Certified Information Security Manager (CISM) - ITU Online

Certified Information Security Manager (CISM)

If you’re looking to get into risk management, security auditing, compliance or executive management as a CSO, CTO or CIO, then this course is perfect for you. IT Security is an incredibly popular and lucrative field in Information Technology right now, and the CISM Certification will make you highly sought-after by employers.

Included In This Course

Certified Information Security Manager (CISM)
11 Hrs 4 Min
349 On-demand Videos
Closed Captions

Closed Captions

Course Topics
6  Topics
Question & Answers
94 Prep Questions
Certificate of Completion

Certificate of Completion

Course Description for Certified Information Security Manager (CISM) Certification Training

The Certified Information Security Manager (CISM) certification training is designed to equip professionals with the knowledge and skills required to manage and govern an enterprise’s information security program. This comprehensive course covers the key domains of Information Security Governance, Risk Management, Information Security Program Development and Management, and Incident Management. Throughout the course, learners will delve into critical concepts such as identity management, data protection, network security, and compliance with international standards.

Participants will explore practical applications and real-world scenarios to understand the intricacies of information security management. By the end of this training, you will be prepared to develop and manage information security strategies that align with organizational goals and regulatory requirements. The course also provides insights into obtaining senior management’s commitment to information security and effectively communicating security policies within an organization.

What You Will Learn in the Certified Information Security Manager (CISM) Certification Training

In this course, you will gain a comprehensive understanding of information security management principles and practices. You will learn how to align information security strategies with business objectives, manage risks, and ensure compliance with regulatory requirements. The following are key learning outcomes from this course:

  • Understand the principles of information security governance and its role in organizational governance.
  • Develop and manage effective information security strategies and policies.
  • Conduct risk assessments and implement appropriate risk mitigation strategies.
  • Design and manage information security programs, including training and awareness initiatives.
  • Implement incident response and disaster recovery plans.
  • Utilize cryptographic techniques and access control mechanisms to protect sensitive information.

Exam Objectives for Certified Information Security Manager (CISM) Certification

The CISM certification exam, governed by ISACA, evaluates your expertise in managing, designing, overseeing, and assessing an enterprise’s information security. The exam objectives are divided into the following domains:

  • Information Security Governance – Establish and maintain an information security governance framework and supporting processes.
  • Risk Management – Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives.
  • Information Security Program Development and Management – Establish and manage the information security program.
  • Incident Management and Response – Plan, establish, and manage the capability to respond to and recover from information security incidents.

Who This Certified Information Security Manager (CISM) Certification Training is For

This course is ideal for professionals looking to advance their careers in information security management. Whether you are a seasoned security professional or looking to transition into a security management role, this course will provide you with the necessary skills and knowledge. The target audience includes:

  • Information security managers and aspiring managers.
  • IT consultants and professionals working in risk management and governance.
  • IT auditors and compliance professionals.
  • Business leaders and project managers involved in information security.
  • Anyone interested in obtaining the CISM certification and advancing their career in information security.

Possible Jobs You Can Get With Certified Information Security Manager (CISM) Certification

Achieving the CISM certification opens up a range of career opportunities in various industries. The skills and knowledge gained from this course are highly valued by employers. Potential job roles include:

  • Information Security Manager
  • IT Risk Manager
  • Security Consultant
  • Information Systems Auditor
  • Compliance Manager
  • Chief Information Security Officer (CISO)
  • IT Project Manager

Average Industry Salaries for People with Certified Information Security Manager (CISM) Certification

Professionals with CISM certification are in high demand and can command competitive salaries. The following are approximate salary ranges for various job titles associated with this certification:

  • Information Security Manager: $100,000 – $140,000 per year
  • IT Risk Manager: $90,000 – $130,000 per year
  • Security Consultant: $85,000 – $125,000 per year
  • Information Systems Auditor: $80,000 – $120,000 per year
  • Compliance Manager: $95,000 – $135,000 per year
  • Chief Information Security Officer (CISO): $150,000 – $250,000 per year

Get Started Today with Certified Information Security Manager (CISM) Certification Training

Take the first step towards advancing your career in information security management by enrolling in the Certified Information Security Manager (CISM) certification training today. This course will equip you with the skills and knowledge needed to excel in high-demand roles within the industry. Don’t miss out on the opportunity to enhance your professional credentials and increase your earning potential.

