Lifetime
An ITU Online Training exclusive. The only Buy Once, Never Pay for IT training again program available. Plus, get all new and updated content for life.
- +1 855.488.5327
- customerservice@ituonline.com
- Mon - Fri: 9:00am - 5:00pm ET
Certified Information Security Manager (CISM)
If you’re looking to get into risk management, security auditing, compliance or executive management as a CSO, CTO or CIO, then this course is perfect for you. IT Security is an incredibly popular and lucrative field in Information Technology right now, and the CISM Certification will make you highly sought-after by employers.
Included In This Course
Included In This Course
13 Hrs 3 Min
349 On-demand Videos
Closed Captions
6 Topics
94 Prep Questions
Certificate of Completion
Course Description
IT Security is the most sought-after and booming sector of Information Technology right now, with the CISM Certification at its pinnacle. This course offers a comprehensive look into global practices so that employers can be certain those who have earned this designation hold sufficient knowledge and experience to ensure effective security management.
Why should I take the CISM
Certified Information Security Managers (CISM) have technical knowledge and experience managing information security, control, and compliance. With ISACA CISM certification comes credibility that can strengthen interactions with stakeholders, peers, and regulatory bodies. For those looking to transition from an individual contributor role into a management position in the field of cyber security, this credential is ideal for your path in Cybersecurity.
Another key online training course offered by ITU Online that prepares you for a ISACA certification is our Certified Information Systems Auditor (CISA)
For more information on this certification, visit the ISACA Official Certification site.
CISM Review For Certification Exam
CISM exam consists of 150 multiple-choice questions to test exam candidate proficiency in four information security management areas (listed below). The CISM job practice contains organized task and knowledge statements, divided into categories called domains.
- 17% of the exam covers information security governance
- 20% of the exam covers information security risk management
- 33% of the exam covers information security program
- 30% of the exam covers incident management
After careful consideration by the CISM Certification Working Group, multiple industry leaders and subject matter experts validated that these job practice areas and statements accurately reflect the work done by information security managers. Multiple practitioners in this field were consulted to ensure authenticity during this process.
Career Opportunities
This exam prep IT course trains students to be a subject matter expert and fulfill positions in Risk Management, Security Auditor, security consultant, Compliance Officer, cybersecurity analysts, Cyber Security Consulting or an executive management position as a CSO, CTO, or chief information security officer (CIO).
Key Term Knowledge Base: Key Terms Related to Certified Information Security Manager (CISM)
Understanding key terms in Certified Information Security Manager (CISM) is crucial for anyone looking to excel in information security management. These terms form the foundation of knowledge required for the CISM certification and are essential for professionals in roles related to IT security, such as CSOs, CTOs, CIOs, security auditors, and compliance officers. The CISM certification encompasses various aspects of IT security, focusing on governance, risk management, program development, and incident management.
| Term | Definition |
|---|---|
| Information Security Governance | The collection of practices and policies ensuring that an organization’s information assets are protected appropriately. |
| Information Risk Management | The process of identifying, evaluating, and treating risks to the organization’s information assets. |
| Information Security Program Development | The process of establishing and maintaining a plan to protect information assets. |
| Information Security Incident Management | The methods and processes used to respond to and manage information security incidents. |
| Compliance | Ensuring that organizational activities adhere to laws, regulations, and policies related to information security. |
| Cybersecurity | The practice of protecting systems, networks, and programs from digital attacks. |
| ISACA | An international professional association focused on IT governance. |
| CISM Certification | A globally recognized certification for information security managers offered by ISACA. |
| Security Audit | An examination of the security of a company’s information system by measuring it against a set of criteria. |
| CSO (Chief Security Officer) | A high-level executive responsible for the security of information, assets, technologies, and processes. |
| CTO (Chief Technology Officer) | An executive responsible for the management and implementation of technology within an organization. |
| CIO (Chief Information Officer) | A senior executive responsible for managing and implementing information and computer technologies. |
| Risk Assessment | The process of identifying and analyzing potential risks to organizational security. |
| Security Controls | Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks. |
| Security Strategy | A high-level plan outlining an organization’s approach to securing its information and technology assets. |
| Incident Response Plan | A set of instructions to help IT staff detect, respond to, and recover from network security incidents. |
| Encryption | The process of converting information or data into a code, especially to prevent unauthorized access. |
| Network Security | The practice of preventing and protecting against unauthorized intrusion into corporate networks. |
