Skip to main Content

Certified Information Security Manager (CISM)

  • Course Code CISM
  • Duration 5 days

Additional Payment Options

  • GTC 35 inc. VAT

    GTC, Global Knowledge Training Credit, please contact Global Knowledge for more details

Company Event Price

Please call

Request Group Training Add to Cart

Course Delivery

This course is available in the following formats:

  • Company Event

    Event at company

  • Elearning (Self-paced)

    Self paced electronic learning

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

Request this course in a different delivery format.

Course Overview


The CISM Exam Preparation course is an intensive, four-day review program to prepare individuals who are planning to sit for the Certified Information Security Manager (CISM) exam. The course focuses on the key points covered in the CISM Review Manual 15th Edition and includes class lectures, group discussions/activities, exam practice and answer debriefs. The course is intended for individuals with familiarity with and experience in information security management.

Company Events

These events can be delivered exclusively for your company at our locations or yours, specifically for your delegates and your needs. The Company Events can be tailored or standard course deliveries.

Course Schedule


Target Audience


Individuals who manage, design, oversee and assess an enterprises’ information security.

Course Objectives


After completing this course you should be able to:

  • Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.
  • Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives.
  • Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture.
  • Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact.

Course Content


General Exam Information

Domain 1 - Information Security Governance (24%)

  • Information Security Governance Overview
  • Effective Information Security Governance
  • Roles and Responsibilities
  • Risk Management Roles and Responsibilities
  • Governance of Third-Party Relationships
  • Information Security Governance Metrics
  • Information Security Strategy Overview
  • Information Security Strategy Objectives
  • Determining the current state of Security
  • Information Security Strategy Development
  • Strategy Resources
  • Strategy Constraints
  • Action Plan to Implement Strategy
  • Information Security Program Objectives
  • Case Study

Domain 2 - Information Risk Management (30%)

  • Risk Management Overview
  • Risk Management Strategy
  • Effective Information Risk Management
  • Information Risk Management Concepts
  • Implementing Risk Management
  • Risk Assessment and Analysis Methodologies
  • Risk Assessment
  • Information Asset Classification
  • Operational Risk Management
  • Third-Party Service Providers
  • Risk Management Integration with Life Cycle Processes
  • Security Control Baselines
  • Risk Monitoring and Communication
  • Training and Awareness
  • Documentation
  • Case Study

Domain 3 - Information Security Program Development and Management (27%)

  • Information Security Program Management Overview
  • Information Security Program Objectives
  • Information Security Program Concepts
  • Scope and Charter of an Information Security Program
  • The Information Security Management Framework
  • Information Security Framework Components
  • Defining an Information Security Program Road Map
  • Information Security Infrastructure and Architecture
  • Architecture Implementation
  • Security Program Management and Administrative Activities
  • Security Program Services and Operational Activities
  • Controls and Countermeasures
  • Security Program Metrics and Monitoring
  • Common Information Security Program Challenges
  • Case Study

Domain 4 - Information Security Incident Management (19%)

  • Incident Management Overview
  • Incident Response Procedures
  • Imcident Management Organisation
  • Incident Management Resources
  • Incident Management Objectives
  • Incident Management Metrics and Indicators
  • Defining Incident Management Procedures
  • Current State of Incident response Capability
  • Developing ad Incident Response Plan
  • Business Continuity and Disaster Recovery Procedures
  • Testing Incident Response and Business Continuity/Disaster Recovery Plans
  • Executing Response and Recovery Plans
  • Post Incident Activities and Investigation
  • Case Studies

Exam practice/sample exam

Course Prerequisites

  • There is no set pre requisite for this course. ISACA do require a minimum of five years' professional information security work experience to qualify for full certification. You can take the for CISM exam prior to meeting ISACA’s experience requirements, but the CISM qualification is awarded after you meet the experience requirements. However, there is no restriction in getting yourself certified in early stages of your career and start practicing globally accepted Information Security Management practices.
Cookie Control toggle icon