Certified Information Security Manager Training Overview 

Our Certified Information Security Manager (CISM) Training is meticulously designed for individuals aspiring to excel in security management roles. Geared towards equipping candidates with the requisite skills and certifications, this course ensures thorough preparation for the CISM exam.  

Throughout the training, candidates delve into critical areas of Information Security Management, including business impact assessments and change management. Under the guidance of experienced trainers, participants gain a comprehensive understanding of these domains, enabling them to navigate complex security challenges effectively. 

Prerequisites to attend this Certified Information Security Manager Training 

There are no prior prerequisites to attending the course. 

Who should attend this Certified Information Security Manager Training?  

Candidates attending this course should have an interest in Information Security Management. However, the following professionals can benefit from this course:  

  • Information Security Managers 
  • Internal Auditors 
  • Risk Management Specialists 
  • Compliance Officers 
  • Security Analysts 
  • IT Consultants 
  • Data Protection Officers 

Course structure  

This 4-day course will be divided into a two-part structure:  

  • In the first 3 days, the course will cover the essential materials needed to understand CISM 
  • The last day will cover the essential materials needed to take the CISM Certified Information Security Manager exam 

Show More down-arrow

Certified Information Security Manager Training Outline 

Domain 1: Information Security Governance 

Module 1: Introduction to Information Security Governance 

  • About Information Security Governance 
  • Reason for Security Governance 
  • Security Governance Activities and Results 
  • Risk Appetite 
  • Organisation Culture 

Module 2: Legal, Regulatory and Contractual Requirements 

  • Introduction 
  • Requirements for Content and Retention of Business Records 

Module 3: Organisational Structures, Roles and Responsibilities 

  • Roles and Responsibilities 
  • Monitoring Responsibilities 

Module 4: Information Security Strategy Development 

  • Introduction 
  • Business Goals and Objectives 
  • Information Security Strategy Objectives 
  • Ensuring Objective and Business Integration 
  • Avoiding Common Pitfalls and Bias 
  • Desired State 
  • Elements of a Strategy 

Module 5: Information Governance Frameworks and Standards 

  • Security Balanced Scorecard 
  • Architectural Approaches 
  • Enterprise Risk Management Framework 
  • Information Security Management Frameworks and Models 

Module 6: Strategic Planning 

  • Workforce Composition and Skills 
  • Assurance Provisions 
  • Risk Assessment and Management 
  • Action Plan to Implement Strategy 
  • Information Security Program Objectives 

Domain 2: Information Security Risk Management 

Module 7: Emerging Risk and Threat Landscape 

  • Risk Identification 
  • Threats 
  • Defining a Risk Management Framework 
  • Emerging Threats 
  • Risk, Likelihood and Impact 
  • Risk Register 

Module 8: Vulnerability and Control Deficiency Analysis 

  • Introduction 
  • Security Control Baselines 
  • Events Affecting Security Baselines 

Module 9: Risk Assessment and Analysis 

  • Introduction 
  • Determining the Risk Management Context 
  • Operational Risk Management 
  • Risk Management Integration with IT Life Cycle Management Processes 
  • Risk Scenarios 
  • Risk Assessment Process 
  • Risk Assessment and Analysis Methodologies
  • Other Risk Assessment Approaches
  • Risk Analysis
  • Risk Evaluation
  • Risk Ranking 

Module 10: Risk Treatment or Risk Response Options 

  • Risk Treatment/Risk Response Options 
  • Determining Risk Capacity and Acceptable Risk 
  • (Risk Appetite) 
  • Risk Response Options 
  • Risk Acceptance Framework 
  • Inherent and Residual Risk 
  • Impact 
  • Controls 
  • Legal and Regulatory Requirements 
  • Costs and Benefits 

Module 11: Risk and Control Ownership 

  • Risk Ownership and Accountability 
  • Risk Owner 
  • Control Owner 

Module 12: Risk Monitoring and Reporting 

  • Risk Monitoring 
  • Key Risk Indicators 
  • Reporting Changes in Risk 
  • Risk Communication, Awareness and Consulting 
  • Documentation 

Domain 3: Information Security Programme Development and Management 

Module 13: Information Security Program Resources 

  • Introduction 
  • Information Security Program Objectives 
  • Information Security Program Concepts 
  • Common Information Security Program Challenges 
  • Common Information Security Program Constraints 

Module 14: Information Asset Identification and Classification 

  • Information Asset Identification and Valuation 
  • Information Asset Valuation Strategies 
  • Information Asset Classification 
  • Methods to Determine Criticality of Assets and Impact of Adverse Events 

Module 15: Industry Standards and Frameworks for Information Security 

  • Enterprise Information Security Architectures 
  • Information Security Management Frameworks 
  • Information Security Frameworks Components 

Module 16: Information Security Policies, Procedures, and Guidelines 

  • Policies 
  • Standards 
  • Procedures 
  • Guidelines 

Module 17: Information Security Program Metrics 

  • Introduction 
  • Effective Security Metrics 
  • Security Program Metrics and Monitoring 
  • Metrics Tailored to Enterprise Needs 

Module 18: Information Security Control Design and Selection 

  • Introduction 
  • Managing Risk Through Controls 
  • Controls and Countermeasures 
  • Control Categories 
  • Control Design Considerations 
  • Control Methods 

Module 19: Security Programme Management 

  • Risk Management 
  • Risk Management Programme 
  • Risk Treatment 
  • Audit and Reviews 
  • Third-Party Risk Management 

Module 20: Security Programme Operations 

  • Event Monitoring 
  • Vulnerability Management 
  • Security Engineering and Development 
  • Network Protection 
  • Endpoint Protection and Management 
  • Identity and Access Management 
  • Security Incident Management 
  • Security Awareness Training 
  • Managed Security Service Providers 
  • Data Security 
  • Cryptography 
  • Symmetric Key Algorithms 

