Certified Information Security Manager (CISM)

If you’re looking to get into risk management, security auditing, compliance or executive management as a CSO, CTO or CIO, then this course is perfect for you. IT Security is an incredibly popular and lucrative field in Information Technology right now, and the CISM Certification will make you highly sought-after by employers.

With internship




Without internship



this course includes

11 Training Hours

349 On-demand Videos

Closed Captions

6 Topics

94 Prep Questions

Certificate of Completion

What you’ll


 Information Security Governance


Risk Management


Information Security Program


Information Security Program Implementation


Information Security Program Management


Incident Management and Response

Why should I take the CISM

Certified Information Security Managers (CISM) have technical knowledge and experience managing information security, control, and compliance. With ISACA CISM certification comes credibility that can strengthen interactions with stakeholders, peers, and regulatory bodies. For those looking to transition from an individual contributor role into a management position in the field of cyber security, this credential is ideal for your path in Cybersecurity.


Information Security Governance

CISM Introduction
Information Security
Business Goals, Objectives, and Functions
Business Goals and Information Security
Information Security Threats
Information Security Management
Identity Management
Data Protection
Network Security
Personnel Security
Facility Security
Security Compliance and Standards
Information Security Strategy
Inputs and Outputs of the Informtion Security Strategy
Processes in an Information Security Strategy
People in an Information Security Strategy
Technologies in an Indormation Security Strategy
Logical and Physical Information Security Strategy Architectures
Information Security and Business Functions
Information Security Policies and Enterprise Objectives
International Standards for the Security Management
ISO/IEC 27000 Standards
International Info Government Standards
Information Security Government Standards in the United States
Methods of Coordinating Information Security Activites
How to Develop an Information Security Strategy
Information Security Governance
Role of the Security in Governance
Scope of Information Security Governance
Charter of Information Security Governance
Information Security Governance and Enterprise Governance
How to Align Information Security Strategy with Corporate Governance
Regulatory Requirements and Information Security
Business Impact of Regulatory Requirements
Liability Management
Liability Management Strategies
How to Identify Legal and Regulatory Requirements
Business Case Development
Budgetary Reporting Methods
Budgetary Planning Strategy
How to Justify Investment in Info Security
Organizational Drivers
Impact of Drivers on Info Security
Third Party Relationships
How to Identify Drivers Affecting the Organization
Purpose of Obtaining Commitment to Info Security
Methods for Obtaining Commitment
ISSG Roles and Responsibilities
ISSG Operation
How to Obtain Senior Management's Commitment to Info Security
Info Security Management Roles and Responsibilities
How to Define Roles and Responsibilities for Info Security
The Need for Reporting and Communicating
Methods for Reporting in an Organization
Methods of Communication in an Organization
How to Establish Reporting and Communicating Channels

Risk Management

Risk Assessment
Info Threat Types
Info Vulnerabilities
Common Points of Exposure
Info Security Controls
Types of Info Security Controls
Common Info Security Countermeasures
Overview of the Risk Assessment Process
Factors Used in Risk Assessment and Analysis
Risk Assessment Methodologies
Quantitative Risk Assessment - Part 1
Quantitative Risk Assessment - Part 2
Qualitative Risk Assessment
Hybrid Risk Assessment
Best Practices for Info Security Management
Gap Analysis
How to Implement an Info Risk Assessment Process
Info Classification Schemas
Components of Info Classification Schemas
Info Ownership Schemas
Components of Info Ownership Schemas
Info Resource Valuation
Valuation Methodologies
How to Determine Info Asset Classification and Ownership
Baseline Modeling
Control Requirements
Baseline Modeling and Risk Based Assessment of Control Requirements
How to Conduct Ongoing Threat and Vulnerability Evaluations
BIA Methods
Factors for Determining Info Resource Sensitivity and Critically
Impact of Adverse Events
How to Conduct Periodic BIA's
Methods for Measuring Effectiveness of Controls and Countermeasures
Risk Mitigation
Risk Mitigation Strategies
Effect of Implementing Risk Mitigation Strategies
Acceptable Levels of Risk
Cost Benefit Analysis
How to Identify and Evaluate Risk Mitigation Strategies
Life Cycle Processes
Life Cycle-Based Risk Management
Risk Management Life Cycle
Business Life Cycle Processes Affected by Risk Management
Life Cycled-Based Risk Management Principles and Practices
How to Integrate Risk Management Into Business Life Cycle Processes
Significant Changes
Risk Management Process
Risk Reporting Methods
Components of Risk Reports
How to Report Changes in Info Risk

