Effective information security leadership hinges on strategic oversight, risk management, and business alignment. This course prepares participants to design, implement, and evaluate enterprise security programmes that support organisational goals. Through scenario-based learning, they will explore governance frameworks, risk response, compliance obligations, and operational security practices relevant to senior roles.
Learning Outcomes:
Understand key principles of enterprise information security governance
Evaluate and manage information security risk
Design and implement information security programmes
Develop incident response and recovery plans
Key Topics:
Information security governance frameworks
Risk assessment and treatment methods
Security programme design and metrics
Business continuity and disaster recovery planning
Certification preparation for ISACA® Certified Information Security Manager (CISM) certification
Exam Details
This course is designed to build participants’ understanding of key concepts and domains covered in the ISACA Certified Information Security Manager (CISM) certification.
The CISM exam evaluates participants across four domains:
| Domain | Weightage |
|---|---|
| Domain 1 – Information Security Governance | 17% |
| Domain 2 – Information Security Risk Management | 20% |
| Domain 3 – Information Security Program | 33% |
| Domain 4 – Incident Management | 30% |
Please note that the course fee does not include the certification exam. Exam registration must be done separately via ISACA.
To maximise success, participants are strongly encouraged to complement the course with additional self-study, revision of course materials, and dedicated practice before attempting the exam.
FUNDING INFORMATION
SkillsFuture Singapore (SSG)
Funding is available on Course Fee. Please see below for the eligibility categories available.
| Self-sponsored | Singapore Citizen & PR aged ≥ 21 years | Up to 50% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding | |
| Company Sponsored (Non-SME) | Singapore Citizen & PR aged ≥ 21 years | Up to 50% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding | |
| Company Sponsored (SME) | Singapore Citizen & PR aged ≥ 21 years | Up to 70% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding |
SSG Funding Requirements
- Trainees must scan their attendance twice daily using the SingPass application.
- Trainees must attain at least 75% attendance.
- Trainees must pass the in-house assessment to be eligible for funding.
- Trainee and/or sponsoring company is/are required to meet all SSG-mandated eligibility criteria and requirements for funding. For more information, please refer to SkillsFuture homepage.
Appeal Policy and Procedure
- As a candidate in this course assessment, you may appeal your results if you disagree with them.
- To do so, submit your written appeal request via email to esv_comat_cse@stengg.com within 3 working days from date of assessment.
Cancellation, Postponement and Refund Policy
- Request for cancellation or postponement must be submitted in writing more than 4 weeks before the class start date to avoid any charges.
- Written notice for cancellation or postponement received 2 to 4 weeks before class start date will incur Late Cancellation Charge - 50% of course fee.
- Written notice for cancellation or postponement received less than 2 weeks before class start date will incur Late Cancellation Charge - 100% of course fee.
- If payment has been made and ST Engineering e-Services Pte Ltd accepts the trainee's written notification to cancel or withdraw from the course, ST Engineering e-Services Pte Ltd will issue a refund, less any applicable Late Cancellation Charges.
Feedback Policy and Procedure
- You may submit feedback via email to esv_comat_cse@stengg.com or your servicing Account Manager.
- Any formal feedback will be handled within 10 working days from receipt with a written reply given. An interim reply will be provided should more time be required.
Module 1 – Information Security Governance
Session Topics:
- Enterprise Governance Overview
- Organizational Culture, Structures, Roles and Responsibilities
- Legal, Regulatory and Contractual Requirements
- Information Security Strategy
- Information Governance Frameworks and Standards
- Strategic Planning
Learning Objectives:
- Describe the role of governance in creating value for the enterprise.
- Explain the importance of information security governance in the context of overall enterprise governance.
- Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy.
- Identify the relevant legal, regulatory and contractual requirements that impact the enterprise.
- Describe the effects of the information security strategy on enterprise risk management.
- Evaluate the common frameworks and standards used to govern an information security strategy.
- Explain why metrics are critical in developing and evaluating the information security strategy.
Module 2 – Information Security Risk Management
Session Topics:
- Risk and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Assessment, Evaluation and Analysis
- Information Risk Response
- Risk Monitoring, Reporting and Communication
Learning Objectives:
- Apply risk assessment strategies to reduce the impact of information security risk.
- Assess the types of threats faced by the enterprise.
- Explain how security control baselines affect vulnerability and control deficiency analysis.
- Differentiate between application of risk treatment types from an information security perspective.
- Describe the influence of risk and control ownership on the information security program.
- Outline the process of monitoring and reporting information security risk.
Module 3: Information Security Program Development and Management
Session Topics:
- IS Program Development and Resources
- IS Standards and Frameworks
- Defining an IS Program Road Map
- IS Program Metrics
- IS Program Management
- IS Awareness and Training
- Integrating the Security Program with IT Operations
- Program Communications, Reporting and Performance Management
Learning Objectives:
- Outline the components and resources used to build an information security program.
- Distinguish between common IS standards and frameworks available to build an information security program.
- Explain how to align IS policies, procedures and guidelines with the needs of the enterprise.
- Describe the process of defining an IS program road map.
- Outline key IS program metrics used to track and report progress to senior management.
- Explain how to manage the IS program using controls.
- Create a strategy to enhance awareness and knowledge of the information security program.
- Describe the process of integrating the security program with IT operations and third- party providers.
- Communicate key IS program information to relevant stakeholders.
Module 4: Information Security Incident Management
Session Topics:
- Incident Management and Incident Response Overview
- Incident Management and Response Plans
- Incident Classification/Categorization
- Incident Management Operations, Tools and Technologies
- Incident Investigation, Evaluation, Containment and Communication
- Incident Eradication, Recovery and Review
- Business Impact and Continuity
- Disaster Recovery Planning
- Training, Testing and Evaluation
Learning Objectives:
- Distinguish between incident management and incident response
- Outline the requirements and procedures necessary to develop an incident response plan.
- Identify techniques used to classify or categorize incidents.
- Outline the types of roles and responsibilities required for an effective incident management and response team
- Distinguish between the types of incident management tools and technologies available to an enterprise.
- Describe the processes and methods used to investigate, evaluate and contain an incident.
- Identify the types of communications and notifications used to inform key stakeholders of incidents and tests.
- Outline the processes and procedures used to eradicate and recover from incidents.
- Describe the requirements and benefits of documenting events.
- Explain the relationship between business impact, continuity and incident response.
- Describe the processes and outcomes related to disaster recovery.
- Explain the impact of metrics and testing when evaluating the incident response plan.
.png?width=50&name=Artificial%20Intelligence%20(AI).png)
-1.png?width=360&name=Server%20(4)-1.png)
/AI%20(6)-1-1.png?width=360&name=AI%20(6)-1-1.png)
/AI%20(8)-1.png?width=360&name=AI%20(8)-1.png)
-1.png?width=360&name=Automation%20RPA%20(2)-1.png)
/AI%20(5)-1.png?width=360&name=AI%20(5)-1.png)
