Course

CS1

Certified Information Security Manager® (CISM®) («CS1»)

Learn how to effectively control information security, manage risks, set up security programs, and confidently handle incidents. CISM® training will get you ready for certification and your role in security management.
Duration 4 days
Price 4'900.–
Course documents Official ISACA® course materials
Price information The course price includes an exam voucher worth CHF 500.
Register

Course facts

  • Developing and managing a governance framework that aligns information security with corporate objectives
  • Defining policies, responsibilities, and control mechanisms within the framework of legal and regulatory requirements
  • Identifying, assessing, and prioritizing information security risks based on threats, vulnerabilities, and impacts
  • Developing appropriate risk treatment strategies and establishing continuous risk reporting and monitoring
  • Establishing and implementing a comprehensive information security program that includes policies, measures, awareness, and metrics
  • Integrating security processes into business operations and managing internal and external resources
  • Developing and maintaining an incident management process for the effective detection, reporting, and handling of security incidents
  • Performing analysis, containment, recovery, and follow-up—including lessons learned and process optimization
Domain 1: Information Security Governance 
  • Enterprise Governance Overview
  • Organizational Culture, Structures, Roles and Responsibilities
  • Legal, Regulatory and Contractual Requirements
  • Information Security Strategy
  • Information Governance Frameworks and Standards
  • Strategic Planning
Domain 2: Information Security Risk Management
  • Risk and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Assessment, Evaluation and Analysis
  • Information Risk Response
  • Risk Monitoring, Reporting and Communication
Domain 3: Information Security Program
  • IS Program Development and Resources
  • IS Standards and Frameworks
  • Defining an IS Program Road Map
  • IS Program Metrics
  • IS Program Management
  • IS Awareness and Training
  • Integrating the Security Program with IT Operations
  • Program Communications, Reporting and Performance Management
Domain 4: Incident Management
  • Incident Management and Incident Response Overview
  • Incident Management and Response Plans
  • Incident Classification/Categorization
  • Incident Management Operations, Tools and Technologies
  • Incident Investigation, Evaluation, Containment and Communication
  • Incident Eradication, Recovery and Review
  • Business Impact and Continuity
  • Disaster Recovery Planning
  • Training, Testing and Evaluation

The course consists of interactive training in the form of presentations and group exercises.

Depending on your learning style, exam preparation requires an additional 10-20 hours of study outside of class.

The course is aimed at information security professionals with at least five years of professional experience, including at least three years in a senior security role.

The course is ideal for CISOs, CSOs, security managers, IT and compliance managers who want to take the next step in their management career. CISM® certification strengthens your credibility when dealing with stakeholders, colleagues, and regulatory authorities – both internally and externally.

There are no formal admission requirements for attending the course.

The requirements for official ISACA® certification are:

1 Passing the CISM® exam

  • The exam can be taken without professional experience.
  • After passing, certification must be applied for within 5 years.

2 Proof of at least five years of professional experience in information security management

  • This experience must have been gained within the last ten years prior to application or within five years of passing the exam.

3 Coverage of at least three of the four CISM® domains

  • Professional experience must include practical knowledge in at least three of the following four areas:
    • Information Security Governance
    • Information Security Risk Management
    • Information Security Program
    • Incident Management

4 Verifiability of professional experience

  • Professional experience must be confirmed by a higher authority (e.g., supervisor or human resources department).

5 Submitting the application for certification to ISACA®

  • Online application or PDF form (depending on the case)
  • Payment of an application fee of currently USD 50

6 Agreement to the ISACA® Code of Professional Ethics

  • Commitment to adhere to ethical standards in professional practice

7 Compliance with Continuing Professional Education (CPE) requirements

  • After certification: annual continuing education and proof of maintenance of the title

Exam format:

  • 150 multiple-choice questions
  • Duration: 4 hours (240 minutes)
  • Location: online with remote proctoring or at an authorized test center
  • Language: available in several languages (you specify the language when registering for the exam)
  • Aids: none

© ISACA. All rights reserved.

CISM® is a registered trademark of ISACA®.

Download

Download course details as PDF

Questions

Choose your date