- CEO / CFO / CIO / CTO / CISO
- IS / IT Specialist / Analyst / Manager
- IS / IT Auditor / Consultant
- IS / IT Head / Director
- IT Operations Manager / Head / Director
- IT Compliance Manager / Head / Director
- Security Head / Director
- Security Specialist / Analyst
- Security Manager / Architect
- Security Consultant / Professional
- Security Officer / Engineer
- Security Administrator
- Security Auditor
- Network Specialist / Analyst
- Network Manager / Architect
- Network Consultant / Professional
- Network Administrator
- Senior Systems Engineer
- Systems Analyst
- Systems Administrator
Certified Information Systems Security Manager (CISSM)
Certified Information Systems Security Manager (CISSM)®
Certification Overview
The Certified Information Systems Security Manager (CISSM)® is unique in the information security credential marketplace because it is designed specifically and exclusively for individuals who have experience managing an information security program. The certification has been renowned as the globally recognized achievement for those who have experience managing an information security program.
The certification is designed for professionals responsible for establishing, managing, and governing enterprise-wide information security programs. It focuses on aligning security initiatives with business objectives, ensuring effective risk management, and implementing robust governance frameworks. CISSM emphasizes a managerial and strategic perspective, enabling candidates to design security policies, oversee security operations, and ensure compliance with legal, regulatory, and industry standards.
Benefits:
- Worldwide recognition as an information security manager
- Understand how to govern information security
- Understand how to develop & manage an information security program
- Understand how to manage incidents
- Gain a better understanding of information risk management
- Provides tangible evidence of career growth and advanced job skills
- Access to valuable resources, peer networking, and idea exchange
Course Duration: 30 to 35 Hours
Exam Code: CISSM-001
Exam Information
The exam comprises of 100 questions out of which the candidate needs to score a percentage of 70% (70 out of 100) to pass the exam.
The total duration of the exam is 1 hour 30 minutes (90 Minutes).
- The exam is conducted in AI-proctored mode and can be taken anytime, anywhere within an eight-month validity period.
- Upon purchasing the Premium Package or an Exam Voucher Code, a voucher code with two attempts will be assigned to your login profile under the "My Vouchers" tab. You can then take the exam through the "My Exam(s)" tab in your profile. To take the exam, simply apply the voucher code.
- The Exam Voucher included in the Premium Package or purchased separately is valid for two (2) attempts. If you are unable to pass the exam within these two attempts, you can purchase a new voucher code, which will grant you an additional two attempts.
- Kindly Note: The voucher will not be valid for a second attempt if you pass the exam on your first attempt.
The Certified Information Systems Security Manager (CISSM)® is valid for 5 years. The candidate needs to re-certify once in 5 years to maintain the certification credentials.
CISSM® is a Registered Trademark of ITQMA.
Note: The Certified Information Systems Security Manager (CISSM)® Certification has no pre-requisites (Completion of an E-Course is not mandatory from ITQMA), but we highly recommend doing the E-Course as maximum number of questions are drawn from the E-Course in the actual exam.
Course Outline
Module 1 - Information Security Governance
- Principles of information security governance
- Alignment of security strategy with business objectives
- Roles and responsibilities of security management
- Security policies, standards, and procedures
- Legal, regulatory, and compliance requirements
Module 2 - Risk Management
- Risk management frameworks and methodologies
- Risk identification, assessment, and analysis
- Qualitative vs quantitative risk analysis
- Risk treatment options
- Risk appetite and tolerance
Module 3 - Information Security Program Development
- Building an information security program
- Security program lifecycle
- Budgeting and resource planning
- Metrics and KPIs
- Continuous improvement
Module 4 - Asset Management and Data Classification
- Information asset identification
- Data classification models
- Data ownership and custodianship
- Information lifecycle management
- Data handling and retention
Module 5 - Security Architecture and Controls
- Security architecture concepts
- Defense-in-depth strategy
- Administrative, technical, and physical controls
- Network, application, and endpoint security
- Cloud and virtualization security
Module 6 - Identity and Access Management (IAM)
- Authentication and authorization models
- Role-based and attribute-based access control
- Privileged access management (PAM)
- Identity lifecycle management
- Single sign-on (SSO) and federation
Module 7 - Security Operations and Incident Management
- Security monitoring and logging
- Incident response lifecycle
- Threat detection and analysis
- Digital forensics fundamentals
- Security operations center (SOC) function
Module 8 - Business Continuity and Disaster Recovery
- Business impact analysis (BIA)
- Business continuity planning (BCP)
- Disaster recovery strategies
- Backup and recovery mechanisms
- Crisis management and communication
Module 9 - Vendor, Third-Party, and Cloud Risk Management
- Third-party risk assessment
- Contractual and SLA security requirements
- Cloud shared responsibility model
- Supply chain security risks
- Ongoing vendor monitoring
Module 10 - Security Compliance, Audit, and Assurance
- Security audits and assessments
- Compliance frameworks
- Internal and external audit coordination
- Security reporting to management
- Continuous compliance monitoring