Certified Information Security Manager (CISM)


This course is ideal for you if you want to work in risk management, security audits, compliance, or senior management as a CSO, CTO, or CIO. With the CISM Certification, you’ll be in great demand from employers if you work in the very lucrative and popular profession of IT Security right now.

  • 11  Training Hours
  • 349 Videos
  • 6  Topics
  • 94 Practice Questions

SKU: 601956326369 Category:

Course Description:

Introducing the CISM Certification: Empower Your Cybersecurity Career!

Are you ready to unlock the limitless possibilities in the dynamic realm of cybersecurity? Look no further than the Certified Information Security Manager (CISM) course—a cutting-edge program designed to propel your career to new heights!

In today’s fast-paced digital landscape, organizations face ever-evolving threats to their sensitive information. That’s where CISM steps in, empowering you with the knowledge and expertise to become a trusted guardian of digital assets. With CISM, you’ll gain an unrivaled understanding of global best practices, ensuring you can effectively manage security, controls, and compliance.

Here’s why the CISM certification should be your next milestone:

  1. Elevate Your Credibility: As a CISM-certified professional, you’ll earn the trust and respect of stakeholders, peers, and regulatory bodies alike. Your expertise in information security management will solidify your position as a credible authority in the field, opening doors to exciting career opportunities.
  2. Transition to Leadership: Are you yearning to step into a management role in cybersecurity? CISM is your perfect launching pad. This prestigious certification equips you with the technical know-how and hands-on experience required to lead teams, make strategic decisions, and effectively mitigate risks. Unleash your leadership potential and chart a course for success!
  3. Global Recognition: In an increasingly interconnected world, the value of an internationally recognized certification cannot be overstated. The CISM credential is revered across the globe, providing you with a passport to opportunities in diverse industries and geographic locations. Wherever you go, your CISM designation will speak volumes about your competence and professionalism.
  4. Comprehensive Exam Coverage: The CISM exam delves deep into the core competencies of information security management. From information risk management to incident response and governance, you’ll master essential domains that form the bedrock of cybersecurity. Prepare to ace the exam with confidence, knowing you possess the knowledge and skills demanded by today’s cybersecurity landscape.
  5. Stay Ahead of the Curve: The world of cybersecurity is in a constant state of evolution. With CISM, you’ll stay one step ahead of emerging threats and industry trends. The course ensures you remain well-versed in the latest technologies, regulations, and strategies, enabling you to proactively safeguard organizations against sophisticated cyber-attacks.

Are you ready to unlock a world of possibilities and become a cybersecurity leader? The CISM certification is your gateway to success. Don’t settle for mediocrity—join the ranks of elite professionals who are shaping the future of information security.

Embark on this exhilarating journey today, and let the world witness your expertise, credibility, and unwavering commitment to protecting digital assets. Become a CISM-certified professional and seize your destiny in the booming realm of cybersecurity!

Course Outline:

Domain 1: Information Security Governance
CISM Introduction
Information Security
Business Goals, Objectives, and Functions
Business Goals and Information Security
Information Security Threats
Information Security Management
Identity Management
Data Protection
Network Security
Personnel Security
Facility Security
Security Compliance and Standards
Information Security Strategy
Inputs and Outputs of the Information Security Strategy
Processes in an Information Security Strategy
People in an Information Security Strategy
Technologies in an Information Security Strategy
Logical and Physical Information Security Strategy Architectures
Information Security and Business Functions
Information Security Policies and Enterprise Objectives
International Standards for the Security Management
ISO/IEC 27000 Standards
International Info Government Standards
Information Security Government Standards in the United States
Methods of Coordinating Information Security Activities
How to Develop an Information Security Strategy
Information Security Governance
Role of the Security in Governance
Scope of Information Security Governance
Charter of Information Security Governance
Information Security Governance and Enterprise Governance
How to Align Information Security Strategy with Corporate Governance
Regulatory Requirements and Information Security
Business Impact of Regulatory Requirements
Liability Management
Liability Management Strategies
How to Identify Legal and Regulatory Requirements
Business Case Development
Budgetary Reporting Methods
Budgetary Planning Strategy
How to Justify Investment in Info Security
Organizational Drivers
Impact of Drivers on Info Security
Third-Party Relationships
How to Identify Drivers Affecting the Organization
Purpose of Obtaining Commitment to Info Security
Methods for Obtaining Commitment
ISSG Roles and Responsibilities
ISSG Operation
How to Obtain Senior Management’s Commitment to Info Security
Info Security Management Roles and Responsibilities
How to Define Roles and Responsibilities for Info Security
The Need for Reporting and Communicating
Methods for Reporting in an Organization
Methods of Communication in an Organization
How to Establish Reporting and Communicating Channels