Enroll now and join a community of professionals dedicated to securing and managing information in today’s dynamic digital landscape. Click the link below to get started and take control of your career in information security.

Key Term Knowledge Base: Key Terms Related to Certified Information Security Manager (CISM)

Understanding key terms in Certified Information Security Manager (CISM) is crucial for anyone looking to excel in information security management. These terms form the foundation of knowledge required for the CISM certification and are essential for professionals in roles related to IT security, such as CSOs, CTOs, CIOs, security auditors, and compliance officers. The CISM certification encompasses various aspects of IT security, focusing on governance, risk management, program development, and incident management.

Information Security GovernanceThe collection of practices and policies ensuring that an organization’s information assets are protected appropriately.
Information Risk ManagementThe process of identifying, evaluating, and treating risks to the organization’s information assets.
Information Security Program DevelopmentThe process of establishing and maintaining a plan to protect information assets.
Information Security Incident ManagementThe methods and processes used to respond to and manage information security incidents.
ComplianceEnsuring that organizational activities adhere to laws, regulations, and policies related to information security.
CybersecurityThe practice of protecting systems, networks, and programs from digital attacks.
ISACAAn international professional association focused on IT governance.
CISM CertificationA globally recognized certification for information security managers offered by ISACA.
Security AuditAn examination of the security of a company’s information system by measuring it against a set of criteria.
CSO (Chief Security Officer)A high-level executive responsible for the security of information, assets, technologies, and processes.
CTO (Chief Technology Officer)An executive responsible for the management and implementation of technology within an organization.
CIO (Chief Information Officer)A senior executive responsible for managing and implementing information and computer technologies.
Risk AssessmentThe process of identifying and analyzing potential risks to organizational security.
Security ControlsSafeguards or countermeasures to avoid, detect, counteract, or minimize security risks.
Security StrategyA high-level plan outlining an organization’s approach to securing its information and technology assets.
Incident Response PlanA set of instructions to help IT staff detect, respond to, and recover from network security incidents.
EncryptionThe process of converting information or data into a code, especially to prevent unauthorized access.
Network SecurityThe practice of preventing and protecting against unauthorized intrusion into corporate networks.
Data ProtectionThe process of safeguarding important information from corruption, compromise, or loss.
Regulatory ComplianceAdhering to laws, regulations, standards, and ethical practices related to industry-specific requirements.
Vulnerability ManagementThe process of identifying, classifying, remediating, and mitigating vulnerabilities in software and network security.
Access ControlThe selective restriction of access to a place or other resource.
Security PolicyA document that outlines the rules, procedures, and guidelines for securing an organization’s technology and information assets.
Business Continuity PlanningThe process of creating systems of prevention and recovery to deal with potential threats to a company.
Disaster RecoveryStrategies and processes to recover and protect a business IT infrastructure in the event of a disaster.
AuthenticationThe process of verifying the identity of a user or process.
Penetration TestingA simulated cyber attack against your computer system to check for exploitable vulnerabilities.
ISO/IEC 27000 StandardsA family of standards that helps organizations keep information assets secure.
Security ArchitectureThe design and implementation of security structures in an organization to manage risks and reduce vulnerabilities.
Cybersecurity Awareness TrainingTraining provided to employees to understand and prevent cybersecurity threats.
Security MetricsQuantitative measures used to gauge the efficiency and effectiveness of security measures within an organization.
Security GovernanceThe set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.
Threat IntelligenceInformation an organization uses to understand the threats that have, will, or are currently targeting the organization.
Cloud SecurityThe set of policies and technologies designed to protect data and infrastructure involved in a cloud computing setup.
Mobile SecurityThe protection of smartphones, tablets, and laptops from threats associated with wireless computing.
Security Compliance and StandardsAdherence to established guidelines or specifications for cybersecurity measures.
Logical and Physical Information SecurityThe protection of digital data (logical) and the physical hardware that stores this data.
Identity ManagementThe administrative process that deals with identifying individuals in a system and controlling their access to resources.
Security Awareness, Training, and Education ProgramsPrograms designed to educate employees about computer security, policies, and best practices.
Security ReviewAn evaluation process to ensure compliance with a company’s security policies and procedures.
Information Security Policy DevelopmentThe process of writing, implementing, and reviewing the information security policies in an organization.
Information Security Management Roles and ResponsibilitiesDefined roles and responsibilities within an organization for managing and enforcing security policies and procedures.
Information Classification SchemasFrameworks for categorizing data based on its sensitivity and importance to the organization.
Information Asset Classification and OwnershipThe process of identifying the value and ownership of information assets within an organization.
Security Strategy Inputs and OutputsThe information and results that feed into and come out of an organization’s security strategy.
Regulatory Requirements and Information SecurityThe impact of legal and regulatory obligations on an organization’s information security strategies and practices.
Information Security Governance CharterA document that establishes the scope, authority, and responsibility of the information security governance function within an organization.

