Skip to main Content

Certified Information Security Manager (CISM)

  • Course Code CISM
  • Duration 4 days
  • Version 2022

Additional Payment Options

  • GTC 35 inc. VAT

    GTC, Global Knowledge Training Credit, please contact Global Knowledge for more details

Public Classroom Price


excl. VAT

Request Group Training Add to Cart

Course Delivery

This course is available in the following formats:

  • Company Event

    Event at company

  • Elearning (Self-paced)

    Self paced electronic learning

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

Request this course in a different delivery format.

Course Overview


 CISM® is the most prestigious and demanding qualification for Information Security Managers around the globe today. This qualification provides you with a platform to become part of an elite peer network who have the ability to constantly learn and relearn the growing opportunities and challenges in Information Security Management. Our CISM exam preparation course provides an in-depth coverage of contents across the Four CISM domains with a clear focus on building concepts and solving ISACA released CISM exam questions. The course is an intense training and hard-core exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination.


Course Schedule

    • Delivery Format: Virtual Learning
    • Date: 19-22 September, 2022
    • Location: Virtual


    • Delivery Format: Virtual Learning
    • Date: 19-22 December, 2022
    • Location: Virtual


    • Delivery Format: Virtual Learning
    • Date: 06-09 March, 2023
    • Location: Virtual


    • Delivery Format: Virtual Learning
    • Date: 19-22 June, 2023
    • Location: Virtual


Target Audience

 This course is aimed at Security professionals with 3-5 years of front-line experience; Information security managers or those with management responsibilities; Information security staff, information security assurance providers who require an in-depth understanding of information security management including: CISO's, CIO's, CSO's, privacy officers, risk managers, security auditors and compliance personnel, BCP / DR personnel, executive and operational managers responsible for assurance functions.

Course Objectives

 After you complete this course you will be able to:
  • Use the knowledge gained in a practical manner beneficial to your organization
  • Establish and maintain information security architectures (people, your organisation process, technology)
  • Establish and maintain an Information security governance and framework to achieve your organizations goals and objectives
  • Integrate information security requirements into contracts and framework to achieve your organization goals and objectives activities of third parties/ suppliers
  • Manage Information risk to an acceptable level to meet the business and compliance requirements
  • Plan, establish and manage the capability to detect, investigate, business and compliance requirements respond to and recover from information security incidents to minimize business impact

Course Content


Module 1 Information Security Governance 17%

A Enterprise Governance

1A1 Organizational Culture

1A2 Legal, Regulatory, and Contractual Requirements

1A3 Organizational Structures, Roles, and Responsibilities

B Information Security Strategy

1B1 Information Security Strategy Development

1B2 Information Governance Frameworks and Standards

1B3 Strategic Planning (e.g., budgets, resources, business case).

Module 2 Information Security Risk Management 20%

A Information Security Risk Assessment

2A1 Emerging Risk and Threat Landscape

2A2 Vulnerability and Control Deficiency Analysis

2A3 Risk Assessment and Analysis

B Information Security Risk Response

2B1 Risk Treatment / Risk Response Options

2B2 Risk and Control Ownership

2B3 Risk Monitoring and Reporting

Module 3 Information Security Program 33%

A Information Security Program Development

3A1 Information Security Program Resources (e.g., people, tools, technologies)

3A2 Information Asset Identification and Classification

3A3 Industry Standards and Frameworks for Information Security

3A4 Information Security Policies, Procedures, and Guidelines

3A5 Information Security Program Metrics

B Information Security Program Management

3B1 Information Security Control Design and Selection

3B2 Information Security Control Implementation and Integrations

3B3 Information Security Control Testing and Evaluation

3B4 Information Security Awareness and Training/td>

3B5 Management of External Services (e.g., providers, suppliers, third parties, fourth parties)

3B6 Information Security Program Communications and Reporting

Module 4 Incident Management 30%

A Incident Management Readiness

4A1 Incident Response Plan

4A2 Business Impact Analysis (BIA)

4A3 Business Continuity Plan (BCP)

4A4 Disaster Recovery Plan (DRP)

4A5 Incident Classification/Categorization

4A6 Incident Management Training, Testing, and Evaluation

B Incident Management Operations

4B1 Incident Management Tools and Techniques

4B2 Incident Investigation and Evaluation

4B3 Incident Containment Methods

4B4 Incident Response Communications (e.g., reporting, notification, escalation)

4B5 Incident Eradication and Recovery

4B6 Post-incident Review Practices

Course Prerequisites

  •  There is no set pre requisite for this course.
  • ISACA do require a minimum of five years' professional information security work experience to qualify for full certification.
  • You can take the for CISM exam prior to meeting ISACA’s experience requirements, but the CISM qualification is awarded after you meet the experience requirements.
  • However, there is no restriction in getting yourself certified in early stages of your career and start practicing globally accepted Information Security Management practices.
Cookie Control toggle icon