Course Description

Gain the CISM. Enhance your competitive advantage. Demonstrate your information security management expertise.

CISM, or Certified Information Systems Manager, This CISM certification displays an individual’s detailed knowledge and extensive experience of security management, hence is a valuable qualification to hold.

ISACA’s Certified Information Security Manager® (CISM) is a globally acknowledged certification that concerns the development, construction, and management of Information Security programs. The CISM covers the core competencies and standards of performance that information security managers are expected to master. In addition to technical competence, holders of the CISM demonstrate a deep understanding of the relationship between information security programs and broader business goals and objectives.

This 3-day instructor-led CISM course provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information security manager. It covers all of the body of knowledge that makes up the CISM . At the same, it provides outstanding preparation for the CISM exam including multiple practice question sessions and a practice exam.

What's Included

• 3 days of instructor-led training covering the 4 domains of the CISM
• Copy of the ISACA CISM Review Manual 15th Edition for every attendee
• Experienced CISM Instructor
• Copy of course notes and exam prep materials
• Extensive in-class exam prep.

The exam is not included with this training course. Delegates must book their CISM exam separately through ISACA.


The CISM Exam

The Certified Information Security Manager examinations take place three times a year, during the months of June, September, and December. The exam is formatted like so:

• 200 questions
• Multiple choice
• 4 hours to complete
• 800 marks available - 450/800 needs to be achieved in order to gain the certification

The exam is not included with this training course.

Course Content

This CISM training course covers the following areas:

Introduction to Certified Information Security Manager (CISM)
• Objectives and Expectations
• What is Information Security?
• The Goals of Information Security
• Principles for Information Security Professionals

Domain 1 – Information Security Governance
• Outline
• Knowledge Statements
• Introduction to Information Security Governance
• Effective Information Security Governance
• Governance and Third Party Relationships
• Information Security Metrics
• Information Security Governance Metrics
• Information Security Strategy
• Information Security Strategy Development
• Strategy Resources and Constraints
• Other Frameworks
• Compliances
• Action Plans to Implement Strategy
• Governance of Enterprise IT

Domain 2 – Information Risk Management and Compliance
• Information Risk Management
• Task and Knowledge Statements
• Risk Management Overview
• Risk Assessment
• Information Asset Classification
• Assessment Management
• Information Resource Valuation
• Recovery Time Objectives
• Security Control Baselines
• Risk Monitoring
• Training and Awareness
• Information Risk Management Documentation

Domain 3 – Information Security Program Development and Management
• Task and Knowledge Statements
• Information Security Program Management Overview
• Information Security Program Objectives
• Information Security Program Concepts
• Information Security Program Technology Resources
• Information Security Program Development
• Information Security Program Framework
• Information Security Program Roadmap
• Enterprise Information Security Architecture (EISA)
• Security Program Management and Administration
• Security Program Services and Operational Activities
• Controls
• Security Program Metrics and Monitoring
• Measuring Operational Performance
• Common Information Security Program Challenges

Domain 4 – Information Security Incident Management
• Task and Knowledge Statements
• Incident Management Overview
• Incident Management Procedures
• Incident Management Resources
• Incident Management Objectives
• Incident Management Metrics and Indicators
• Defining Incident Management Procedures
• Business Continuity and Disaster Recovery Procedures
• Post Incident Activities and Investigation

Available Times & Locations

No upcoming sessions

There are no planned upcoming sessions available for the selected course. Please fill in the contact from below to register your interest, or discuss a custom-run session for your business.