Understanding these terms provides a strong foundation in information security management, enhancing one’s ability to effectively prepare for the CISM certification and succeed in various IT security roles.

Frequently Asked Questions About Certified Information Security Manager (CISM)

What is the Certified Information Security Manager (CISM) course?

The CISM course is designed for those looking to enter into risk management, security auditing, compliance, or executive management as a CSO, CTO, or CIO. It provides comprehensive training in global practices of IT security, making those who earn the certification highly sought after by employers​.

How can I access the CISM course?

The course can be accessed through ITU Online’s All Access Monthly Subscription, which also provides access to over 2,500 hours of on-demand content. You can start a 7-day free trial with no obligation, and you can cancel anytime.

What does the CISM course contain?

The CISM course comprises 11 training hours, 349 videos, 6 topics, and includes 94 practice questions​.

What are the benefits of acquiring CISM certification?

CISM certification provides credibility, strengthens interactions with stakeholders, peers, and regulatory bodies, and is ideal for those looking to transition from an individual contributor role into a management position in the field of cybersecurity​.

What topics does the CISM certification exam cover?

The CISM exam focuses on four main areas: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management. Each of these areas is designed to test the candidate’s proficiency in information security management knowledge and skills​.

What is the format of the CISM certification exam?

The CISM certification exam consists of 150 multiple-choice questions that test the candidate’s proficiency in four information security management areas​.

Proudly Display
Your Achievement

Upon completion of your training, you’ll receive a personalized certificate of completion to help validate to others your new skills.
Example Certificate

Certified Information Security Manager (CISM) Course Content

Domain 1: Information Security Governance

  •    CISM Introduction
  •    Information Security
  •    Business Goals, Objectives, and Functions
  •    Business Goals and Information Security
  •    Information Security Threats
  •    Information Security Management
  •    Identity Management
  •    Data Protection
  •    Network Security
  •    Personnel Security
  •    Facility Security
  •    Security Compliance and Standards
  •    Information Security Strategy
  •    Inputs and Outputs of the Informtion Security Strategy
  •    Processes in an Information Security Strategy
  •    People in an Information Security Strategy
  •    Technologies in an Indormation Security Strategy
  •    Logical and Physical Information Security Strategy Architectures
  •    Information Security and Business Functions
  •    Information Security Policies and Enterprise Objectives
  •    International Standards for the Security Management
  •    ISO/IEC 27000 Standards
  •    International Info Government Standards
  •    Information Security Government Standards in the United States
  •    Methods of Coordinating Information Security Activites
  •    How to Develop an Information Security Strategy
  •    Information Security Governance
  •    Role of the Security in Governance
  •    Scope of Information Security Governance
  •    Charter of Information Security Governance
  •    Information Security Governance and Enterprise Governance
  •    How to Align Information Security Strategy with Corporate Governance
  •    Regulatory Requirements and Information Security
  •    Business Impact of Regulatory Requirements
  •    Liability Management
  •    Liability Management Strategies
  •    How to Identify Legal and Regulatory Requirements
  •    Business Case Development
  •    Budgetary Reporting Methods
  •    Budgetary Planning Strategy
  •    How to Justify Investment in Info Security
  •    Organizational Drivers
  •    Impact of Drivers on Info Security
  •    Third Party Relationships
  •    How to Identify Drivers Affecting the Organization
  •    Purpose of Obtaining Commitment to Info Security
  •    Methods for Obtaining Commitment
  •    ISSG
  •    ISSG Roles and Responsibilities
  •    ISSG Operation
  •    How to Obtain Senior Management's Commitment to Info Security
  •    Info Security Management Roles and Responsibilities
  •    How to Define Roles and Responsibilities for Info Security
  •    The Need for Reporting and Communicating
  •    Methods for Reporting in an Organization
  •    Methods of Communication in an Organization
  •    How to Establish Reporting and Communicating Channels

