Course

Certified Information Security Manager® (CISM®) («CS1»)

Learn how to effectively control information security, manage risks, set up security programs, and confidently handle incidents – CISM training will get you ready for certification and your role in security management.
Duration 4 days
Price 4'900.–
Course documents Official ISACA course materials
Price information The course price includes an exam voucher worth CHF 500.
Register
Add to watch List

Course facts

Key Learnings
  • Developing and managing a governance framework that aligns information security with corporate objectives
  • Defining policies, responsibilities, and control mechanisms within the framework of legal and regulatory requirements
  • Identifying, assessing, and prioritizing information security risks based on threats, vulnerabilities, and impacts
  • Developing appropriate risk treatment strategies and establishing continuous risk reporting and monitoring
  • Establishing and implementing a comprehensive information security program that includes policies, measures, awareness, and metrics
  • Integrating security processes into business operations and managing internal and external resources
  • Developing and maintaining an incident management process for the effective detection, reporting, and handling of security incidents
  • Performing analysis, containment, recovery, and follow-up—including lessons learned and process optimization
Content
Domain 1: Information Security Governance 
  • Enterprise Governance Overview
  • Organizational Culture, Structures, Roles and Responsibilities
  • Legal, Regulatory and Contractual Requirements
  • Information Security Strategy
  • Information Governance Frameworks and Standards
  • Strategic Planning
Domain 2: Information Security Risk Management
  • Risk and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Assessment, Evaluation and Analysis
  • Information Risk Response
  • Risk Monitoring, Reporting and Communication
Domain 3: Information Security Program
  • IS Program Development and Resources
  • IS Standards and Frameworks
  • Defining an IS Program Road Map
  • IS Program Metrics
  • IS Program Management
  • IS Awareness and Training
  • Integrating the Security Program with IT Operations
  • Program Communications, Reporting and Performance Management
Domain 4: Incident Management
  • Incident Management and Incident Response Overview
  • Incident Management and Response Plans
  • Incident Classification/Categorization
  • Incident Management Operations, Tools and Technologies
  • Incident Investigation, Evaluation, Containment and Communication
  • Incident Eradication, Recovery and Review
  • Business Impact and Continuity
  • Disaster Recovery Planning
  • Training, Testing and Evaluation
Target audience

The course is aimed at information security professionals with at least five years of professional experience, including at least three years in a senior security role.

The course is ideal for CISOs, CSOs, security managers, IT and compliance managers who want to take the next step in their management career. CISM certification strengthens your credibility when dealing with stakeholders, colleagues, and regulatory authorities – both internally and externally.

Requirements

There are no formal admission requirements for attending the course.

The requirements for official ISACA certification are:

1 Passing the CISM exam

  • The exam can be taken without professional experience.
  • After passing, certification must be applied for within 5 years.

2 Proof of at least five years of professional experience in information security management

  • This experience must have been gained within the last ten years prior to application or within five years of passing the exam.

3 Coverage of at least three of the four CISM domains

  • Professional experience must include practical knowledge in at least three of the following four areas:
    • Information Security Governance
    • Information Security Risk Management
    • Information Security Program
    • Incident Management

4 Verifiability of professional experience

  • Professional experience must be confirmed by a higher authority (e.g., supervisor or human resources department).

5 Submitting the application for certification to ISACA

  • Online application or PDF form (depending on the case)
  • Payment of an application fee of currently USD 50

6 Agreement to the ISACA Code of Professional Ethics

  • Commitment to adhere to ethical standards in professional practice

7 Compliance with Continuing Professional Education (CPE) requirements

  • After certification: annual continuing education and proof of maintenance of the title
Certification

Exam format:

  • 150 multiple-choice questions
  • Duration: 4 hours (240 minutes)
  • Location: online with remote proctoring or at an authorized test center
  • Language: available in several languages (you specify the language when registering for the exam)
  • Aids: none

Download

Download course details as PDF

Questions

Any questions?
First name
Last name
Company optional
Email
Phone
I would like to book this course as a company course
First name
Last name
Company
Email
Phone
Number of participants
Desired course location
Start date (DD.MM.YYYY)
End date (DD.MM.YYYY)

Choose your date

17
Sep
2025
25
Sep
2025
Zürich
German
Timetable
Guaranteed to take place. Register now!
CHF 4’900.-
exkl. 8.1% Mwst.
Guaranteed to take place. Register now!
CHF 4’900.-
exkl. 8.1% Mwst.
Next date
17
Sep
2025
25
Sep
2025
Zürich
German
Timetable
Guaranteed to take place. Register now!
CHF 4’900.-
exkl. 8.1% Mwst.
Guaranteed to take place. Register now!
CHF 4’900.-
exkl. 8.1% Mwst.