Course Overview
ISACA’s CISM (Certified Information Security Manager) certification is a management-focused certification designed for professionals who design, build, and manage enterprise information security programs. Achieving this leading information security credential will help you join a growing and elite network.
Our 100% online format makes it easier for your workforce to accommodate training. Courses are available either live online, with weekly live instruction over six consecutive weeks, or video on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS. Private classes are available.
Prerequisites
According to ISACA, it is recommended to have five (5) years of cumulative, full-time work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The Security+ certification by CompTIA would be a beneficial precursor to the CISM certification but not required.
Related Courses
Equivalent courses to the CISM include the CISSP (Certified Information Systems Security Professional) from (ISC)² or the CISA (Certified Information Systems Auditor) from ISACA.
For practitioners looking for more hands-on technical training, CyberVista’s Critical Knowledge: SOC Analyst course is the ideal first step in role-based training.
Who should earn the CISM?
The CISM is an advanced certification equivalent to 3-5 years of hands-on experience in a security or systems admin role. Individuals in the following roles are excellent candidates for this certification.
- Security Managers who recently have been hired or promoted to the position
- IT Managers who want a better understanding of cybersecurity from a managerial perspective
- Security Professionals who are seeking to advance their technical skills or looking to take on more managerial responsibility
Benefits of Training
There are a great number of benefits to achieving the CISM certification, but a few highlights include:
- Certifies both technical and managerial skills within a cybersecurity leadership role
- Understand how to lead design, development, and execution of enterprise security initiatives
- Add credibility to interactions with key stakeholders and peers
- DoDD 8140/8570 approved for IAM Level II & III, and CSSP Manager
case study
Improving Certification Pass Rates for the US Army
Course Outline
As an advanced curriculum, there are only four (4) domains within CISM. This course provides training for all domains. Click on the sections below to see the topic areas within each domain.
Domain 1: Information Security Governance
Overview of information security governance, roles & responsibilities, third-party relationships, and metrics. Overview of Information security strategy, objectives, and development.
- 1 Introduction
- 1.1 Information Security Governance Overview
- 1.2 Effective Information Security Governance
- 1.3 Roles and Responsibilities
- 1.4 Risk Management Roles and Responsibilities
- 1.5 Governance of Third-Party Relationships
- 1.6 Information Security Governance Metrics
- 1.7 Information Security Strategy Overview
- 1.8 Information Security Strategy Objectives
- 1.9 Determining the Current State of Security
- 1.10 Information Security Strategy Development
- 1.11 Strategy Resources
- 1.12 Strategy Constraints
- 1.13 Action Plan to Implement Strategy
- 1.14 Information Security Program Objectives
Domain 2: Information Risk Management
Review information risk management concepts, strategy, and implementation. Understand risk assessment and analysis methodologies, security control baselines, risk monitoring, and comms.
- 2 Introduction
- 2.1 Risk Management Overview
- 2.2 Risk Management Strategy
- 2.3 Effective Information Risk Management
- 2.4 Information Risk Management Concepts
- 2.5 Implementing Risk Management
- 2.6 Risk Assessment and Analysis Methodologies
- 2.7 Risk Assessment
- 2.8 Information Asset Classification
- 2.9 Operational Risk Management
- 2.10 Third-Party Providers
- 2.11 Risk Management Integration with Life Cycle Process
- 2.12 Security Control Baselines
- 2.13 Risk Monitoring and Communication
- 2.14 Training and Awareness
- 2.15 Documentation
Domain 3: Information Security Program Development and Management
Overview of information security program management, including objectives, concepts, and scope of an information security program. Overview of the information security management framework, architecture and implementation, controls, and countermeasures.
- 3 Introduction
- 3.1 Information Security Program Management Overview
- 3.2 Information Security Program Objectives
- 3.3 Information Security Program Concepts
- 3.4 Scope and Charter of an Information Security Program
- 3.5 The Information Security Management Framework
- 3.6 Information Security Framework Components
- 3.7 Defining and Information Security Program Road Map
- 3.8 Information Security Infrastructure and Architecture
- 3.9 Architecture Implementation
- 3.10 Security Program Management and Administrative Activities
- 3.11 Security Program Services and Operational Activities
- 3.12 Controls and Countermeasures
- 3.13 Security Program Metrics and Monitoring
- 3.14 Common Information Security Program Challenges
Domain 4: Information Security Incident Management
Overview of Incident Management, including incident response, IM organization, resources, objectives, and metrics and indicators. Develop and test incident response, business continuity and disaster recovery plans.
- 4 Introduction
- 4.1 Incident Management Overview
- 4.2 Incident Response Procedures
- 4.3 Incident Management Organization
- 4.4 Incident Management Resources
- 4.5 Incident Management Objectives
- 4.6 Incident Management Metrics and Indicators
- 4.7 Defining Incident Management Procedures
- 4.8 Current State of Incident Response Capability
- 4.9 Developing an Incident Response Plan
- 4.10 Business Continuity and Disaster Recovery Procedures
- 4.11 Testing Incident Response and Business Continuity/ Disaster Recovery Plans
- 4.12 Executing Response and Recovery Plans
- 4.13 Post Incident Activities and Investigation
This course includes:
- CPE/CEUs: 20
- 16+ hours of 5-15 minute on-demand training videos
- Supplementary videos
- 100 question diagnostic exam
- 950+ practice question bank
- 400+ digital flashcards
- 100 question mid-term practice exam
- 150 question final exam
- Performance Tracker
- Summary Notes
- Summary Videos
- CISM Review Manual (15th Ed.) by ISACA
Why CyberVista?
Data-Driven
Relevant
Efficient
Cost-Effective
Readiness guarantee – We offer an exam readiness or retake guarantee on all certification courses. If an individual completes the course and does not pass the exam on the first try, they can retake our course at no additional charge for up to one full year.
Request Pricing
Why CyberVista?
DATA-DRIVEN
EFFICIENT
RELEVANT
COST-EFFECTIVE
Request Pricing
Request more information on training options for your cybersecurity teams. Private classes are available.
"When I was training I found myself using CyberVista’s quiz bank a lot, plus they tested me in other ways such as the initial diagnostic exam, the midterm, and the final exam. Getting used to the wording and doing all those practice questions helped me prepare. There was also a system at CyberVista for figuring out my strengths and weaknesses – it honed in on the areas I needed to study more."
"Before CyberVista I was given an opportunity to attend a one-week boot camp. Since my employer was paying for it, I did not hesitate to take advantage of the offer. After that one-week boot camp, I came out of there with more questions than I had going in. I did not feel prepared and the training just simply wasn’t enough. CyberVista’s curriculum is an integration of live online lectures, on-demand videos, and an array of self-study tools–it was just what I needed."
"I started with a free self-study course and quickly found the accountability was missing. CyberVista’s live interactive course using the light board was a first for me and a great experience overall. It kept me accountable and engaged. The real-life experience of the instructors was evident and their ability to articulate concepts was great. The value of interacting with other students in this live environment was also a significant benefit. It’s not easy getting folks to participate, but CyberVista made it happen."