How does this course fit into CISM exam preparation?

This course discusses important domains related to developing an InfoSec program, riskmanagementand information asset classification as it relates to CISMcertificationpreparationspecializationthat will help you pass theCISM exam and excel in a career in information security management.

How will this course help advance my career in information security?

Learninghow to create and run InfoSec programs, implement industry standards, and execute risk management frameworks will set you up for senior or executive roles in cybersecurity. This course prepares you for CISO, Risk Manager, and InfoSec Architect roles that have an exponential demand.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Information Security Program Management

Grow your skills with Coursera Plus for $239/year (usually $399). Save now.

Information Security Program Management

This course is part of CISM Certification Preparation Specialization

Instructor: LearnKartS

Included with

Learn more

7 modules

Gain insight into a topic and learn the fundamentals.

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

7 modules

Gain insight into a topic and learn the fundamentals.

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Build and align a comprehensive Information Security Program that directly supports business goals and addresses modern security challenges.
Master industry standards and frameworks to create actionable InfoSec policies, roadmaps, and strategic execution plans for long-term success.
Identifyand classify critical assets, designlayered securitycontrols,andintegrate risk management across all stages of your program.
Develop high-impact security awareness programs, manage third-party access, and continuously evaluate and improve your InfoSec program’s performance.

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the CISM Certification Preparation Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 7 modules in this course

Still managing controls but struggling to run a structured, enterprise-wide security program?

Policies alone don’t build resilience. Organizations require professionals able to map strategy into execution and design scalable security programs, manage assets, deploy controls, and evaluate performance across the enterprise. That’s the skill set this course develops. In this Information Security Program Development and Management course, you will: • Translate security strategy into a structured InfoSec program • Define scope, charter, objectives, and business case • Identify and classify critical information assets • Apply industry frameworks and security architecture • Design, implement, & test layered security controls • Build roadmaps, metrics, and continuous monitoring models Unlike theory-only programs, this course delivers a practical, execution-driven approach — from policy to roadmap to measurable results. Designed for aspiring CISM professionals, security managers, program leads, IT auditors, and governance practitioners moving into senior roles. Enroll now and step into strategic security program leadership.

This module focuses on deriving an InfoSec program from your organization's strategy, highlighting the essential elements and trends in InfoSec program management. It also covers key objectives, challenges, and the scope of developing a robust InfoSec program.

What's included

15 videos1 reading6 assignments

15 videos Total 59 minutes

Course Introduction 2 minutes
Deriving InfoSec Program from InfoSec Strategy 7 minutes
Information Security Program Overview 3 minutes
Infosec Program Overview 3 minutes
InfoSec Management Trends 3 minutes
Essential Elements of an IS Program 4 minutes
InfoSec Program Importance 2 minutes
Elements of a Project Management for InfoSec 4 minutes
Applying the Security Program Business Case 4 minutes
Outcomes of InfoSec Program Management 4 minutes
InfoSec Program Objectives 3 minutes
Scope and Charter of InfoSec Program 5 minutes
Steps to Develop an Information Security Program 4 minutes
Challenges of an InfoSec Program 6 minutes
Constraints to InfoSec Program 5 minutes

1 reading Total 10 minutes

Program Development Best Practices 10 minutes

6 assignments Total 126 minutes

Checkpoint Quiz 24 minutes
Checkpoint Quiz 20 minutes
Checkpoint Quiz 12 minutes
Proficiency Quiz 30 minutes
Proficiency Quiz 25 minutes
Proficiency Quiz 15 minutes

Learn strategies for identifying, classifying, and valuing information assets, as well as understanding their criticality and the impact of potential adverse events. This module explores the foundational principles of asset management within InfoSec.

