Code
(Malware);
3.6. Life Cycles;
10
Training Methodology
30 percent of the time will
be devoted to important
concepts and theory.
70 percent will be allocated
for discussion, presentation
and case studies.
Active participation through
individual work and
collaborative effort is
encouraged.
Prerequisites
You should have an
educational background or
working experience in
Information Systems,
Information Security, IT
Security or IT.
3.7. Impact on End
Users;
3.8. Accountability;
3.9. Security
Metrics;
3.10. Managing
Internal and
External Resources.
Module 04
Comprehending
Information Security
Management
4.1. Implementing Effective
Information Security
Management;
4.2. Security Controls and
Policies;
4.3. Standards and
Procedures;
4.4. Trading Partners and
Service Providers;
4.5. Security Metrics and
Monitoring;
Job Practice Areas
1. A job practice serves the
basis for the exam and
experience requirements to
earm the CISM. Each job
practice comprises tasks and
knowledge statements.
2. The four domains are :
i) Domain 1 - Information
Security Governance (24%);
ii) Domain 2 - Information
Risk Management and
Compliance (33%);
iii) Domain 3 - Information
Security Programme
Development and
Management (25%); and
iv) Domain 4 - Information
Security Incident
Management (18%).
4.6. The Change
Management Process;
4.7. Vulnerability
Assessments;
4.8. Due Diligence;
4.9. Resolution of Non-
Compliance Issues;
4.10. Culture, Behaviour and
Security Awareness.
Module 05 Valuing
Information Security
Response and Incident
Management
5.1. Performing a Business
Impact Analysis;
5.2. Developing Response
and Recovery Plans;
5.3. Incident Response
Processes;
5.4. Executing Response and
Recovery Plans;
5.5. Documenting Events;
5.6. Post Event Reviews.
Important Note
1. This course is brought to
you in partnership with
Goutama Bachtiar.
2. Terms and conditions
apply. Please visit Vertical
Distinct for the full terms.
5
Course Information
Rowena Morais
Programme Director
1. ISACA provides an Exam
Candidate Information Guide.
ISACA also provides a CISM
Self Assessment Test to help
you assess your knowledge.
2. 200 multiple choice
question exam; test time of 4
hours. Passing score is 450. A
retake is permitted.
3.The exam is paper-based
and may be taken at selected
test centres around the world.
4. Passing the exam does not
grant the CISM designation -
you must also earn the
required job experience and
submit a CISM application.
Locations
Faculty Instructors:
Goutama Bachtiar
Rowena Morais
Programme Director
Geographies covered :
Middle East | Asia Pacific |
Africa
Complete and updated list of
all cities and dates are
available on
www.verticaldistinct.com
including Universitas Tulang
Bawang (UTB), University of
Indonesia (UI) and the Swiss-
German University (SGU).
An auditor and consultant, he
has more than 65 international
certifications under his belt and
has delivered 230+ sessions and
5,500+ hours of training both
across Indonesia and APAC.
Goutama has written, reviewed
and edited 300+ articles, white
papers and manuscripts on ICT,
business and management for
20+ media, blogs, journals,
frameworks and conferences,
including COBIT, PMBOK, ZDNet
Asia, SDA Asia, TechWireAsia and
Forbes. He has written one Body
of Knowledge, two books and 27
courseware.
An enterprise technologist
with more than 13 years in
consulting and auditing, 12
years in training and
education experience and 10
years in project management
and solution development,
Goutama Bachtiar serves as
an ISACA International
Subject Matter Expert, an
International Programme
Mentor and Editorial Journal
Reviewer. He is a Certification
Exam and Study Materials
developer for the CISA, CGEIT,
CISM and CRISC
qualifications.
An advisor at six companies,
Goutama also guest lectures
at top Universities for the
Masters programmes
Exam Info
5. Exam fees are not included
in the registration fees
quoted and are to be
purchased separately at
ISACA. All information
pertaining to registering for
the exam, exam dates, test
centres and maintaining your
CISM is on the ISACA website.
6
Course Information
Rowena Morais
Programme Director
Target audience
1. New or experienced IT/Info
Security/Information Systems
executives,managers or
consultants;
2. Compliance personnel;
Accreditation
Certification by : ISACA
ISACA is an independent, non
profit, global association which
engages in the development,
adoption and global use of
accepted, industry-leading
knowledge and practices for
information systems.
With more than 100,000
members worldwide, ISACA
provides practical guidance,
benchmarks and other tools
for the enterprise that uses
information systems.
Additional Info
Rowena Morais
Programme Director
3. Risk Managers, IT Security
Auditors, Internal Auditors,
External Auditors;
4. Those who are involved in
or who manage Info Security
functions within their
organisations or deliver such
services to their clients.
7
Testimonials
Rowena Morais
Programme Director
Good trainer, clear and humble."
Syahroni Djaid, General Manager, IT Central Proteinaprima
"Excellent trainer !!"
Teguh Hambudi, Director at PT Inspirasi Abadi Mandiri
"Goutama is one of the best IT trainers and consultants I have ever met.
With his cool, calm and collected demeanour, he gives structured and
detailed lectures and explanation to his students and clients. He is not
only good in presenting his thoughts and opinions, but he also has a
very strong technical background and skills."
Maureen Chandra, Senior Quality Engineer "
"Goutama is extremely competent technically as well as in team
sharing knowledge with the team in the best possible manner. He is
one of the most excellent IT professional I have worked with!!"
Pradeep Saggam, Director Hambudi
Visit our website
Check out Vertical Distinct' Profile
Preview Accelerate Magazine, a publication of Vertical Distinct.
VERTICAL DISTINCT SDN BHD Suite 1208 Level 12 Amcorp Tower, Amcorp Trade Centre
No. 18 Persiaran Barat, 46050 Petaling Jaya, Selangor Darul Ehsan, Malaysia.
+603 7948 5241 +603 7955 6363 [email protected]
www.verticaldistinct.com
Recommended
