(ISC)² offers several additional certifications known as CISSP concentrations that build on the CISSP Certification. These are optional certifications for CISSPs who wish to improve their subject matter mastery. The CISSP Concentrations recognize your evolving expertise in information security architecture, engineering, or management.

The CISSP-ISSMP cybersecurity management certification shows you excel at establishing, presenting, and governing information security programs. You also demonstrate deep management and leadership skills whether you’re leading incident handling and/or a breach mitigation team.

ABOUT THE EXAM
The exam is an MCQ with 125 questions based on the following 6 areas of skills:

• Leadership and Business Management (22%)
• Systems Lifecycle Management (19%)
• Risk Management (18%)
• Threat Intelligence and Incident Management (17%)
• Contingency Management (10%)
• Law, Ethics, and Security Compliance Management (14%)

Candidates have 3 hours to take this exam in a Pearson Vue testing center.
(ISC)² recommends candidates review their exam policies and procedures before registering for the examination.

What’s Covered in the ISSMP Self-Paced Course

The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing information security programs and demonstrates management and leadership skills. CISSP-ISSMPs direct the alignment of security programs with the organization’s mission, goals, and strategies to meet enterprise financial and operational requirements in support of its desired risk position.

Learning Objectives

After completing this course, you will be able to:

• Prioritize security requirements in support of business initiatives and obtain support from stakeholders.
• Create a security program that includes security awareness and training and a process for analyzing, managing, and enforcing security requirements for contracts and agreements.
• Apply metrics, budgeting, and security program management to achieve a successful security program.
• Adapt the security of the system lifecycle into the organizational security architecture.
• Develop an effective risk management program that meets organizational requirements.
• Integrate supply chain security risks with organizational risk management.
• Create a successful threat intelligence program.
• Design a successful incident handling and investigation program.
• Formulate effective organizational continuity of operations and system-level contingency plans.
• Implement appropriate controls to safeguard sensitive information and systems.

Course Components:

• (ISC)² CISSP-ISSMP Fundamentals Course
• (ISC)² CISSP-ISSMP Training Course
• Official (ISC)2 Guide to the CISSP-ISSMP CBK