What's included

7 videos4 assignments

7 videos Total 28 minutes

Module Introduction 1 minute
Information Asset Identification Strategies 5 minutes
Information Asset Valuation Strategies 5 minutes
Information Asset Classification 5 minutes
Methods to Determine Criticality of Assets and Impact 5 minutes
From BIA to InfoSec Framework 4 minutes
Classification vs Categorization 4 minutes

4 assignments Total 54 minutes

Checkpoint Quiz 16 minutes
Checkpoint Quiz 8 minutes
Proficiency Quiz 20 minutes
Proficiency Quiz 10 minutes

Explore the importance of industry standards and frameworks in developing InfoSec programs. This module delves into InfoSec policies, procedures, and the enterprise architecture required for a comprehensive security strategy.

What's included

13 videos4 assignments

13 videos Total 52 minutes

Module Introduction 1 minute
Industry Standards & Frameworks Definition 4 minutes
Why Industry Standards & Frameworks Matter in InfoSec Programs 3 minutes
Enterprise Information Security Architecture (EISA) 4 minutes
InfoSec Management Framework Overview 4 minutes
Framework Components 4 minutes
InfoSec Policy 5 minutes
Standards in InfoSec 4 minutes
Procedures in InfoSec 5 minutes
Guidelines in InfoSec 4 minutes
Bringing It All Together 4 minutes
Introduction to Infosec Program Roadmap 5 minutes
Policy-to-Roadmap Funnel 5 minutes

4 assignments Total 108 minutes

Checkpoint Quiz 20 minutes
Checkpoint Quiz 28 minutes
Proficiency Quiz 25 minutes
Proficiency Quiz 35 minutes

Understand how to create and implement a security program roadmap, applying frameworks and architectures to bridge the gap between vision and execution. Learn how to monitor and improve the security program over time through effective metrics and planning.

What's included

11 videos1 reading4 assignments

11 videos Total 33 minutes

Module Introduction 1 minute
Defining an InfoSec Program Roadmap 4 minutes
Stages of InfoSec Roadmap 3 minutes
Applying Frameworks and Architectures to Create a Roadmap 4 minutes
Bridging Vision and Execution 2 minutes
Roadmap Planning to Execution 2 minutes
Risk Management Across InfoSec Program Phases 3 minutes
Security Program Metrics and Monitoring 4 minutes
Monitoring an Enterprise’s Security Program 3 minutes
Sample Qualitative and Quantitative Metrics 4 minutes
Infosec program Management 3 minutes

1 reading Total 10 minutes

Continuous Improvement of Security Programs 10 minutes

4 assignments Total 77 minutes

Checkpoint Quiz 20 minutes
Checkpoint Quiz 12 minutes
Proficiency Quiz 30 minutes
Proficiency Quiz 15 minutes

This module covers the design and selection of security controls, focusing on technical, management, and operational layers. It includes methods for evaluating and integrating these controls into your InfoSec program.

What's included

19 videos1 reading6 assignments

19 videos Total 66 minutes

Module Introduction 1 minute
Information Control Design and Selection 3 minutes
Control Methods 5 minutes
Controls Categories 6 minutes
Layered Defense by Function 5 minutes
Safeguard vs Countermeasure 3 minutes
Technical Control Categories 5 minutes
Native controls 2 minutes
Supplemental Control Technologies 4 minutes
Management Control Technologies 2 minutes
Controls Design Considerations 5 minutes
Technical Control Components & Architecture 3 minutes
InfoSec Control Implementation and Integration 3 minutes
Common Control Practices 4 minutes
Baseline Controls 3 minutes
InfoSec Control Testing and Evaluation 3 minutes
Control Strength Assessment 3 minutes
Control Recommendations 4 minutes
Control modification 3 minutes

1 reading Total 10 minutes

Technical Control Implementation 10 minutes

6 assignments Total 162 minutes

Checkpoint Quiz 24 minutes
Checkpoint Quiz 20 minutes
Checkpoint Quiz 28 minutes
Proficiency Quiz 35 minutes
Proficiency Quiz 25 minutes
Proficiency Quiz 30 minutes

Gain insight into developing an InfoSec awareness training program, and learn how to align it with IT operations for better organizational integration. This module also emphasizes role-based training and cross-organizational responsibilities.

