Introduction

Information security is one of the fundamental pillars to ensure business continuity and protect vital assets in the modern digital age. With the increasing number of cyberattacks and the complexity of risks associated with modern technologies, organizations are urgently required to build strong security systems that enhance the protection of their data and operations.

In the Kingdom of Saudi Arabia, the information security sector is witnessing rapid development driven by the Vision 2030, which emphasizes the importance of secure digital transformation, protecting vital infrastructure, and implementing the highest cybersecurity standards. This has been reflected in the issuance of advanced national regulations such as the "Personal Data Protection Law" and the "National Cybersecurity Framework," which have increased the demand for specialized competencies in this vital field.

In this context, the Certified Information Security Manager (CISM) certification, globally recognized by ISACA, comes as a key step for any professional aiming to build an outstanding career in the field of information security. This course aims to equip participants with advanced knowledge and practical skills necessary to effectively manage information security programs, with a focus on security governance, risk management, and compliance.

Upon completing the program, trainees will earn an internationally recognized certification that opens up opportunities for excellence and leadership in the job market, providing a clear demonstration of their ability to manage information security in alignment with business objectives. This, in turn, enhances their career prospects and gives them a strong competitive edge both locally and globally.

Issuing Body

The Certified Information Security Manager (CISM) certification is awarded by ISACA, a global professional association recognized in the fields of digital trust such as information security, governance, audit and assurance, risk management, privacy, and systems quality. Founded over 50 years ago, ISACA serves more than 185,000 members in 188 countries through 225 branches worldwide. It is globally known for offering accredited professional certifications, reference frameworks and standards, and high-quality educational and training programs, making it a primary reference for professionals and organizations aiming to enhance trust in technology and elevate practices in cybersecurity, risk management, and governance.

Benefits of Earning the Certification

• Demonstrates high proficiency in managing information security at the organizational level.
• Enhances opportunities for obtaining prestigious leadership positions in the field of cybersecurity.
• International recognition of the certification, increasing global employment opportunities.
• Demonstrates the ability to align information security programs with the organization's strategic goals.
• Improves career return and increases potential income levels.
• Builds a strong professional network with information security experts worldwide.

Topics

Information Security Governance 

• Describe the role of governance in creating value for the enterprise. 
• Explain the importance of information security governance in the context of overall enterprise governance. 
• Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy. 
• Identify the relevant legal, regulatory and contractual requirements that impact the enterprise. 
• Describe the effects of the information security strategy on enterprise risk management. 
• Evaluate the common frameworks and standards used to govern an information security strategy. 
• Explain why metrics are critical in developing and evaluating the information security strategy. 

Information Security Risk Management

• Apply risk assessment strategies to reduce the impact of information security risk. 
• Assess the types of threats faced by the enterprise. 
• Explain how security control baselines affect vulnerability and control deficiency analysis. 
• Differentiate between application of risk treatment types from an information security perspective. 
• Describe the influence of risk and control ownership on the information security program. 
• Outline the process of monitoring and reporting information security risk. 

 Information Security Program 

• Outline the components and resources used to build an information security program. 
• Distinguish between common IS standards and frameworks available to build an information security program. 
• Explain how to align IS policies, procedures and guidelines with the needs of the enterprise. 
• Describe the process of defining an IS program road map. 
• Outline key IS program metrics used to track and report progress to senior management. 
• Explain how to manage the IS program using controls. 
• Create a strategy to enhance awareness and knowledge of the information security program. 
• Describe the process of integrating the security program with IT operations and third-party providers. 
• Communicate key IS program information to relevant stakeholders. 

Incident Management

• Distinguish between incident management and incident response 
• Outline the requirements and procedures necessary to develop an incident response plan. 
• Identify techniques used to classify or categorize incidents. 
• Outline the types of roles and responsibilities required for an effective incident management and response team 
• Distinguish between the types of incident management tools and technologies available to an enterprise. 
• Describe the processes and methods used to investigate, evaluate and contain an incident. 
• Identify the types of communications and notifications used to inform key stakeholders of incidents and tests. 
• Outline the processes and procedures used to eradicate and recover from incidents. 
• Describe the requirements and benefits of documenting events. 
• Explain the relationship between business impact, continuity and incident response. 
• Describe the processes and outcomes related to disaster recovery. 
• Explain the impact of metrics and testing when evaluating the incident response plan.