Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) is a certification for information security managers awarded by ISACA. To gain the certifications, individuals must pass a written examination and have at least five years of information security experience with a minimum three years of information security management work experience in particular fields. The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.

Course Outline

The program contains the following modules based on the CISM exam requirements: 

  • Information Security Governance(Supports exam objectives in ISACA's Information Security Governance exam domain)
  • Risk Management(Supports exam objectives in ISACA's Information Risk Management & Compliance exam domain)
    • IT Deployment Risks(Further supports exam objectives in ISACA's Information Risk Management & Compliance exam domain)
    • IS Network and Telecommunications Risk(Further supports exam objectives in ISACA's Information Risk Management & Compliance exam domain)
  • Information Security Program Management(Supports exam objectives in ISACA's Information Security Program Development and Management exam domain)
    • Managing the IT Function(Further supports exam objectives in ISACA's Information Security Program and Management exam domain)
  • Business Continuity, Disaster Recovery, and Incident Response(Supports exam objectives in ISACA's Incident Management exam domain)
  • Legal and Ethical Issues(Supports legislative, contractual, and other legal concerns as they applythroughout all exam domains)