CISM (Certified Information Security Manager) training
4-day training to prepare you for the official CISM (Certified Information Security Manager) exam of ISACA. CISM is internationally recognized as the most complete and comprehensive information security certification!
CISM (Certified Information Security Manager) – training options
Option 1: 4-day training (classroom and live online, up to your choice)
Option 2: In-company training
CISM – one of the most requested (and best paying) certifications in information security
In this 4-day CISM training you will learn about an internationally recognized standard based on the CISM Body of Knowledge. The 4 CISM domains are extensively covered during the training and tested during the CISM exam, i.e.:
Domain 1 - Information Security Governance
Domain 2 - Information Security Risk Management
Domain 3 - Information Security Program
Domain 4 - Incident Management
The CISM training (and certification) focuses on the strategic side of information security and its relationship with business goals. This CISM training is more than just an exam training. Practical cases and getting started with CISM also play an important role in this training. During the training, the 4 CISM domains are covered in detail. For example, you will learn how to align information security with your organization's strategy and current laws and regulations. You will learn to think in terms of risks and you will learn how to limit these risks (such as security incidents) as much as possible for your organization. Become CISM certified and you will be able to assess risks, implement effective governance, and proactively respond to incidents.
What does ISACA's CISM title stand for?
CISM stands for Certified Information Security Manager and is a title of ISACA. CISM is internationally recognized as the most complete and comprehensive information security certification. The CISM training (and certification) is important to gain knowledge about management, organization, risk management, and change management techniques. Since its inception in 2002, more than 48,000 professionals worldwide have achieved the CISM title. CISM is now one of the most requested and one of the best paying certifications in information security!
For whom is the CISM certification important?
The CISM training is particularly important for (future) information security managers who want to obtain the globally recognized CISM title, as well as for professionals such as risk managers, CISOs, CIOs, information architects, IT auditors, and many other professionals who deal with the strategic side of information security. Take your expertise in information security to the next level and become CISM certified!
Language of communication
The language of communication during the CISM training is English. The CISM training is also organized in the Dutch language, please have a look at our Dutch website for the dates.
CISM certification requirements
The certification requirements that have been set for obtaining the CISM title are:
- You must have at least 5 years of work experience in information security in at least 3 CISM domains
- If you have a CISA or CISSP certification or a Bachelor in an information security related field, then 3 years of relevant work experience is sufficient
- You must subscribe and adhere to the ISACA Code of Professional Ethics
If you do not (yet) meet these requirements, you can become a CISM associate.
About the CISM exam
The CISM exam is a multiple-choice exam. You will have to answer 150 questions in a relatively short time (4 hours). The exam is taken by means of Computer-Based Testing (CBT) at a test center affiliated with ISACA. The costs of the CISM exam are determined by ISACA.
Exam success guarantee
In the unlikely event that you do not pass the CISM exam the first time, you can attend the CISM training again, free of charge (within one year)!
CISM recertification/CPE credits
The CISM title is a 3-year title. To continue your CISM title, you must obtain 120 CPE credits in 3 years.
To prepare for the training you will receive the official ISACA CISM Review Manual and access to the CISM Questions & Answers database.
ISACA (Information Systems Audit and Control Association) is an international professional, non profit association focused on IT, assurance, security, and governance. ISACA has more than 170,000 members in 188 countries and 225 chapters worldwide. ISACA issues multiple titles, including CISM, CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in the Governance of Enterprise IT), Cybersecurity Fundamentals, and CDPSE (Certified Data Privacy Solutions engineers).
CISM vs CISSP, CISA, CRISC and Cybersecurity Fundamentals
There are 2 globally recognized leaders in the field of (cyber)security certifications, namely:
ISACA and (ISC)2. The top certification of (ISC)2 is CISSP (Certified Information Systems Security Professional). ISACA offers 4 (cyber)security certifications: CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control) and Cybersecurity Fundamentals. You can obtain all these certifications with us. The main difference between the certifications is:
- CISSP focuses on the operational side of information security and its technical aspects
- CISM focuses on the strategic side of information security and its relationship with business goals
- CISA is aimed at IT professionals who (want to) work in governance and audit-related roles
- CRISC is specifically aimed at professionals who (will) work in IT risk management at the enterprise level
- Cybersecurity Fundamentals is fully focused on technical security knowledge and skills and is therefore an extensive preparation/addition to the CISM certification
Also interesting for you!
The following trainings could also be interesting/relevant for you and/or your colleagues:
We can organize the CISM training in-house (and tailor-made) for you starting 5 participants. An in-company training - customized or not - has numerous advantages, such as:
- it saves you and your colleagues (travel) time and travel and accommodation expenses
- you follow the training in your own working environment
- organizational issues can be discussed openly because there are no external participants
- you determine the place, time, and dates yourself
- from 5 participants, an in-company training is often useful and cost effective
Do you prefer an in-company training? Please contact us to discuss the possibilities.
CISM (Certified Information Security Manager) – curriculum
In this 4-day CISM training, the 4 CISM (exam) domains (with the different weighting factors) are covered as well as the subtopics and tasks you will be tested on:
Information Security Governance (17%)
- Enterprise governance overview
- Organizational culture, structures, roles, and responsibilities
- Legal, regulatory, and contractual requirements
- Information security strategy
- Information governance frameworks and standards
- strategic scheduling
Information Security Risk Management (20%)
- Risk and threat landscape
- Vulnerability and control deficiency analysis
- Risk assessment, evaluation, and analysis
- Information risk response
- Risk monitoring, reporting, and communication
Information Security Program (33%)
- Information security program development and resources
- Information security standards and frameworks
- Defining an information security program road map
- Information security program metrics
- Information security program management
- Information security awareness and training
- Integrating the security program with IT operations
- Program communications, reporting, and performance management
Incident Management (30%)
- Incident management and incident response overview
- Incident management and response plans
- Incident classification/categorization
- Incident management operations, tools, and technologies
- Incident investigation, evaluation, containment, and communication
- Incident eradication, recovery, and review
- Business impact and continuity
The CISM training is given by a very experienced CISM-certified and ISACA-accredited trainer.
The CISM training takes place near Amsterdam (the Netherlands). Class times are from 09:00 in the morning to 17:00 in the afternoon. You can join in-class and live online (up to your choice). The training takes place on:
- 25 - 28 March 2024
Fee / Registration
The fee of the 4-day CISM training is € 3,500 (excl. VAT) per person, incl. coffee/tea, all lunches, the official ISACA CISM Review Manual, access to the Q&A database and a discount on the official ISACA exam (under certain conditions). In addition, you can attend the CISM training again free of charge (within one year), in the unlikely event that you do not pass the exam the first time.