Domain 2: Risk Management
Risk Assessment
Info Threat Types
Info Vulnerabilities
Common Points of Exposure
Info Security Controls
Types of Info Security Controls
Common Info Security Countermeasures
Overview of the Risk Assessment Process
Factors Used in Risk Assessment and Analysis
Risk Assessment Methodologies
Quantitative Risk Assessment – Part 1
Quantitative Risk Assessment – Part 2
Qualitative Risk Assessment
Hybrid Risk Assessment
Best Practices for Info Security Management
Gap Analysis
How to Implement an Info Risk Assessment Process
Info Classification Schemas
Components of Info Classification Schemas
Info Ownership Schemas
Components of Info Ownership Schemas
Info Resource Valuation
Valuation Methodologies
How to Determine Info Asset Classification and Ownership
Baseline Modeling
Control Requirements
Baseline Modeling and Risk-Based Assessment of Control Requirements
How to Conduct Ongoing Threat and Vulnerability Evaluations
BIA Methods
Factors for Determining Info Resource Sensitivity and Critically
Impact of Adverse Events
How to Conduct Periodic BIA
Methods for Measuring Effectiveness of Controls and Countermeasures
Risk Mitigation
Risk Mitigation Strategies
Effect of Implementing Risk Mitigation Strategies
Acceptable Levels of Risk
Cost Benefit Analysis
How to Identify and Evaluate Risk Mitigation Strategies
Life Cycle Processes
Life Cycle-Based Risk Management
Risk Management Life Cycle
Business Life Cycle Processes Affected by Risk Management
Life Cycled-Based Risk Management Principles and Practices
How to Integrate Risk Management Into Business Life Cycle Processes
Significant Changes
Risk Management Process
Risk Reporting Methods
Components of Risk Reports
How to Report Changes in Info Risk

Domain 3: Information Security Program
Info Security Strategies
Common Info Security Strategies
Info Security Implementation Plans
Conversation of Strategies Into Implementation Plans
Info Security Programs
Info Security Program Maintenance
Methods for Maintaining an Info Security Program
Succession Planning
Allocation of Jobs
Program Documentation
How to Develop Plans to Implement an Info Security Strategy
Security Technologies and Controls
Cryptographic Techniques
Symmetric Cryptography
Public Key Cryptography
Access Control
Access Control Categories
Physical Access Controls
Technical Access Controls
Administrative Access Controls
Monitoring Tools
Anti-Virus Systems
Policy-Compliance Systems
Common Activities Required in Info Security Programs
Prerequisites for Implementing the Program
Implementation Plan Management
Types of Security Controls
Info Security Controls Development
How to Specify Info Security Program Activities
Business Assurance Function
Common Business Assurance Functions
Methods for Aligning Info Security Programs with Business Assurance Functions
How to Coordinate Info Security Programs with Business Assurance Functions
Internal Resources
External Resources
Services Provided by External Resources – Part 1
Services Provided by External Resources – Part 2
Skills Commonly Required for Info Security Program Implementation
Identification of Resources and Skills Required for a Particular Implementation
Resource Acquisition Methods
Skills Acquisition Methods
How to Identify Resources Needed for Info Security Program Implementation
Info Security Architectures
The SABSA Model for Security Architecture
Deployment Considerations
Deployment of Info Security Architectures
How to Develop Info Security Architecture
Info Security Policies
Components of Info Security Policies
Info Security Policies and the Info Security Strategy
Info Security Policies and Enterprise Business Objectives
Info Security Policy Development Factors
Methods for Communicating Info Security Policies
Info Security Policy Maintenance
How to Develop Info Security Policies
Info Security Awareness Program, Training Programs, and Education Programs
Security Awareness, Training, and Education Gap Analysis
Methods for Closing the Security Awareness, Training, and Education Gaps
Security-Based Cultures and Behaviors
Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
How to Develop Info Security Awareness, Training, and Education Programs
Supporting Documentation for Info Security Policies
Standards, Procedures, Guidelines, and Baselines
Codes of Conduct
Methods for Developing Supporting Documentation
Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
Methods for Maintaining Supporting Documentation
C and A
C and A Programs
How to Develop Supporting Documentation for Info Security Policies

