Certified Information Security Manager (CISM) Training & Certification

Level: Intermediate
Course #: 2036

Course info - Prices, Enrollment

Key Features of this CISM Training:

Official ISACA Curriculum

After-course instructor coaching benefit

Course tuition includes an exam voucher from ISACA

You Will Learn How To:

Prepare for and pass the Certified Information Security Manager (CISM) exam

Develop an information security strategy and plan of action to implement the strategy

Manage and monitor information security risks

Build and maintain an information security plan both internally and externally

Implement policies and procedures to respond to and recover from disruptive and destructive information security events

Goals Live, Instructor-Led – Live, Online Training

4-day instructor-led training course

One-on-one after-course instructor coaching

Exam Voucher is included in tuition

Important CISM Course Information


IT professionals must have at least 5 years of information security experience, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.

Exam Information

ISACA offers continuous Computer-Based Testing (CBT). With ISACA CBT exams, candidates will now receive a preliminary score report at the conclusion of their exam. Official scores will be sent to candidates via email within 10 working days of their exam.

The ISACA Exam Candidate Information Guide provides valuable information regarding exam day rules and information, as well as exam dates and deadlines.

Certification Information

This is an ISACA certification prep course.

CISM Course Outline

Information Security Governance

Establish and maintain an information security strategy, and align the strategy with corporate governance

Establish and maintain an information security governance framework

Establish and maintain information security policies

Develop a business case

Identify internal and external influences to the organization

Obtain management commitment

Define roles and responsibilities

Establish, monitor, evaluate, and report metrics

Information Risk Management and Compliance

Establish a process for information asset classification and ownership

Identify legal, regulatory, organizational, and other applicable requirements

Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted periodically Determine appropriate risk treatment options

Evaluate information security controls

Identify the gap between current and desired risk levels

Integrate information risk management into business and IT processes

Monitor existing risk

Report noncompliance and other changes in information risk

Information Security Program Development and Management

Establish and maintain the information security program

Ensure alignment between the information security program and other business functions

Identify, acquire, manage, and define requirements for internal and external resources

Establish and maintain information security architectures

Establish, communicate, and maintain organizational information security standards, procedures, and guidelines

Establish and maintain a program for information security awareness and training

Integrate information security requirements into organizational processes

Integrate information security requirements into contracts and activities of third parties

Establish, monitor, and periodically report program management and operational metrics

Information Security Incident Management

Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents

Establish and maintain an incident response plan

Develop and implement processes to ensure the timely identification of information security incidents

Establish and maintain processes to investigate and document information security incidents

Establish and maintain incident escalation and notification processes

Organize, train, and equip teams to effectively respond to information security incidents

Test and review the incident response plan periodically

Establish and maintain communication plans and processes Conduct post-incident reviews

Establish and maintain integration among the incident response plan, disaster recovery plan, and business continuity plan

Course info - Prices, Enrollment