Online Training Course


Certify your team’s infosec management expertise through N2K’s CISM Certification Training Course. Looking to purchase training for yourself? View our individual Training Course.


Course Overview

ISACA’s CISM (Certified Information Security Manager) certification is a management-focused certification designed for professionals who design, build, and manage enterprise information security programs. Achieving this leading information security credential will help you join a growing and elite network.

Our 100% online format makes it easier to accommodate training for your workforce. The course is available video on-demand which includes six months of access to all learning tools and materials in our proprietary LMS. Private live online classes are available by request.


According to ISACA, it is recommended to have five (5) years of cumulative, full-time work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The Security+ certification by CompTIA would be a beneficial precursor to the CISM certification but not required.

Related Courses

Equivalent courses to the CISM include the CISSP (Certified Information Systems Security Professional) from (ISC)² or the CISA (Certified Information Systems Auditor) from ISACA.

For practitioners looking for more hands-on technical training, N2K’s Critical Knowledge: SOC Analyst course is the ideal first step in role-based training.

Who should earn the CISM?

The CISM is an advanced certification equivalent to 3-5 years of hands-on experience in a security or systems admin role. Individuals in the following roles are excellent candidates for this certification. 

  • Security Managers who recently have been hired or promoted to the position
  • IT Managers who want a better understanding of cybersecurity from a managerial perspective
  • Security Professionals who are seeking to advance their technical skills or looking to take on more managerial responsibility

Benefits of Training

There are a great number of benefits to achieving the CISM certification, but a few highlights include:

  • Certifies both technical and managerial skills within a cybersecurity leadership role
  • Understand how to lead design, development, and execution of enterprise security initiatives
  • Add credibility to interactions with key stakeholders and peers
  • DoDD 8140/8570 approved for IAM Level II & III, and CSSP Manager

case study

Improving Certification Pass Rates for the US Army

Course Outline

As an advanced curriculum, there are only four (4) domains within CISM. This course provides training for all domains. Click on the sections below to see the topic areas within each domain.

  • Overview of information security governance, roles & responsibilities, third-party relationships, and metrics. Overview of Information security strategy, objectives, and development.

    • 1 Introduction
    • 1.1 Information Security Governance Overview
    • 1.2 Effective Information Security Governance
    • 1.3 Roles and Responsibilities
    • 1.4 Risk Management Roles and Responsibilities
    • 1.5 Governance of Third-Party Relationships
    • 1.6 Information Security Governance Metrics
    • 1.7 Information Security Strategy Overview
    • 1.8 Information Security Strategy Objectives
    • 1.9 Determining the Current State of Security
    • 1.10 Information Security Strategy Development
    • 1.11 Strategy Resources
    • 1.12 Strategy Constraints
    • 1.13 Action Plan to Implement Strategy
    • 1.14 Information Security Program Objectives
  • Review information risk management concepts, strategy, and implementation. Understand risk assessment and analysis methodologies, security control baselines, risk monitoring, and comms.

    • 2 Introduction
    • 2.1 Risk Management Overview
    • 2.2 Risk Management Strategy
    • 2.3 Effective Information Risk Management
    • 2.4 Information Risk Management Concepts
    • 2.5 Implementing Risk Management
    • 2.6 Risk Assessment and Analysis Methodologies
    • 2.7 Risk Assessment
    • 2.8 Information Asset Classification
    • 2.9 Operational Risk Management
    • 2.10 Third-Party Providers
    • 2.11 Risk Management Integration with Life Cycle Process
    • 2.12 Security Control Baselines
    • 2.13 Risk Monitoring and Communication
    • 2.14 Training and Awareness
    • 2.15 Documentation
  • Overview of information security program management, including objectives, concepts, and scope of an information security program. Overview of the information security management framework, architecture and implementation, controls, and countermeasures.

    • 3 Introduction
    • 3.1 Information Security Program Management Overview
    • 3.2 Information Security Program Objectives
    • 3.3 Information Security Program Concepts
    • 3.4 Scope and Charter of an Information Security Program
    • 3.5 The Information Security Management Framework
    • 3.6 Information Security Framework Components
    • 3.7 Defining and Information Security Program Road Map
    • 3.8 Information Security Infrastructure and Architecture
    • 3.9 Architecture Implementation
    • 3.10 Security Program Management and Administrative Activities
    • 3.11 Security Program Services and Operational Activities
    • 3.12 Controls and Countermeasures
    • 3.13 Security Program Metrics and Monitoring
    • 3.14 Common Information Security Program Challenges
  • Overview of Incident Management, including incident response, IM organization, resources, objectives, and metrics and indicators. Develop and test incident response, business continuity and disaster recovery plans.

    • 4 Introduction
    • 4.1 Incident Management Overview
    • 4.2 Incident Response Procedures
    • 4.3 Incident Management Organization
    • 4.4 Incident Management Resources
    • 4.5 Incident Management Objectives
    • 4.6 Incident Management Metrics and Indicators
    • 4.7 Defining Incident Management Procedures
    • 4.8 Current State of Incident Response Capability
    • 4.9 Developing an Incident Response Plan
    • 4.10 Business Continuity and Disaster Recovery Procedures
    • 4.11 Testing Incident Response and Business Continuity/ Disaster Recovery Plans
    • 4.12 Executing Response and Recovery Plans
    • 4.13 Post Incident Activities and Investigation
This course includes:
  • CPE/CEUs: 20
  • 16+ hours of 5-15 minute on-demand training videos
  • Supplementary videos
  • 100 question diagnostic exam
  • 950+ practice question bank
  • 400+ digital flashcards
  • 100 question mid-term practice exam
  • 150 question final exam
  • Performance Tracker
  • Summary Notes
  • Summary Videos
  • CISM Review Manual (15th Ed.) by ISACA

Why N2K?

When it comes to certification training, we know that you and your organization have several options to choose from. This is what separates N2K from the pack.


Measure improvements with robust performance analytics


Build the right knowledge and skills specific to roles


Foster long-term retention without wasting time on cramming


Total costs average 50% less per person compared to the leading bootcamp
Readiness guarantee – We offer an exam readiness or retake guarantee on all certification courses. If an individual completes the course and does not pass the exam on the first try, they can retake our course at no additional charge for up to one full year.

Request Pricing

Why N2K?

When it comes to certification training, we know that you and your organization have several options to choose from. This is what separates N2K from the pack.


Measure improvements with robust performance analytics


Foster long-term retention without wasting time on cramming


Build the right knowledge and skills specific to roles


Total costs average at least 50% less per person compared to the leading bootcamp

Request Pricing

Request more information on training options for your cybersecurity teams. Private classes are available.