| Data Protection | The process of safeguarding important information from corruption, compromise, or loss. |
| Regulatory Compliance | Adhering to laws, regulations, standards, and ethical practices related to industry-specific requirements. |
| Vulnerability Management | The process of identifying, classifying, remediating, and mitigating vulnerabilities in software and network security. |
| Access Control | The selective restriction of access to a place or other resource. |
| Security Policy | A document that outlines the rules, procedures, and guidelines for securing an organization’s technology and information assets. |
| Business Continuity Planning | The process of creating systems of prevention and recovery to deal with potential threats to a company. |
| Disaster Recovery | Strategies and processes to recover and protect a business IT infrastructure in the event of a disaster. |
| Authentication | The process of verifying the identity of a user or process. |
| Penetration Testing | A simulated cyber attack against your computer system to check for exploitable vulnerabilities. |
| ISO/IEC 27000 Standards | A family of standards that helps organizations keep information assets secure. |
| Security Architecture | The design and implementation of security structures in an organization to manage risks and reduce vulnerabilities. |
| Cybersecurity Awareness Training | Training provided to employees to understand and prevent cybersecurity threats. |
| Security Metrics | Quantitative measures used to gauge the efficiency and effectiveness of security measures within an organization. |
| Security Governance | The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly. |
| Threat Intelligence | Information an organization uses to understand the threats that have, will, or are currently targeting the organization. |
| Cloud Security | The set of policies and technologies designed to protect data and infrastructure involved in a cloud computing setup. |
| Mobile Security | The protection of smartphones, tablets, and laptops from threats associated with wireless computing. |
| Security Compliance and Standards | Adherence to established guidelines or specifications for cybersecurity measures. |
| Logical and Physical Information Security | The protection of digital data (logical) and the physical hardware that stores this data. |
| Identity Management | The administrative process that deals with identifying individuals in a system and controlling their access to resources. |
| Security Awareness, Training, and Education Programs | Programs designed to educate employees about computer security, policies, and best practices. |
| Security Review | An evaluation process to ensure compliance with a company’s security policies and procedures. |
| Information Security Policy Development | The process of writing, implementing, and reviewing the information security policies in an organization. |
| Information Security Management Roles and Responsibilities | Defined roles and responsibilities within an organization for managing and enforcing security policies and procedures. |
| Information Classification Schemas | Frameworks for categorizing data based on its sensitivity and importance to the organization. |
| Information Asset Classification and Ownership | The process of identifying the value and ownership of information assets within an organization. |
| Security Strategy Inputs and Outputs | The information and results that feed into and come out of an organization’s security strategy. |
| Regulatory Requirements and Information Security | The impact of legal and regulatory obligations on an organization’s information security strategies and practices. |
| Information Security Governance Charter | A document that establishes the scope, authority, and responsibility of the information security governance function within an organization. |
Understanding these terms provides a strong foundation in information security management, enhancing one’s ability to effectively prepare for the CISM certification and succeed in various IT security roles.
Frequently Asked Questions About Certified Information Security Manager (CISM)
What is the Certified Information Security Manager (CISM) course?
The CISM course is designed for those looking to enter into risk management, security auditing, compliance, or executive management as a CSO, CTO, or CIO. It provides comprehensive training in global practices of IT security, making those who earn the certification highly sought after by employers​.
How can I access the CISM course?
The course can be accessed through ITU Online’s All Access Monthly Subscription, which also provides access to over 2,500 hours of on-demand content. You can start a 7-day free trial with no obligation, and you can cancel anytime.
What does the CISM course contain?
The CISM course comprises 11 training hours, 349 videos, 6 topics, and includes 94 practice questions​.
What are the benefits of acquiring CISM certification?
CISM certification provides credibility, strengthens interactions with stakeholders, peers, and regulatory bodies, and is ideal for those looking to transition from an individual contributor role into a management position in the field of cybersecurity​.
What topics does the CISM certification exam cover?
The CISM exam focuses on four main areas: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management. Each of these areas is designed to test the candidate’s proficiency in information security management knowledge and skills​.
What is the format of the CISM certification exam?
The CISM certification exam consists of 150 multiple-choice questions that test the candidate’s proficiency in four information security management areas​.
Proudly DisplayYour Achievement
Upon completion of your training, you’ll receive a personalized certificate of completion to help validate to others your new skills.