Module 21: IT Service Management 

  • Service Desk 
  • Incident Management 
  • Problem Management 
  • Change Management 
  • Configuration Management 
  • Release Management 
  • Service Levels Management 
  • Financial Management 
  • Capacity Management 
  • Service Continuity Management 
  • Availability Management 
  • Asset Management 

Module 22: Controls 

  • Internal Control Objectives 
  • Information Systems Control Objectives 
  • General Computing Controls 
  • Control Frameworks 
  • Controls Development 
  • Control Assessment 

Module 23: Metrics and Monitoring 

  • Types of Metrics 
  • Audiences 
  • Continuous Improvement 

Domain 4: Information Security Incident Management 

Module 24: Security Incident Response Overview 

  • Phases of Incident Response 

Module 25: Incident Response Plan Development 

  • Objectives 
  • Maturity 
  • Resources 
  • Roles and Responsibilities 
  • Gap Analysis 
  • Plan Development 

Module 26: Responding to Security Incidents 

  • Detection 
  • Initiation 
  • Evaluation 
  • Recovery 
  • Remediation 
  • Closure 
  • Post-Incident Review 

Module 27: Business Continuity and Disaster Recovery Planning 

  • Business Continuity Planning 
  • Disaster 
  • Disaster Recovery Planning 
  • Testing BC and DR Planning

Show More down-arrow

What ‘s Included

World-Class Training Sessions From Experienced Instructors

CISM Certificate

Ways to take this course

Classroom Training

Face-to-face sessions led by expert instructors, fostering interactive learning experiences and collaboration among delegates.

Online Instructor-Led Training

Live virtual classes led by experienced trainers, offering real-time interaction and guidance for optimal learning outcomes.

Online Self-Paced Training

Flexible learning at your own pace, with access to comprehensive course materials and resources available anytime, anywhere.

On-Site Training

Customised courses delivered at your location, tailored to your specific needs and scheduling preferences.

CISM Certified Information Security Manager Calender



Delivery Methods

CISM Certified Information Security Manager


8th January 2024


11th January 2024

(4 days)


CISM Certified Information Security Manager


15th January 2024


18th January 2024

(4 days)


CISM Certified Information Security Manager


22nd January 2024


25th January 2024

(4 days)


CISM Certified Information Security Manager


29th January 2024


1st February 2024

(4 days)


What do i get for £2525

  • 80 hours course
  • Immediate Access for 90 days
  • Mock exams
  • Exams included, taken online
  • Certificates on completion
  • Case studies
  • Exercise files
  • Personal performance tool
  • 24/7 Support
  • Suits a busy Lifestyle & Independent Learners
  • Train in the comfort of your home
  • Interactive course
  • Compatible on mobile, tablet and desktop
  • Scenario based learning
  • Bookmarking ability
  • Note taking facilities

select additional features

budget Limited budget?

Course price: GBP2525

Optional addons: GBP0

Total: GBP2525

Enquire Now white-arrow

Enter your requirements below

Bring your teams together for training in your offices within your budget, at date and time that’s convenient for you and our instructors will come to you.







Worldwide Learning Experience

These courses cater to learners worldwide, offering flexible options to fit your schedule and location.

Learning Path Towards Success



Dive into our comprehensive courses to find the best fit for your career goals.

CMS - 2


Avail our high-quality learning resources to scale up your career.

CMS - 3


Gain hands-on experience through practical exercises, assignments and case studies.

CMS - 4


Achieve the skill set to attain a competitive edge in the job market.

Frequently Asked Questions

How does the Certified Information Security Manager Training prepare candidates for real-world challenges?

The training curriculum integrates theoretical knowledge with practical insights and case studies, allowing candidates to apply concepts learned to real-world scenarios.  

Can I take the CISM exam with this course?

No, delegates will have to make direct contact with ISACA to book and arrange for the CISM exam to be taken at one of the following locations - London, Birmingham or Manchester. 

Can I pursue Certified Information Security Manager Training while working full-time?

Yes, the training is designed to accommodate busy schedules. Flexible learning options, including online courses and evening classes, allow participants to balance their professional commitments with their pursuit of certification. 

What career opportunities can Certified Information Security Manager Training lead to?

Completion of the training and attainment of the CISM certification open doors to various career opportunities, including roles such as Information Security Manager, IT Risk Manager, Compliance Manager, and Security Consultant, across diverse industries globally. 

Can I sit for the exam at a time and date suitable to me?

No. The CISM exams are carried out three times a year, June, September and December on set dates. For clarification, please contact ISACA directly.  

What is the Exam Pass Guarantee?

Our exam pass guarantee gives you confidence that we will support your learning until you pass your CISM exam.  

Is the Certified Information Security Manager Training recognised internationally?

Yes, the training is globally recognised and aligned with industry standards set by ISACA (Information Systems Audit and Control Association). The CISM certification earned upon passing the exam is respected by employers worldwide as a mark of proficiency in Information Security Management. 

Is this course accredited?

This is an exam preparation course. You will become certified once you pass the ISACA CISM examination.  

What are the prerequisites?

There are no official prerequisites to attend this course. 

What is the experience of the instructor(s) delivering my course?

All our instructors are fully qualified and have 10+ years of experience in ISACA CISM methodologies.  

What do you provide as part of the course?

In this course, you will receive a courseware book, exam preparation guidance, completion certificate, and world-class training by an experienced instructor. 

Will I receive a certificate of completion?

Yes, you will receive a certificate of completion once you have completed your CISM course. 

Show More down-arrow

Find Your Best Course With Us

Discover the best courses tailored to your career goals. Get in touch with our support team for expert guidance.

Explore Our Client Saying