Course Code: 18996

Certified Information Security Manager (CISM) Training & Certification

Class Dates:
5 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • Achieve CISM certification with this official ISACA course. Gain an in-depth knowledge of the four CISM domains: security governance; risk management and compliance; security program development and management; and security incident management.

    This Certified Information Security Manager course is designed specifically for information security professionals who are preparing to take the CISM certification exam.

  • Audience
  • Who should attend

    Information security managers
    Information security consultants
    Chief information officers
    Chief information security officers
    Anyone interested in learning information security management skills and getting certified


  • To become a CISM, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.

Course Details

  • CISM training objectives - The CISM certification promotes international practices and validates your knowledge and experience around effective security management and consulting.
  • Security governance: To effectively address the challenges of protecting an organization’s assets, senior management must define the desired outcomes of the information security program.
  • Risk management: Asset classification and valuation is an essential part of an effective risk management program — the greater the value, the greater the impact, the greater the risk.
  • Information security program development and management: The purpose of this area is to implement management’s governance strategy — the “due diligence” and “due care” of protecting the corporation’s
  • Information security incident management: This area focuses on effectively managing unexpected (and expected) events, which may or may not be disruptive, and can be summed up in five words: identify,
  • What you'll learn
  • Information security governance
  • The role of an information security steering group
  • Legal and regulatory issues associated with internet businesses, global transmissions and transborder data flows
  • Common insurance policies and imposed conditions
  • Information security process improvement
  • Recovery time objectives (RTO) for information resources
  • Cost-benefit analysis techniques for mitigating risks to acceptable levels
  • Security metrics design, development and implementation
  • Information security management due to diligence activities and reviews of the infrastructure
  • Events affecting security baselines that may require risk reassessments
  • Changes to information security requirements in security plans, test plans and re-performance
  • Disaster recovery testing for infrastructure and critical business applications
  • .
  • External vulnerability reporting sources
  • CISM information classification methods
  • Life-cycle-based risk management principles and practices
  • Security baselines and configuration management in the design and management of business applications and infrastructure
  • Acquisition management methods and techniques
  • Evaluation of vendor service level agreements and preparation of contracts