(ISC)² offers several additional certifications known as CISSP concentrations that build on the CISSP Certification. These are optional certifications for CISSPs who wish to improve their subject matter mastery. The CISSP Concentrations recognize your evolving information security architecture, engineering, or management expertise.

The CISSP-ISSMP cybersecurity management certification shows you excel at establishing, presenting, and governing information security programs. You also demonstrate deep management and leadership skills, whether leading incident handling or a breach mitigation team.
 
About the Exam
The exam is an MCQ with 125 questions based on the following six areas of skills:
Leadership and Business Management (22%)
Systems Lifecycle Management (19%)
Risk Management (18%)
Threat Intelligence and Incident Management (17%)
Contingency Management (10%)
Law, Ethics, and Security Compliance Management (14%)
 
Candidates have 3 hours to take this exam in a Pearson Vue testing center.
(ISC)² recommends candidates review their exam policies and procedures before registering for the examination.
 
What’s Covered in the ISSMP Self-Paced Course
The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing information security programs and demonstrates management and leadership skills. CISSP-ISSMPs direct the alignment of security programs with the organization’s mission, goals, and strategies to meet enterprise financial and operational requirements to support its desired risk position.
 
Learning Objectives
After completing this course, you will be able to:
Prioritize security requirements to support business initiatives and obtain stakeholder support.
Create a security program that includes security awareness and training and a process for analyzing, managing, and enforcing security requirements for contracts and agreements.
Apply metrics, budgeting, and security program management to achieve a successful security program.
Adapt the security of the system lifecycle into the organizational security architecture.
Develop an effective risk management program that meets organizational requirements.
Integrate supply chain security risks with organizational risk management.
Create a successful threat intelligence program.
Design a successful incident handling and investigation program.
Formulate effective organizational continuity of operations and system-level contingency plans.
Implement appropriate controls to safeguard sensitive information and systems.
 
Course Components:
(ISC)² CISSP-ISSMP Fundamentals Course
(ISC)² CISSP-ISSMP Training Course
Official (ISC)2 Guide to the CISSP-ISSMP CBK