Certified Information Security Manager (CISM)

IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM Certification is one of the most valued credentials in the marketplace.



IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM Certification is one of the most valued credentials in the marketplace.

This course promotes international practices and provides management with assurance that those earning this designation have the necessary knowledge and experience to provide effective security management. This course trains students for a position in Risk Management, Security Auditor, Compliance Officer or an executive management position as a CSO, CTO or CIO.

About our online self paced CISM training course

The CISM training course is designed to provide on-the-job skills, as well as knowledge to pass the Certified Information System Manager (CISM) certification exam for individuals in the security management field as security professionals. This is advanced-level cybersecurity training to complete once the PenTest+, CySA+, and various higher-level certifications in Cisco and Microsoft have been completed.

The CISM Training – Certified Information Systems Manager course instructor is Roger St Hilaire, with 30+ years of experience and CISM, CGEIT, MOF, TOGAF & PSP-Rainmaker Foundation Certifications.

The course will cover the following list of main areas, spanning the four domains of the CISM practice and the related tasks. The ITU Online CISM Training – Certified Information Systems Manager Exam Preparation Course Outline:

  • Information Security Defined
  • Information Security Principles
  • Support the Business
  • Defend the Business
  • Promote Responsible Security Program Development and Security Behavior

DOMAIN 1 – Knowledge of Security Governance, Information Security Governance and Security Policies

  • Section One: Designing a Strategy and Governance Framework
  • Section Two: Gaining Management Approval
  • Section Three: Implementing the Security Strategy

DOMAIN 2 – Information Security Risk Management and Security Requirements

  • Section One: Risk Identification
  • Section Two: Risk Analysis and Treatment
  • Section Three: Risk Monitoring and Reporting and Monitoring of Security Activities

DOMAIN 3 – Information Security Management and Security Program Development

  • Section One: Alignment and Resource Management
  • Section Two: Standards Awareness and Training
  • Section Three: Building Security into Processes and Practices
  • Section Four: Security Monitoring and Reporting

DOMAIN 4 – Information Security Incident Management

  • Section One: Planning and Integration
  • Section Two: Readiness and Assessment
  • Section Three Identification and Response
  • Exam Techniques

ISACA Requirements for Certification:

  • To facilitate the student’s understanding of ISACA’s approach to information security, and its related concepts such as risk.
  • Develop an understanding of key practices in the governance, management of risk, program development, and incident management in the realm of information security.
  • Ensure that the student is appropriately prepared for successful completion of the Certified Information Security Manager exam given by ISACA on the first attempt.

 Prerequisites Requirements CISM: Certified Information Security

To acquire the distinguished certification of a Certified Information Security Manager (CISM), you must submit evidence verifying at least five years of experienced information security managers in data security, 3-year information security management requirement more specifically dedicated to security experience spread across multiple security business model disciplines. This job practice analysis must be completed within 10 years leading up to your CISM application date, or within 5 short years from when you initially passed the exam.

Course Outline

Certified Information Security Manager (CISM) Course Content

Download Course Outline

Instructor Introduction

Course Introduction

Exam Overview

Module Overview

InfoSec Strategic Context Part 1

InfoSec Strategic Context Part 2

GRC Strategy and Assurance

Roles and Responsibilities

GMA Tasks Knowledge and Metrics

IS Strategy Overview

Strategy Implemenation

Strategy Development Support

Architecture and Controls

Considerations and Action Plan

InfoSec Prog Objectives and Wrap-Up

Module Overview

Risk Identification Task and Knowledge

Risk Management Strategy

Additional Considerations

Risk Analysis and Treatment Tasks & Knowledge

Leveraging Frameworks

Assessment Tools and Analysis

Risk Scenario Development

Additional Risk Factors

Asset Classification and Risk Management

Risk Monitoring and Communication

Information Risk Management Summary

Module Overview

Alignment and Resource Management – Task and Knowledge

Key Relationships

Standards Awareness and Training – Tasks and Knowledge

Awareness and Training

Building Security into Process and Practices – Tasks and Knowledge

Additional Technology Infrastructure Concerns

Security monitoring and reporting Overview Tasks and Knowledge

Metrics and Monitoring


Module Overview

Planning and Integration Overview Task and Knowledge

Incident Response Concepts and Process

Forensics and Recovery

Readiness and Assessment – Overview Tasks and Knowledge

Identification and Response Overview Tasks and Knowledge

Incident Processes

Case Study – Security On a Shoestring Budget

Case Study – APT In Action


Exam Prep

Your Training Instructor

Roger St Hilaire
CISM, CGEIT, CRISC, TOGAF, Certified Trainer and Governance Specialist


Course features:

17 Hrs 18 Min


1 Year Access

Available on Web