* New in 2018 *

Certified Information Security Incident Manager Course

Mastering the management of an

Information Security Incident based on ISO 27035


The Certified Information Security Incident Manager (CISiM™) course is a four-day information packed certification learning experience designed to develop a level of competence to support the design, develop and management of an Information Security Incident Management Process in accordance with the requirements mandated under ISO 27035. Drawing upon best practices and complemented by our proprietary model Incident Management Process, students will not only learn how to manage an information security incident, but also development a process to manage and control it.

Students will also be familiarized with the mandating requirements from legislation and standards such as GDPR, HIPAA, and other regulations and standards. During the course, students will be participating in a series of practical exercises designed to touch on all aspect of developing and testing a new information security incident process.

We will also be discussing performing an impact assessment to understand the operational impact of the new process upon the existing information security support capabilities of an organization's team, as well as transitioning the process from project to an operational owner.


Please click the Registration button below to go to our course listing and registration page. Registration for all our courses are done on Eventbright.com

What Does it Cost?

$2,995 USD ($2,495 tuition + $500 certification fee) + a small administrative booking fee charge by Eventbright.com who facilitates our online registration.

* due to the higher cost of facilities in some cities, tuition in those venues may be higher. The cost by venue is listed on individual registration pages.

** a $50 shipping fee applies to all online students in the US & Canada.

Who Should Attend

  • Information Security professionals and managers involved in any aspect of the development, roll-out or operational maintenance of an Information Security Program.

  • Audit Managers and Auditors seeking to understand Information Security Incident Management to develop audit test procedures to incorporate in their audit plan.

  • IT and Business Managers and consultants wanting to prepare and to support an organizational Information Security Incident Management Process.

  • Persons responsible for information security or its conformity in an organization that may support an information security incident management team.

  • Consultants looking to understand and support clients implementing and information security incident management process.

  • Corporate / industrial / physical security specialists.

  • Technical experts wanting to prepare for an Information Security management function or for an information security project management role

  • Attorneys supporting the legal aspects of an information security incident.

  • Data Privacy professionals supporting an information security incident management response team.


Learning Objectives

  • Understand the requirements for the information security incident management function as mandated by the ISO 27035 standard, including those mandated under legal and regulatory requirements e.g. GDPR, HIPPA, and more, and general best practices.

  • Master the concepts, approaches, methods and techniques required for the effective planning, design, development, implementation and maintenance of an information security incident management process.

  • Understand how to engage stakeholders in the process to secure their buy-in and support an operational Information Security Incident Response Team (iSIRT).

  • Understand the approach to build a test plan to assess the appropriateness and completeness of your organization's information security incident respond plan.



Day 1 - Introduction to Information Security Incident Management

  • What is an information security incident

  • Normative, regulatory and legal framework related to information security incident management

  • Fundamental principles of information security incident management

  • An overview of the information security incident management process

  • The Information Security Incident Response Team (iSIRT) and it role to support the incident management process

  • Roles & responsibilities of members of an iSIRT

  • The difference between Incident Management and Investigation

  • Duty to report special types of information security incidents

Day 2 - Developing the Information Security Incident Management Process

  • Understanding and documenting types of information security incident organization's are vulnerable to

  • Documenting information security incident activity for integrity, reporting and to satisfy regulatory auditing purposes

  • Understanding what where your critical incident management and investigative resources, and where to find them during an incident

  • The role of the incident report, types, content and distribution

  • Developing and documenting incident categories relevant to your organization

  • The information security severity assessment procedure and its value in the overall process

  • Ownership and case management incident management in a centralized versus federated model

  • Computer Forensic Investigations, an incident manager's tool

    • Introduction to the investigator's Jump Kit

    • Competencies of forensic investigators

    • General rules of evidence handling

      • documentation

      • collection

      • chain of custody

      • storage and handling

Day 3 - Managing an Information Security Incident, Developing a Test Plan, and Auditing the Process

  • Identification of a suspect incident

  • Information security incident validation

  • Assessment of an information security incident

  • Management of the incident

  • Oversight and control of technical and management teams

  • Monitoring & reporting

  • Mitigation of vulnerabilities and root cause

  • Understand why organization's test incident management processes

  • Developing and testing the process

  • How to audit the Information Security Incident Management Process

Day 4 - Exam

  • administration of the written exam


What You Get

Students will receive:

  1. a copy of all slides presented during the class;

  2. a certificate of completion awarding 27 Continuing Professional Development (CDP) units;

  3. A free Professional membership with the Information Security Leadership Forum;

  4. A Student Information Package (SIP) with study tips and other helpful and insightful information for the course and exam;

  5. A copy of our model Information Security Incident Management Process in MS Word format to use to create a custom process for your organization; and

  6. An exam and certification application voucher for the Information Security Leadership Forum, the official certification authority.



  • The exam is administered on the final day of training. It is composed of a combination of multiple choice and essay questions, and is administered as an open book exam.

  • Student will have three-hours to complete.



  • Student are prohibited from recording (audio or video) any session(s), or portions of any session.

  • Students will receive a code for a free membership with the Information Security Leadership Forum. This code is only valid for use by the registered student. Students must register and setup an account prior to the beginning of the course.

  • All student material for this course will be provided on the first day of the class only.

  • Organizer reserves the right to refuse or cancel any registration, change instructor, reschedule training, or move the event location at its sole desecration.

  • Process documents, policies, and standards included in any of our courses provided with agreement to the respective licensing terms and conditions, and is licensed to a company for internal use only. Consultants wishing to license material for use on client consulting engagements can discuss your needs with our staff, and we will provide information regarding on our consulting partnership program.