Course Outline
Certified Information Security Manager (CISM) Course Content
Domain 1: Information Security Governance
CISM Introduction
Information Security
Business Goals, Objectives, and Functions
Business Goals and Information Security
Information Security Threats
Information Security Management
Identity Management
Data Protection
Network Security
Personnel Security
Facility Security
Security Compliance and Standards
Information Security Strategy
Inputs and Outputs of the Informtion Security Strategy
Processes in an Information Security Strategy
People in an Information Security Strategy
Technologies in an Indormation Security Strategy
Logical and Physical Information Security Strategy Architectures
Information Security and Business Functions
Information Security Policies and Enterprise Objectives
International Standards for the Security Management
ISO/IEC 27000 Standards
International Info Government Standards
Information Security Government Standards in the United States
Methods of Coordinating Information Security Activites
How to Develop an Information Security Strategy
Information Security Governance
Role of the Security in Governance
Scope of Information Security Governance
Charter of Information Security Governance
Information Security Governance and Enterprise Governance
How to Align Information Security Strategy with Corporate Governance
Regulatory Requirements and Information Security
Business Impact of Regulatory Requirements
Liability Management
Liability Management Strategies
How to Identify Legal and Regulatory Requirements
Business Case Development
Budgetary Reporting Methods
Budgetary Planning Strategy
How to Justify Investment in Info Security
Organizational Drivers
Impact of Drivers on Info Security
Third Party Relationships
How to Identify Drivers Affecting the Organization
Purpose of Obtaining Commitment to Info Security
Methods for Obtaining Commitment
ISSG
ISSG Roles and Responsibilities
ISSG Operation
How to Obtain Senior Management's Commitment to Info Security
Info Security Management Roles and Responsibilities
How to Define Roles and Responsibilities for Info Security
The Need for Reporting and Communicating
Methods for Reporting in an Organization
Methods of Communication in an Organization
How to Establish Reporting and Communicating Channels
Domain 2: Risk Management
Risk
Risk Assessment
Info Threat Types
Info Vulnerabilities
Common Points of Exposure
Info Security Controls
Types of Info Security Controls
Common Info Security Countermeasures
Overview of the Risk Assessment Process
Factors Used in Risk Assessment and Analysis
Risk Assessment Methodologies
Quantitative Risk Assessment - Part 1
Quantitative Risk Assessment - Part 2
Qualitative Risk Assessment
Hybrid Risk Assessment
Best Practices for Info Security Management
Gap Analysis
How to Implement an Info Risk Assessment Process
Info Classification Schemas
Components of Info Classification Schemas
Info Ownership Schemas
Components of Info Ownership Schemas
Info Resource Valuation
Valuation Methodologies
How to Determine Info Asset Classification and Ownership
Baseline Modeling
Control Requirements
Baseline Modeling and Risk Based Assessment of Control Requirements
How to Conduct Ongoing Threat and Vulnerability Evaluations
BIA's
BIA Methods
Factors for Determining Info Resource Sensitivity and Critically
Impact of Adverse Events
How to Conduct Periodic BIA's
Methods for Measuring Effectiveness of Controls and Countermeasures
Risk Mitigation
Risk Mitigation Strategies
Effect of Implementing Risk Mitigation Strategies
Acceptable Levels of Risk
Cost Benefit Analysis
How to Identify and Evaluate Risk Mitigation Strategies
Life Cycle Processes
Life Cycle-Based Risk Management
Risk Management Life Cycle
Business Life Cycle Processes Affected by Risk Management
Life Cycled-Based Risk Management Principles and Practices
How to Integrate Risk Management Into Business Life Cycle Processes
Significant Changes
Risk Management Process
Risk Reporting Methods
Components of Risk Reports
How to Report Changes in Info Risk
Domain 3: Information Security Program
Info Security Strategies
Common Info Security Strategies
Info Security Implementation Plans
Conversation of Strategies Into Implementation Plans
Info Security Programs
Info Security Program Maintenance
Methods for Maintaining an Info Security Program
Succession Planning
Allocation of Jobs
Program Documentation
How to Develop Plans to Implement an Info Security Strategy
Security Technologies and Controls
Cryptographic Techniques
Symmetric Cryptography
Public Key Cryptography
Hashes
Access Control
Access Control Categories
Physical Access Controls
Technical Access Controls
Administrative Access Controls
Monitoring Tools
IDS's
Anti-Virus Systems
Policy-Compliance Systems
Common Activities Required in Info Security Programs
Prerequisites for Implementing the Program
Implementation Plan Management
Types of Security Controls
Info Security Controls Development
How to Specify info Security Program Activities
Business Assurance Function
Common Business Assurance Functions
