CISM Certification Training | Certified Information Security Manager Training course with hands-on exercises
Get ready for the CISM exam with our top-quality CISM Certification Training preparation course
CISM certification training program was developed by the Information Systems Audit and Control Association (ISACA) for experienced Information security management professionals with work experience in developing and managing information security programs and who understand the programs relationship with the overall business goals.
The CISM exam is offered three times a year (June, September, and December), consisting of 200 multiple-choice questions that cover the four CISM domains. The American National Standards Institute (ANSI) has accredited the CISM certification program under ISO/IEC 17024:2003, General Requirements for Bodies Operating Certification Systems of Persons.
Designed specifically for information security professionals who are preparing to sit for the CISM exam, the CISM Certification Training course focuses on the four content areas of the Certified Information Security Manager (CISM) job practice: information security governance, risk management and compliance, information security program development and management, information security incident management.
Duration: 4 days
- Cybersecurity Foundations
- CISSP Certification Training | Certified Information Systems Security Professional
- SSCP Certification Training | System Security Certified Practitioner
- ISSAP Certification Training | Information System Security Architecture Professional
- ISSEP Certification Training | Information System Security Engineering Professional
- ISSMP Certification Training | Information System Security Management Professional
- CISA Certification Training | Certified Information Systems Auditor
- CISM Certification Training | Certified Information Security Manager
- CIPP Certification Training | Certified Information Privacy Professional
- CSSLP Certification Training | Certified Secure Software Lifecycle Professional Training
» If you are familiar with some aspects of CISM Certification Training, we can omit or shorten their discussion.
» We can adjust the emphasis placed on the various topics or build the CISM Certification Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
» If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the CISM Certification Training course in manner understandable to lay audiences.
Audience / Target Group:
The target audience for this CISM Certification Training course:
• Experienced information security managers and those who have information security management responsibilities, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers. This CISM Training is only intended for individuals preparing for the CISM Certification exam.
The knowledge and skills that a learner must have before attending this CISM Certification Training course are:
In order to be awarded the CISM designation, students must meet the following requirements:
• Successfully pass the CISM exam.
• Adhere to ISACA’s Code of Professional Ethics.
• Agree to comply with the Continuing Education Policy.
• Work experience in the field of information security.
• Submit an Application for CISM Certification.
• How to become Certified
What You Will Learn:
Upon completing this CISM Certification Training course, learners will be able to meet these objectives:
In-depth coverage of the four domains required to pass the CISM exam:
• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management
CISM Certification Training – Course Syllabus:
Information Security Governance
Students will understand the broad requirements for effective information security governance, the elements and actions required to develop an information security strategy, and be able to formulate a plan of action to implement this strategy.
• Establish and maintain an information security strategy and align the strategy with corporate governance
• Establish and maintain an information security governance framework
• Establish and maintain information security policies
• Develop a business case
• Identify internal and external influences to the organization
• Obtain management commitment
• Define roles and responsibilities
• Establish, monitor, evaluate and report metrics
Information Risk Management and Compliance
Students will be able to manage information security risks.
• Establish a process for information asset classification and ownership
• Identify legal, regulatory, organizational and other applicable requirements
• Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically.
• Determine appropriate risk treatment options.
• Evaluate information security controls
• Identify the gap between current and desired risk levels
• Integrate information risk management into business and IT processes
• Monitor existing risk.
• Report noncompliance and other changes in information risk
Information Security Program Development and Management
Students will be able to develop and manage an information security plan.
• Establish and maintain the information security program
• Ensure alignment between the information security program and other business functions
• Identify, acquire, manage and define requirements for internal and external resources
• Establish and maintain information security architectures
• Establish, communicate and maintain organizational information security standards, procedures, guidelines
• Establish and maintain a program for information security awareness and training
• Integrate information security requirements into organizational processes
• Integrate information security requirements into contracts and activities of third parties
• Establish, monitor and periodically report program management and operational metrics
Information Security Incident Management
Students will effectively manage information security within an enterprise and develop policies and procedures to respond to and recover from disruptive and destructive information security events.
• Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents
• Establish and maintain an incident response plan
• Develop and implement processes to ensure the timely identification of information security incidents
• Establish and maintain processes to investigate and document information security incidents
• Establish and maintain incident escalation and notification processes
• Organize, train and equip teams to effectively respond to information security incidents
• Test and review the incident response plan periodically
• Establish and maintain communication plans and processes
• Conduct post-incident reviews
• Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan
Review and Q&A Session
Certification & Compliance:
• The Certified Information Security Manager® (CISM®) certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise’s information security (IS).
• The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential.
• The CISM job practice also defines a global job description for the information security manager and a method to measure existing staff or compare prospective new hires.
CISM Frequently Asked Questions:
Why is getting certified an important part of a career as an Information Security Manager?
Earning a high level certification like the CISM demonstrates a working knowledge not just of the security systems practitioner’s use, but management of security professionals as well. Hard data also shows that Certified Information Security Managers earn a higher salary than their non-certified counterparts.
What are the Pre-Requirements for taking the CISM?
In order to receive the CISM certification, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work. This work experience must be gained within a ten-year time period before the application date for certification—or within five years of originally passing the exam.
What qualifies as information security management experience?
The information security management field is broad and, out of necessity, often encompasses many duties within the security profession. Due to this, ISACA has defined four categories within their Job Task Analysis in order to narrow down their definition of what constitutes as information security management work. CISM candidates must perform the designated tasks within at least 3 of these 4 categories. Click here to see ISACA’s breakdown of their Job Task Analysis domains.
How does the CISM examination process work?
As of 2017, the CISM is administered digitally. The format is multiple choice, with questions delivered one-at-a-time, giving you the option to flag more difficult ones to return to later. While it is multiple choice, some questions may have more than one correct answer. In these instances, the test-taker must select the answer that they believe is most correct. The exam lasts around 4 hours, and includes 150 questions.
How is the CISM related to the DoD 8570?
The Department of Defense (DoD) Directive 8570 requires anyone seeking a government job to hold certain certifications before they can be hired in a position related to information security. The CISM fulfills the DoD 8570’s requirements.
What material is covered on the CISM exam?
The CISM exam covers four domains that are weighted as follows: Information Security Governance (24%), Information Risk Management and Compliance (30%), Information Security Program Development and Management (27%), and Information Security Incident Management (19%).
How is the CISM certification different from other comparable security certifications?
The CISM is unique in its focus on management and meeting experience requirements. While other certifications are focused on tech skills or platform/product-specific knowledge, the CISM targets professionals who have progressed beyond the role of practitioner.
How does the CISM Experience Waiver work?
Certain experience substitutions can be used to satisfy the Information Security work experience requirement. However, none of these waivers satisfy any portion of the 3-year Information Security Management requirement.
How long is the CISM certification valid after you pass the test, and what are the renewal requirements?
The CISM certification remains valid if holders comply with the continuing education policy of completing and reporting 20 CPE (Continuing Professional Education) hours annually and paying the CISM maintenance fee.
Whether you are looking for general information or have a specific question, we want to help!
Request More Information