Domain 2: Risk Management

  •    Risk
  •    Risk Assessment
  •    Info Threat Types
  •    Info Vulnerabilities
  •    Common Points of Exposure
  •    Info Security Controls
  •    Types of Info Security Controls
  •    Common Info Security Countermeasures
  •    Overview of the Risk Assessment Process
  •    Factors Used in Risk Assessment and Analysis
  •    Risk Assessment Methodologies
  •    Quantitative Risk Assessment - Part 1
  •    Quantitative Risk Assessment - Part 2
  •    Qualitative Risk Assessment
  •    Hybrid Risk Assessment
  •    Best Practices for Info Security Management
  •    Gap Analysis
  •    How to Implement an Info Risk Assessment Process
  •    Info Classification Schemas
  •    Components of Info Classification Schemas
  •    Info Ownership Schemas
  •    Components of Info Ownership Schemas
  •    Info Resource Valuation
  •    Valuation Methodologies
  •    How to Determine Info Asset Classification and Ownership
  •    Baseline Modeling
  •    Control Requirements
  •    Baseline Modeling and Risk Based Assessment of Control Requirements
  •    How to Conduct Ongoing Threat and Vulnerability Evaluations
  •    BIA's
  •    BIA Methods
  •    Factors for Determining Info Resource Sensitivity and Critically
  •    Impact of Adverse Events
  •    How to Conduct Periodic BIA's
  •    Methods for Measuring Effectiveness of Controls and Countermeasures
  •    Risk Mitigation
  •    Risk Mitigation Strategies
  •    Effect of Implementing Risk Mitigation Strategies
  •    Acceptable Levels of Risk
  •    Cost Benefit Analysis
  •    How to Identify and Evaluate Risk Mitigation Strategies
  •    Life Cycle Processes
  •    Life Cycle-Based Risk Management
  •    Risk Management Life Cycle
  •    Business Life Cycle Processes Affected by Risk Management
  •    Life Cycled-Based Risk Management Principles and Practices
  •    How to Integrate Risk Management Into Business Life Cycle Processes
  •    Significant Changes
  •    Risk Management Process
  •    Risk Reporting Methods
  •    Components of Risk Reports
  •    How to Report Changes in Info Risk