Methods for Aligning info Security Programs with Business Assurance Functions
How to Coordinate Info Security Programs with Business Assurance Functions
SLA's
Internal Resources
External Resources
Services Provided by External Resources - Part 1
Services Provided by External Resources - Part 2
Skills Commonly Required for Info Security Program Implementation
Dentification of Resources and Skills Required for a Particular Implementation
Resource Acquisition Methods
Skills Acquisition Methods
How to Identify Resources Needed for Info Security Program Implementation
Info Security Architectures
The SABSA Model for Security Architecture
Deployment Considerations
Deployment of Info Security Architectures
How to Develop Info Security Architecture
Info Security Policies
Components of Info Security Policies
Info Security Policies and the Info Security Strategy
Info Security Policies and Enterprise Business Objectives
Info Security Policy Development Factors
Methods for Communicating Info Security Policies
Info Security Policy Maintenance
How to Develop Info Security Policies
Info Security Awareness Program, Training Programs, and Education Programs
Security Awareness, Training, and Education Gap Analysis
Methods for Closing the Security Awareness, Training, and Education Gaps
Security-Based Cultures and Behaviors
Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
How to Develop Info Security Awareness, Training, and Education Programs
Supporting Documentation for Info Security Policies
Standards, Procedures, Guidelines, and Baselines
Codes of Conduct
NDA's
Methods for Developing Supporting Documentation
Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
Methods for Maintaining Supporting Documentation
C and A
C and A Programs
How to Develop Supporting Documentation for Info Security Policies
Domain 4: Information Security Program Implementation
Enterprise Business Objectives
Integrating Enterprise Business Objectives & Info Security Policies
Organizational Processes
Change Control
Merges & Acquisitions
Organizational Processes & Info Security Policies
Methods for Integrating Info Security Policies & Organizational Processes
Life Cycle Methodologies
Types of Life Cycle Methodologies
How to Integrate Info Security Requirements Into Organizational Processes
Types of Contracts Affected by Info Security Programs
Joint Ventures
Outsourced Provides & Info Security
Business Partners & Info Security
Customers & Info Security
Third Party & Info Security
Risk Management
Risk Management Methods & Techniques for Third Parties
SLA's & Info Security
Contracts & Info Security
Due Diligence & Info Security
Suppliers & Info Security
Subcontractors & Info Security
How to Integrate Info Security Controls Into Contracts
Info Security Metrics
Types of Metrics Commonly Used for Info Security
Metric Design, Development & Implementation
Goals of Evaluating Info Security Controls
Methods of Evaluating Info Security Controls
Vulnerability Testing
Types of Vulnerability Testing
Effects of Vulnerability Assessment & Testing
Vulnerability Correction
Commercial Assessment Tools
Goals of Tracking Info Security Awareness, Training, & Education Programs
Methods for Tracking Info Security Awareness, Training, & Education Programs
Evaluation of Training Effectiveness & Relevance
How to Create Info Security Program Evaluation Metrics
Domain 5: Information Security Program Management
Management Metrics
Types of Management Metrics
Data Collection
Periodic Reviews
Monitoring Approaches
KPI's
Types of Measurements
Other Measurements
Info Security Reviews
The Role of Assurance Providers
Comparing Internal and External Assurance Providers
Line Management Technique
Budgeting
Staff Management
Facilities
How to Manage Info Security Program Resources
Security Policies
Security Policy Components
Implementation of Info Security Policies
Administrative Processes and Procedures
Access Control Types
ACM
Access Security Policy Principles
Identity Management and Compliance
Authentication Factors
Remote Access
User Registration
Procurement
How to Enforce Policy and Standards Compliance
Types of Third Party Relationships
Methods for Managing Info Security Regarding Third Parties
Security Service Providers
Third Party Contract Provisions
Methods to Define Security Requirements in SLA's, Security Provisions and SLA's, and Methods to Monitor Security
How to Enforce Contractual Info Security Controls
SDLC
Code Development
Common Techniques for Security Enforcement
How to Enforce Info Security During Systems Development
Maintenance
Methods of Monitoring Security Activities
Impact of Change and Configuration Management Activities
How to Maintain Info Security Within an Organization
Due Diligence Activities
Types of Due Diligence Activities
Reviews of Info Access
Standards of Managing and Controlling Info Access
How to Provide Info Security Advice and Guidance
Info Security Awareness
Types of Info Security Stakeholders
Methods of Stakeholder Education
Security Stakeholder Education Process
How to Provide Info Security Awareness and Training