Domain 4: Information Security Program Implementation
Enterprise Business Objectives
Integrating Enterprise Business Objectives & Info Security Policies
Organizational Processes
Change Control
Merges & Acquisitions
Organizational Processes & Info Security Policies
Methods for Integrating Info Security Policies & Organizational Processes
Life Cycle Methodologies
Types of Life Cycle Methodologies
How to Integrate Info Security Requirements Into Organizational Processes
Types of Contracts Affected by Info Security Programs
Joint Ventures
Outsourced Provides & Info Security
Business Partners & Info Security
Customers & Info Security
Third-Party & Info Security
Risk Management
Risk Management Methods & Techniques for Third Parties
SLAs & Info Security
Contracts & Info Security
Due Diligence & Info Security
Suppliers & Info Security
Subcontractors & Info Security
How to Integrate Info Security Controls Into Contracts
Info Security Metrics
Types of Metrics Commonly Used for Info Security
Metric Design, Development & Implementation
Goals of Evaluating Info Security Controls
Methods of Evaluating Info Security Controls
Vulnerability Testing
Types of Vulnerability Testing
Effects of Vulnerability Assessment & Testing
Vulnerability Correction
Commercial Assessment Tools
Goals of Tracking Info Security Awareness, Training, & Education Programs
Methods for Tracking Info Security Awareness, Training, & Education Programs
Evaluation of Training Effectiveness & Relevance
How to Create Info Security Program Evaluation Metrics

Domain 5: Information Security Program Management
Management Metrics
Types of Management Metrics
Data Collection
Periodic Reviews
Monitoring Approaches
Types of Measurements
Other Measurements
Info Security Reviews
The Role of Assurance Providers
Comparing Internal and External Assurance Providers
Line Management Technique
Staff Management
How to Manage Info Security Program Resources
Security Policies
Security Policy Components
Implementation of Info Security Policies
Administrative Processes and Procedures
Access Control Types
Access Security Policy Principles
Identity Management and Compliance
Authentication Factors
Remote Access
User Registration
How to Enforce Policy and Standards Compliance
Types of Third-Party Relationships
Methods for Managing Info Security Regarding Third Parties
Security Service Providers
Third-Party Contract Provisions
Methods to Define Security Requirements in SLAs, Security Provisions and SLAs, and Methods to Monitor Security
How to Enforce Contractual Info Security Controls
Code Development
Common Techniques for Security Enforcement
How to Enforce Info Security During Systems Development
Methods of Monitoring Security Activities
Impact of Change and Configuration Management Activities
How to Maintain Info Security Within an Organization
Due Diligence Activities
Types of Due Diligence Activities
Reviews of Info Access
Standards of Managing and Controlling Info Access
How to Provide Info Security Advice and Guidance
Info Security Awareness
Types of Info Security Stakeholders
Methods of Stakeholder Education
Security Stakeholder Education Process
How to Provide Info Security Awareness and Training
Methods of Testing the Effectiveness of Info Security Control
The Penetration Testing Process
Types of Penetration Testing
Password Cracking
Social Engineering Attacks
Social Engineering Types
External Vulnerability Reporting Sources
Regulatory Reporting Requirements
Internal Reporting Requirements
How to Analyze the Effectiveness of Info Security Controls
Noncompliance Issues
Security Baselines
Events Affecting the Security Baseline
Info Security Problem Management Process
How to Resolve Noncompliance Issues