What's included

13 videos4 assignments

13 videos Total 40 minutes

Module Introduction 1 minute
InfoSec Awareness and Training 4 minutes
Security Awareness Training and Education 5 minutes
Develop an InfoSec Awareness Program 3 minutes
Role-Based Training 3 minutes
Training and Education Metrics 3 minutes
Integration of Security Program with IT Operations 3 minutes
InfoSec Liaison Responsibilities 3 minutes
Cross-Organizational Responsibilities 2 minutes
Issue Resolution Through InfoSec Program 4 minutes
Integration with IT Processes 2 minutes
Cloud Computing Considerations 4 minutes
Cloud Computing Deployment Model 3 minutes

4 assignments Total 95 minutes

Checkpoint Quiz 20 minutes
Checkpoint Quiz 20 minutes
Proficiency Quiz 30 minutes
Proficiency Quiz 25 minutes

Examine the management of third-party relationships, outsourcing challenges, and how to evaluate InfoSec program performance. This module focuses on compliance monitoring, quality management, and continuous evaluation of security services.

What's included

13 videos1 reading4 assignments

13 videos Total 38 minutes

Module Introduction 1 minute
Management of External Services and Relationships 5 minutes
Categories of Third Parties 4 minutes
Outsourcing Challenges 4 minutes
Outsourcing Contracts 2 minutes
Third-Party Access 2 minutes
Program Management Evaluation 2 minutes
Total Quality Management in InfoSec 5 minutes
Security Review Alternatives 3 minutes
Compliance Monitoring and Enforcement 3 minutes
Measuring IS Management Performance 3 minutes
Ongoing Monitoring and Communication 2 minutes
Summary 1 minute

1 reading Total 10 minutes

Vendor Management in InfoSec 10 minutes

4 assignments Total 99 minutes

Checkpoint Quiz 20 minutes
Checkpoint Quiz 24 minutes
Proficiency Quiz 25 minutes
Proficiency Quiz 30 minutes

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

LearnKartS

145 Courses 186,699 learners

Offered by

LearnKartS

Explore more from Security

LearnKartS
Information Security Governance
Course
LearnKartS
Information Security Risk Management
Course
LearnKartS
Information Security Incident Management
Course

Why people choose Coursera for their career

Felipe M.

Learner since 2018

"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020

"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021

"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Open new doors with Coursera Plus

Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Learn more

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Explore degrees

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Learn more

Frequently asked questions

This course is ideal fornewcomersininformation security as well as for experiencedprofessionals. The course walks you through foundational concepts like InfoSec program development and asset identification, to advancedconceptssuch aspolicy frameworks, control implementation, andsecurity program monitoring.

This course stands out from many others that tend to focus on the technical aspect. This course, however, focuses on strategic program management, risk assessment, and industry standards as well. It addresses everything from program development to security awareness, giving one a broad perspective on how to manage security in an organization.

This courseis designed forInformation Securityprofessionals, IT managers, and those seeking CISM certification.It'sperfect for people interested in designing, managing InfoSec programs, or landing high-level positions such as CISO and Risk Manager.

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

Information Security Program Management

Information Security Program Management

What you'll learn

Details to know

See how employees at top companies are mastering in-demand skills

Build your subject-matter expertise

There are 7 modules in this course

Information Security Program Development

What's included

Information Asset Identification and Classification

What's included

Industry Standards and Frameworks in InfoSec Programs

What's included

Roadmap and Execution of Information Security Program

What's included

Information Security Program Management

What's included

Awareness Training and Operational Alignment

What's included

External Services, Relationships, and Program Evaluation

What's included

Earn a career certificate

Instructor

Offered by

Explore more from Security

Information Security Governance

Information Security Risk Management

Information Security Incident Management

Why people choose Coursera for their career

Felipe M.

Jennifer J.

Larry W.

Chaitanya A.

Open new doors with Coursera Plus

Advance your career with an online degree

Join over 3,400 global companies that choose Coursera for Business

Frequently asked questions

Is this course suitable for beginners or professionals?

How is this course different from other information security courses?

Who is this course intended for?

More questions