top of page

Certified Information Security Manager (CISM)

Defscope will provide training based on ISACA’s Certified Information Security Manager® (CISM) certification program.

ISACA is a professional membership organization committed to the advancement of digital trust by empowering IS/IT professionals to grow their skills and knowledge in audit, cybersecurity, emerging tech and more.

ISACA’s Certified Information Security Manager® certification indicates expertise in information security governance, program development and management, incident management and risk management. If you are a mid to advanced-career IT professional aspiring to senior management roles in IT security and control, CISM can get you the visibility you need.

What do we teach?

Module 1:   Information security governance

· Organizational Culture

· Legal, Regulatory and Contractual Requirements

· Information Security Strategy Development

· Organizational Structures, Roles and Responsibilities

· Information Governance Frameworks and Standards

· Strategic Planning (e.g., Budgets, Resources, Business Case)

Module 2: Risk   Management

· Emerging Risk and Threat Landscape

· Vulnerability and Control Deficiency Analysis

· Risk Assessment and Analysis

· Risk Treatment / Risk Response Options

· Risk and Control Ownership

· Risk Monitoring and Reporting

Module 3:   Information security program development and management

· Information Security Program Resources (e.g., People,Tools,   Technologies)

· Information Asset Identification and Classification

· Industry Standards and Frameworks for Information Security

· Information Security Policies, Procedures and Guidelines

· Information Security Program Metrics

· Information Security Control Design and Selection

· Information Security Control Implementation and Integrations

· Information Security Control Testing and Evaluation

· Information Security Awareness and Training

· Management of External Services (e.g., Providers,Suppliers, Third   Parties, Fourth Parties)

· Information Security Program Communications and Reporting

Module 4: Information   security incident management

· Incident Response Plan

· Business Impact Analysis (BIA)

· Business Continuity Plan (BCP)

· Disaster Recovery Plan (DRP)

· Incident Classification/Categorization

· Incident Management Training, Testing and Evaluation

· Incident Management Tools and Techniques

· Incident Investigation and Evaluation

· Incident Response Communications (e.g., Reporting, Notification,   Escalation)

· Incident Eradication and Recovery

· Post-Incident Review Practices



Vusal Salmanli

Principal Cyber Security Consultant

Background: Former Systems & Network Engineer turned into global cybersecurity instructor, consultant and business owner with around 15 years professional experience in ICT

Day to Day: Principal CyberSecurity Consultant @ CDW USA, Business owner @ Defscope, Co-Founder and Community Leader @ INSECO

Degree & Certifications: MSc, MCP, CCNA, OCE, CCSA, CISA, CISM, CEH, CDPSE


•ISACA Gold Level Member (

•Member of CompTIA Instructor Network (

•Member of AKTA Azerbaijan (

bottom of page