The Certified Information Security Manager (CISM) training program is designed by Global Horizon Training Center to equip information security professionals, IT managers, cybersecurity leaders, and governance specialists with the knowledge and management skills required to establish, govern, implement, and continuously improve enterprise information security programs. The program is aligned with internationally recognized information security management best practices and covers the four major knowledge domains of the CISM framework: Information Security Governance, Information Risk Management, Information Security Program Development & Management, and Incident Management.
By the end of this training program, participants will be able to:
Understand the principles of Information Security Governance.
Align information security strategies with organizational objectives.
Develop and maintain an enterprise-wide information security program.
Identify, assess, analyze, and manage information security risks.
Apply internationally recognized governance and risk management frameworks.
Design security policies, standards, and procedures.
Establish effective security awareness and training initiatives.
Manage third-party and vendor security risks.
Develop comprehensive incident response and recovery plans.
Measure and improve information security performance using KPIs and security metrics.
Enhance executive decision-making regarding cybersecurity investments.
Strengthen organizational resilience against cyber threats.
The program adopts an interactive management-oriented learning approach through:
Instructor-led presentations
Interactive discussions
Group exercises
Case study analysis
Security governance workshops
Risk assessment exercises
Incident response planning activities
Knowledge assessments
Best practice reviews
Practical management scenarios
Upon successful completion of this program, organizations will benefit from:
Stronger information security governance.
Better alignment between cybersecurity initiatives and business objectives.
Improved enterprise risk management.
Enhanced regulatory and compliance readiness.
More effective information security policies.
Improved incident preparedness and response capabilities.
Better executive reporting and security performance measurement.
Increased stakeholder confidence.
Reduced security risks and operational disruptions.
Improved cybersecurity maturity across the organization.
This program is designed for:
Information Security Managers
Cybersecurity Managers
IT Managers
Information Security Officers
Risk Management Professionals
Governance, Risk & Compliance (GRC) Professionals
IT Auditors
Security Consultants
Business Continuity Managers
Security Architects
Compliance Officers
Professionals preparing for CISM-level responsibilities
Day 1 – Information Security Governance
Module 1: Foundations of Information Security Management
Information security management concepts
Enterprise security governance
Security management principles
Security leadership roles and responsibilities
Module 2: Information Security Governance Frameworks
Governance structures
Organizational culture
Roles and accountability
Executive oversight
Module 3: Developing Security Strategy
Business alignment
Strategic planning
Security objectives
Governance roadmaps
Module 4: Policies and Compliance
Security policies
Standards and procedures
Legal and regulatory requirements
Compliance management
Module 5: Security Performance Measurement
KPIs
KRIs
Executive reporting
Governance metrics
Day 2 – Information Security Risk Management
Module 1: Information Asset Management
Asset identification
Asset classification
Critical asset protection
Module 2: Threat and Vulnerability Management
Threat landscape
Vulnerability identification
Security assessments
Module 3: Risk Assessment
Risk identification
Risk analysis
Risk evaluation
Business impact analysis
Module 4: Risk Treatment
Risk mitigation
Risk acceptance
Risk transfer
Risk avoidance
Module 5: Continuous Risk Monitoring
Risk reporting
Risk dashboards
Security monitoring
Risk communication
Day 3 – Information Security Program Development & Management
Module 1: Building the Information Security Program
Program planning
Security objectives
Resource management
Program governance
Module 2: Security Controls
Administrative controls
Technical controls
Physical controls
Control selection
Module 3: Security Policies and Standards
Policy development
Standards creation
Procedures
Documentation
Module 4: Security Awareness
Employee awareness
Training programs
Security culture
Executive engagement
Module 5: Third-Party Security
Vendor security
Supplier risk management
Contract security requirements
Outsourcing considerations
Day 4 – Information Security Incident Management
Module 1: Incident Management Framework
Incident lifecycle
Classification
Prioritization
Escalation
Module 2: Incident Response Planning
Response strategy
Response team
Roles and responsibilities
Communication planning
Module 3: Investigation and Recovery
Incident investigation
Root cause analysis
Recovery planning
Business restoration
Module 4: Crisis Communication
Executive communication
Stakeholder communication
Regulatory reporting
Media coordination
Module 5: Lessons Learned
Post-incident reviews
Continuous improvement
Documentation
Updating response plans
Day 5 – Integrated Information Security Management
Module 1: Enterprise Security Integration
Security governance integration
Risk integration
Enterprise collaboration
Module 2: Security Program Evaluation
Performance assessment
Program maturity
Security metrics
Continuous improvement
Module 3: Emerging Security Challenges
Cloud security governance
Third-party ecosystems
Digital transformation risks
Emerging cyber threats
Module 4: Executive Decision Making
Security investment planning
Security budgeting
Business cases
Executive reporting
Module 5: Comprehensive Program Review
Integration of governance, risk, security program, and incident management
Review of key concepts
Knowledge assessment
Course summary and action planning