Domain 3: Information Security Program

  •    Info Security Strategies
  •    Common Info Security Strategies
  •    Info Security Implementation Plans
  •    Conversation of Strategies Into Implementation Plans
  •    Info Security Programs
  •    Info Security Program Maintenance
  •    Methods for Maintaining an Info Security Program
  •    Succession Planning
  •    Allocation of Jobs
  •    Program Documentation
  •    How to Develop Plans to Implement an Info Security Strategy
  •    Security Technologies and Controls
  •    Cryptographic Techniques
  •    Symmetric Cryptography
  •    Public Key Cryptography
  •    Hashes
  •    Access Control
  •    Access Control Categories
  •    Physical Access Controls
  •    Technical Access Controls
  •    Administrative Access Controls
  •    Monitoring Tools
  •    IDS's
  •    Anti-Virus Systems
  •    Policy-Compliance Systems
  •    Common Activities Required in Info Security Programs
  •    Prerequisites for Implementing the Program
  •    Implementation Plan Management
  •    Types of Security Controls
  •    Info Security Controls Development
  •    How to Specify info Security Program Activities
  •    Business Assurance Function
  •    Common Business Assurance Functions
  •    Methods for Aligning info Security Programs with Business Assurance Functions
  •    How to Coordinate Info Security Programs with Business Assurance Functions
  •    SLA's
  •    Internal Resources
  •    External Resources
  •    Services Provided by External Resources - Part 1
  •    Services Provided by External Resources - Part 2
  •    Skills Commonly Required for Info Security Program Implementation
  •    Dentification of Resources and Skills Required for a Particular Implementation
  •    Resource Acquisition Methods
  •    Skills Acquisition Methods
  •    How to Identify Resources Needed for Info Security Program Implementation
  •    Info Security Architectures
  •    The SABSA Model for Security Architecture
  •    Deployment Considerations
  •    Deployment of Info Security Architectures
  •    How to Develop Info Security Architecture
  •    Info Security Policies
  •    Components of Info Security Policies
  •    Info Security Policies and the Info Security Strategy
  •    Info Security Policies and Enterprise Business Objectives
  •    Info Security Policy Development Factors
  •    Methods for Communicating Info Security Policies
  •    Info Security Policy Maintenance
  •    How to Develop Info Security Policies
  •    Info Security Awareness Program, Training Programs, and Education Programs
  •    Security Awareness, Training, and Education Gap Analysis
  •    Methods for Closing the Security Awareness, Training, and Education Gaps
  •    Security-Based Cultures and Behaviors
  •    Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
  •    How to Develop Info Security Awareness, Training, and Education Programs
  •    Supporting Documentation for Info Security Policies
  •    Standards, Procedures, Guidelines, and Baselines
  •    Codes of Conduct
  •    NDA's
  •    Methods for Developing Supporting Documentation
  •    Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
  •    Methods for Maintaining Supporting Documentation
  •    C and A
  •    C and A Programs
  •    How to Develop Supporting Documentation for Info Security Policies

Domain 4: Information Security Program Implementation

  •    Enterprise Business Objectives
  •    Integrating Enterprise Business Objectives & Info Security Policies
  •    Organizational Processes
  •    Change Control
  •    Merges & Acquisitions
  •    Organizational Processes & Info Security Policies
  •    Methods for Integrating Info Security Policies & Organizational Processes
  •    Life Cycle Methodologies
  •    Types of Life Cycle Methodologies
  •    How to Integrate Info Security Requirements Into Organizational Processes
  •    Types of Contracts Affected by Info Security Programs
  •    Joint Ventures
  •    Outsourced Provides & Info Security
  •    Business Partners & Info Security
  •    Customers & Info Security
  •    Third Party & Info Security
  •    Risk Management
  •    Risk Management Methods & Techniques for Third Parties
  •    SLA's & Info Security
  •    Contracts & Info Security
  •    Due Diligence & Info Security
  •    Suppliers & Info Security
  •    Subcontractors & Info Security
  •    How to Integrate Info Security Controls Into Contracts
  •    Info Security Metrics
  •    Types of Metrics Commonly Used for Info Security
  •    Metric Design, Development & Implementation
  •    Goals of Evaluating Info Security Controls
  •    Methods of Evaluating Info Security Controls
  •    Vulnerability Testing
  •    Types of Vulnerability Testing
  •    Effects of Vulnerability Assessment & Testing
  •    Vulnerability Correction
  •    Commercial Assessment Tools
  •    Goals of Tracking Info Security Awareness, Training, & Education Programs
  •    Methods for Tracking Info Security Awareness, Training, & Education Programs
  •    Evaluation of Training Effectiveness & Relevance
  •    How to Create Info Security Program Evaluation Metrics