Domain 6: Incident Management and Response
Incident Response Capability
Components of Incident Response
BIA Phase
Alternate Sites
Develop a BCP
Develop a DRP
Data Backup Strategies
Data Backup Types
Data Restoration Strategies
Info Incident Management Practices
Trigger Events and Types of Trigger Events
Methods of Containing Damage
How to Develop an IRP
Escalation Process
Notification Process
Crisis Communication
How to Establish an Escalation Process
Internal Reporting Requirements
External Reporting Requirements
Communication Process
How to Develop a Communication Process
Methods of Identifying Business Resources Essential to Recovery
How to Integrate an IRP
Role of Primary IRT Members and Role of Additional IRT Members
Response Team Tools and Equipment
How to Develop IRTs
BCP testing
Disaster Recovery Testing
Schedule Disaster Recovery Testing
Refine IRP
How to Test an IRP
Damage Assessment
Business Impacts Cause by Security Incidents
How to Manage Responses to Info Security Incidents
Computer and Digital Forensics
Forensic Requirements for Responding to Info Security Incidents
Evidence Life Cycle
Evidence Collection
Evidence Types
Five Common Rules of Evidence
Chain of Custody
How to Investigate an Info Security Incident
PIR Methods
Security Incident Review Process
Investigate the Cause of a Security Incident
Identify Corrective Actions
Reassess Security Risks After a Security Incident
How to Conduct a Post-Incident Review
Outro – Pre-Test/Test Strategy
Post Test

CISM Review For Certification Exam

The CISM exam consists of 150 multiple-choice questions to test exam candidate proficiency in four information security management areas (listed below). The CISM job practice contains organized task and knowledge statements, divided into categories called domains.

  • 17% of the exam covers information security governance
  • 20% of the exam covers information security risk management
  • 33% of the exam covers the information security program
  • 30% of the exam covers incident management

After careful consideration by the CISM Certification Working Group, multiple industry leaders and subject matter experts validated that these job practice areas and statements accurately reflect the work done by information security managers. Multiple practitioners in this field were consulted to ensure authenticity during this process.

Career Opportunities

This exam prep IT course trains students to be subject matter experts and fulfill positions in Risk Management, Security Auditor, security consultant, Compliance Officer, cybersecurity analysis, Cyber Security Consulting, or an executive management position as a CSO, CTO, or chief information security officer (CIO).

Frequently Asked Questions About Certified Information Security Manager (CISM)

What is the Certified Information Security Manager (CISM) course?

The Certified Information Security Manager (CISM) course is a professional certification program specifically designed for individuals seeking to enter roles in risk management, security auditing, compliance, or executive management, such as CSO (Chief Security Officer), CTO (Chief Technology Officer), or CIO (Chief Information Officer). The course provides comprehensive training in global practices of IT security, equipping candidates with the knowledge and skills highly sought after by employers.

How can I access the CISM course?

The CISM course can be accessed through ITU Online’s All Access Monthly Subscription. This subscription offers not only the CISM course but also grants you access to over 2,500 hours of on-demand content. You can start with a 7-day free trial, which comes with no obligation, and you have the flexibility to cancel anytime.

What does the CISM course contain?

The CISM course consists of 11 training hours, 349 videos, and covers 6 main topics. Additionally, it includes 94 practice questions to help you assess your understanding and readiness for the certification exam.

What are the benefits of acquiring CISM certification?

Acquiring CISM certification offers several benefits. Firstly, it enhances your credibility in the field of information security management. Secondly, it strengthens your interactions with stakeholders, peers, and regulatory bodies, showcasing your expertise and professionalism. Lastly, it is particularly advantageous for individuals aiming to transition from an individual contributor role to a management position within the cybersecurity industry.

What topics does the CISM certification exam cover?

The CISM certification exam focuses on four key areas: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management. These areas assess the candidate’s knowledge and skills in various aspects of information security management.

What is the format of the CISM certification exam?

The CISM certification exam is composed of 150 multiple-choice questions. These questions evaluate the candidate’s proficiency across the four information security management areas mentioned earlier. The exam format enables candidates to demonstrate their understanding and application of concepts by selecting the most appropriate response from the provided options.

Course Format

Self Paced, Live Online


There are no reviews yet.

Be the first to review “Certified Information Security Manager (CISM)”