CISM – Certified Information Security Manager (Online Review Course)

The CISM Online Review Course provides online, on-demand instruction and is ideal for preparing you for the CISM certification exam. The course covers all four of the CISM domains, and each section corresponds directly to the CISM Exam Content Outline. It uses proven instructional design techniques, incorporating video, interactive eLearning modules, downloadable job aids, case study activities, and a practice exam.

Learners will have access to the course for one year from the date of purchase and will earn 20 CPE credits upon completion. This course has a seat time of approximately 16 hours and is accessed via the Learning Access tab of your MyISACA dashboard.

Course Description

The CISM Online Review Course is a comprehensive online preparation course designed to help learners pass the CISM certification exam. It leverages proven instructional design techniques and interactive learning activities to enhance knowledge retention and engagement.

The course covers all four CISM domains, each aligned with the current CISM Exam Content Outline. It includes:

• Video content
• Narrated interactive eLearning modules
• Downloadable job aids
• Case study activities
• A practice exam

Learners can move through the course at their own pace, either following a recommended structure or focusing on specific job practice areas of interest. They can pause and resume the course based on their study schedule, picking up exactly where they left off.

Why Should You Attend?

The Certified Information Security Manager (CISM®) validates your ability to assess risks, implement effective governance, and proactively respond to incidents. With a focus on emerging technologies such as AI (artificial intelligence) and blockchain, it ensures that your skill set addresses security threats and evolving industry requirements. Addressing top concerns such as data breaches and ransomware attacks, essential for IT professionals, this certification ensures that you stay ahead of the pace of change.

Target Audience

• Professionals preparing to become CISM certified.
• Individuals certified in CISA or CISSP looking to move into information security management.
• Professionals in general security management who wish to shift towards information security.
• Information security managers.

Learning Objectives

Upon completion of this course, you will be able to:

• Explain the relationship between executive leadership, enterprise governance, and information security governance.
• Outline the components used to build an information security strategy.
• Explain how the risk assessment process influences the information security strategy.
• Articulate the process and requirements used to develop an effective information risk response strategy.
• Describe the components of an effective information security program.
• Explain the process of building and maintaining an enterprise-level information security program.
• Outline the techniques used to assess the enterprise’s capability and readiness to manage an information security incident.
• Outline the methods of measuring and improving response and recovery capabilities.

Requirements for CISM Certification

To obtain the CISM certificate, you must have 5 years of experience in information system security within the last 10 years.

Content

Domain 1: Information Security Governance

Enterprise Governance

• Organizational Culture
• Legal, Regulatory, and Contractual Requirements
• Organizational Structures, Roles, and Responsibilities

Information Security Strategy

• Development of information security strategy
• Governance frameworks and standards for information
• Strategic planning (e.g., budgets, resources, business case)

Domain 2: Information Security Risk Management

Information Security Risk Assessment

• The emerging landscape of risks and threats
• Vulnerability and control deficiency analysis
• Risk assessment and analysis

Response to Information Security Risks

• Risk treatment/response options
• Risk and control ownership
• Risk monitoring and reporting

Domain 3: Information Security Program

Development of the Information Security Program

• Resources for the information security program (e.g., people, tools, technologies)
• Identification and classification of information assets
• Industry standards and frameworks for information security
• Information security policies, procedures, and guidelines
• Metrics for the information security program

Management of the Information Security Program

• Design and selection of information security controls
• Implementation and integration of information security controls
• Testing and evaluation of information security controls
• Awareness and training in information security
• Management of external services (e.g., vendors, suppliers, third parties, fourth parties)
• Communications and reporting of the information security program

Domain 4: Incident Management

Preparation for Incident Management

• Incident response plan
• Business impact analysis (BIA)
• Business continuity plan (BCP)
• Disaster recovery plan (DRP)
• Incident classification/categorization
• Training, testing, and evaluation of incident management

Incident Management Operations

• Tools and techniques for incident management
• Investigation and evaluation of incidents
• Incident isolation methods
• Communications in incident response (e.g., reporting, notification, escalation)
• Incident eradication and recovery
• Post-incident review practices

Included in training fee

• Review manual: A comprehensive reference guide designed to help you prepare for the CISA exam and understand the roles and responsibilities of an IS Auditor.

Optional

• QAE (Questions, Answers & Explanations) Database: A 12-month subscription to a comprehensive 1,000-question pool of items. Build a custom study plan with a personalized dashboard to track progress and review previously answered questions.
• Examination voucher: By successfully passing this exam, you demonstrate your understanding of the key concepts of the CISA domains, and it is required to complete certification.