Domain 5: Information Security Program Management

  •    Management Metrics
  •    Types of Management Metrics
  •    Data Collection
  •    Periodic Reviews
  •    Monitoring Approaches
  •    KPI's
  •    Types of Measurements
  •    Other Measurements
  •    Info Security Reviews
  •    The Role of Assurance Providers
  •    Comparing Internal and External Assurance Providers
  •    Line Management Technique
  •    Budgeting
  •    Staff Management
  •    Facilities
  •    How to Manage Info Security Program Resources
  •    Security Policies
  •    Security Policy Components
  •    Implementation of Info Security Policies
  •    Administrative Processes and Procedures
  •    Access Control Types
  •    ACM
  •    Access Security Policy Principles
  •    Identity Management and Compliance
  •    Authentication Factors
  •    Remote Access
  •    User Registration
  •    Procurement
  •    How to Enforce Policy and Standards Compliance
  •    Types of Third Party Relationships
  •    Methods for Managing Info Security Regarding Third Parties
  •    Security Service Providers
  •    Third Party Contract Provisions
  •    Methods to Define Security Requirements in SLA's, Security Provisions and SLA's, and Methods to Monitor Security
  •    How to Enforce Contractual Info Security Controls
  •    SDLC
  •    Code Development
  •    Common Techniques for Security Enforcement
  •    How to Enforce Info Security During Systems Development
  •    Maintenance
  •    Methods of Monitoring Security Activities
  •    Impact of Change and Configuration Management Activities
  •    How to Maintain Info Security Within an Organization
  •    Due Diligence Activities
  •    Types of Due Diligence Activities
  •    Reviews of Info Access
  •    Standards of Managing and Controlling Info Access
  •    How to Provide Info Security Advice and Guidance
  •    Info Security Awareness
  •    Types of Info Security Stakeholders
  •    Methods of Stakeholder Education
  •    Security Stakeholder Education Process
  •    How to Provide Info Security Awareness and Training
  •    Methods of Testing the Effectiveness of Info Security Control
  •    The Penetration Testing Process
  •    Types of Penetration Testing
  •    Password Cracking
  •    Social Engineering Attacks
  •    Social Engineering Types
  •    External Vulnerability Reporting Sources
  •    Regulatory Reporting Requirements
  •    Internal Reporting Requirements
  •    How to Analyze the Effectiveness of Info Security Controls
  •    Noncompliance Issues
  •    Security Baselines
  •    Events Affecting the Security Baseline
  •    Info Security Problem Management Process
  •    How to Resolve Noncompliance Issues

Domain 6: Incident Management and Response

  •    Incident Response Capability
  •    Components of Incident Response
  •    BCP
  •    BIA Phase
  •    Coop
  •    DRP
  •    Alternate Sites
  •    Develop a BCP
  •    Develop a DRP
  •    MTD
  •    RPO
  •    RTO
  •    Data Backup Strategies
  •    Data Backup Types
  •    Data Restoration Strategies
  •    Info Incident Management Practices
  •    IRP
  •    Trigger Events and Types of Trigger Events
  •    Methods of Containing Damage
  •    How to Develop an IRP
  •    Escalation Process
  •    Notification Process
  •    IRT
  •    Crisis Communication
  •    How to Establish an Escalation Process
  •    Internal Reporting Requirements
  •    External Reporting Requirements
  •    Communication Process
  •    How to Develop a Communication Process
  •    IRP and DRP
  •    IRP and BCP
  •    Methods of Identifying Business Resources Essential to Recovery
  •    How to Integrate an IRP
  •    Role of Primary IRT Members and Role of Additional IRT Members
  •    Response Team Tools and Equipment
  •    How to Develop IRT's
  •    BCP testing
  •    Disaster Recovery Testing
  •    Schedule Disaster Recovery Testing
  •    Refine IRP
  •    How to Test an IRP
  •    Damage Assessment
  •    Business Impacts Cause by Security Incidents
  •    How to Manage Responses to Info Security Incidents
  •    Computer and Digital Forensics
  •    Forensic Requirements for Responding to Info Security Incidents
  •    Evidence Life Cycle
  •    Evidence Collection
  •    Evidence Types
  •    Five Common Rules of Evidence
  •    Chain of Custody
  •    How to Investigate an Info Security Incident
  •    PIR Methods
  •    Security Incident Review Process
  •    Investigate Cause of a Security Incident
  •    Identify Corrective Actions
  •    Reassess Security Risks After a Security Incident
  •    How to Conduct a Post-Incident Review
  •    Outro - Pre Test/Test Strategy
  •    Post Test
Add a review
Currently, we are not accepting new reviews
Based on 81 reviews
1-5 of 81 reviews
  1. SJ


  2. AA
  3. K
  4. BO
  5. A

    Smooth delivery and easy access to LMS. Good to see that the LMS offers progress tracking. Would be great if badges were offered on completion of courses to share via Credly to future employers.

Certified Information Security Manager (CISM)

Subscribe To All-Access
Lock In $16.99 / Month Forever

Gain access to this training and all our other courses with our cost-effective monthly subscription. No obligations. Cancel anytime.

$49.99 $16.99 Monthly