by Gerald Trites, FCA
Last year, ISACA released a model curriculum for Information Systems Management. For several years, their model curriculum for information systems audit and control has been a guiding force in information systems education. The new curriculum promises to do the same for the management side, something that is needed and will be useful.
The Management curriculum is based on the structure of the exam for the Certified Information Systems Management (CISM) designation. That includes:
- Information security governance
- Information risk management
- Information security program development
- Information security program management
- Incident management and response
The information risk management domain is divided into two topic areas that have from five to seven subtopics each. This domain focuses on the management and assessment of risk in an enterprise.
The information security program development domain includes information regarding the development of a formal security program, including information security management responsibilities, the importance of obtaining senior management’s commitment to the program, defining the program and implementing the program.
The information security program management domain includes subject matter such as policies, outcomes of effective management and measuring the information security program.
The Curriculum offers a series of figures that can serve as forms for implementation. They include an Alignment Grid, which provides a form to map an academic program to the model curriculum.
Copies of the Model Curriculum can be downloaded from the ISACA site.