Methods of Testing the Effectiveness of Info Security Control
The Penetration Testing Process
Types of Penetration Testing
Password Cracking
Social Engineering Attacks
Social Engineering Types
External Vulnerability Reporting Sources
Regulatory Reporting Requirements
Internal Reporting Requirements
How to Analyze the Effectiveness of Info Security Controls
Noncompliance Issues
Security Baselines
Events Affecting the Security Baseline
Info Security Problem Management Process
How to Resolve Noncompliance Issues
Domain 6: Incident Management and Response
Incident Response Capability
Components of Incident Response
BCP
BIA Phase
Coop
DRP
Alternate Sites
Develop a BCP
Develop a DRP
MTD
RPO
RTO
Data Backup Strategies
Data Backup Types
Data Restoration Strategies
Info Incident Management Practices
IRP
Trigger Events and Types of Trigger Events
Methods of Containing Damage
How to Develop an IRP
Escalation Process
Notification Process
IRT
Crisis Communication
How to Establish an Escalation Process
Internal Reporting Requirements
External Reporting Requirements
Communication Process
How to Develop a Communication Process
IRP and DRP
IRP and BCP
Methods of Identifying Business Resources Essential to Recovery
How to Integrate an IRP
Role of Primary IRT Members and Role of Additional IRT Members
Response Team Tools and Equipment
How to Develop IRT's
BCP testing
Disaster Recovery Testing
Schedule Disaster Recovery Testing
Refine IRP
How to Test an IRP
Damage Assessment
Business Impacts Cause by Security Incidents
How to Manage Responses to Info Security Incidents
Computer and Digital Forensics
Forensic Requirements for Responding to Info Security Incidents
Evidence Life Cycle
Evidence Collection
Evidence Types
Five Common Rules of Evidence
Chain of Custody
How to Investigate an Info Security Incident
PIR Methods
Security Incident Review Process
Investigate Cause of a Security Incident
Identify Corrective Actions
Reassess Security Risks After a Security Incident
How to Conduct a Post-Incident Review
Outro - Pre Test/Test Strategy
Post Test
Subscribe To All-Access
Lock In $14.99 / Month Forever
Start this course for free with our 10-day trial of the all-access subscription providing access to over 2,600 hours of training.
$49.00 $14.99 Monthly
OR
$49.00
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM)
Additional Options to Access This Training
This training is also part of our extensive training library containing over 225 courses, 12,000+ videos and over 19,000 practice test questions.
Monthly All-Access Subscription
7 Days Free - $39.00 / month
A great option at an affordable monthly price.
Annual All-Access Subscription
$229 / year
A discounted price when paying for your All Access library on an annual basis.
Lifetime All-Access Library
$379 One time payment
Exceptional Value. Pay once, never have to buy IT training again.
Related Courses
$59.00
Gain the upper hand in cybersecurity with Certified Ethical Hacker v12 training. Enroll now in our affordable online course and start learning today!
Certified Ethical Hacker v12 is the latest iteration of EC-Council’s Certified Ethical Hacker v12 series. ITU offers CEH training to provide you the tools to research, discover and scan targets, analyze vulnerabilities and test attack methods and tools. The focus of this CEH online training course is to solve the challenge of breaking into a target network, collect evidence of success, and escape unnoticed. Every lesson and topic are infused with step-by-step guided practice using real hardware- and software-based hacking tools. Throughout both lecture and hands-on activities, the instructor, Chrys Thorsen provides commentary from the field including tips, tricks and hard-learned lessons.
$49.00
Become a Certified Cloud Security Professional (CCSP) and master cloud security with ITU Online Training. Enroll now to prepare for the CCSP exam.
After finishing this Certified Cloud Security Professional (CCSP) training course course, you will be able to design and secure data, applications, and infrastructure in the cloud using advanced technical skills and knowledge.
$49.00
Learn how to investigate cybercrimes with ITU Online’s CHFI Course – Computer Hacking Forensics Investigator (ECC 312-49). Enroll now!
This CHFI course will cover the security discipline of computer forensics from a vendor-neutral perspective and work towards preparing students to become Forensic Investigators in Computer Hacking.
I’ve enjoyed the training so far. Wish it was more focused on Linux like other training, but still good.
The educators at ituonline.com are highly skilled but could improve their methods of instruction. In the CCNA 200-301 course, there’s a heavy emphasis on oral lectures, and it would be beneficial to include more in-depth visual aids. Annotating labs and graphics could also make the educational journey more effective. On the other hand, the N10-008 course instructor consistently offers top-notch material.
This course is super detailed but not boring, and they give you cool projects to actually practice what you’re learning.