Information Security Program

 Info Security Strategies
Common Info Security Strategies
Info Security Implementation Plans
Conversation of Strategies Into Implementation Plans
Info Security Programs
Info Security Program Maintenance
Methods for Maintaining an Info Security Program
Succession Planning
Allocation of Jobs
Program Documentation
How to Develop Plans to Implement an Info Security Strategy
Security Technologies and Controls
Cryptographic Techniques
Symmetric Cryptography
Public Key Cryptography
Access Control
Access Control Categories
Physical Access Controls
Technical Access Controls
Administrative Access Controls
Monitoring Tools
Anti-Virus Systems
Policy-Compliance Systems
Common Activities Required in Info Security Programs
Prerequisites for Implementing the Program
Implementation Plan Management
Types of Security Controls
Info Security Controls Development
How to Specify info Security Program Activities
Business Assurance Function
Common Business Assurance Functions
Methods for Aligning info Security Programs with Business Assurance Functions
How to Coordinate Info Security Programs with Business Assurance Functions
Internal Resources
External Resources
Services Provided by External Resources - Part 1
Services Provided by External Resources - Part 2
Skills Commonly Required for Info Security Program Implementation
Dentification of Resources and Skills Required for a Particular Implementation
Resource Acquisition Methods
Skills Acquisition Methods
How to Identify Resources Needed for Info Security Program Implementation
Info Security Architectures
The SABSA Model for Security Architecture
Deployment Considerations
Deployment of Info Security Architectures
How to Develop Info Security Architecture
Info Security Policies
Components of Info Security Policies
Info Security Policies and the Info Security Strategy
Info Security Policies and Enterprise Business Objectives
Info Security Policy Development Factors
Methods for Communicating Info Security Policies
Info Security Policy Maintenance
How to Develop Info Security Policies
Info Security Awareness Program, Training Programs, and Education Programs
Security Awareness, Training, and Education Gap Analysis
Methods for Closing the Security Awareness, Training, and Education Gaps
Security-Based Cultures and Behaviors
Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
How to Develop Info Security Awareness, Training, and Education Programs
Supporting Documentation for Info Security Policies
Standards, Procedures, Guidelines, and Baselines
Codes of Conduct
Methods for Developing Supporting Documentation
Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
Methods for Maintaining Supporting Documentation
C and A
C and A Programs
How to Develop Supporting Documentation for Info Security Policies

Information Security Program Implementation

Enterprise Business Objectives
Integrating Enterprise Business Objectives & Info Security Policies
Organizational Processes
Change Control
Merges & Acquisitions
Organizational Processes & Info Security Policies
Methods for Integrating Info Security Policies & Organizational Processes
Life Cycle Methodologies
Types of Life Cycle Methodologies
How to Integrate Info Security Requirements Into Organizational Processes
Types of Contracts Affected by Info Security Programs
Joint Ventures
Outsourced Provides & Info Security
Business Partners & Info Security
Customers & Info Security
Third Party & Info Security
Risk Management
Risk Management Methods & Techniques for Third Parties
SLA's & Info Security
Contracts & Info Security
Due Diligence & Info Security
Suppliers & Info Security
Subcontractors & Info Security
How to Integrate Info Security Controls Into Contracts
Info Security Metrics
Types of Metrics Commonly Used for Info Security
Metric Design, Development & Implementation
Goals of Evaluating Info Security Controls
Methods of Evaluating Info Security Controls
Vulnerability Testing
Types of Vulnerability Testing
Effects of Vulnerability Assessment & Testing
Vulnerability Correction
Commercial Assessment Tools
Goals of Tracking Info Security Awareness, Training, & Education Programs
Methods for Tracking Info Security Awareness, Training, & Education Programs
Evaluation of Training Effectiveness & Relevance
How to Create Info Security Program Evaluation Metrics

Information Security Program Management

 Management Metrics
Types of Management Metrics
Data Collection
Periodic Reviews
Monitoring Approaches
Types of Measurements
Other Measurements
Info Security Reviews
The Role of Assurance Providers
Comparing Internal and External Assurance Providers
Line Management Technique
Staff Management
How to Manage Info Security Program Resources
Security Policies
Security Policy Components
Implementation of Info Security Policies
Administrative Processes and Procedures
Access Control Types
Access Security Policy Principles
Identity Management and Compliance
Authentication Factors
Remote Access
User Registration
How to Enforce Policy and Standards Compliance
Types of Third Party Relationships
Methods for Managing Info Security Regarding Third Parties
Security Service Providers
Third Party Contract Provisions
Methods to Define Security Requirements in SLA's, Security Provisions and SLA's, and Methods to Monitor Security
How to Enforce Contractual Info Security Controls
Code Development
Common Techniques for Security Enforcement
How to Enforce Info Security During Systems Development
Methods of Monitoring Security Activities
Impact of Change and Configuration Management Activities
How to Maintain Info Security Within an Organization
Due Diligence Activities
Types of Due Diligence Activities
Reviews of Info Access
Standards of Managing and Controlling Info Access
How to Provide Info Security Advice and Guidance
Info Security Awareness
Types of Info Security Stakeholders
Methods of Stakeholder Education
Security Stakeholder Education Process
How to Provide Info Security Awareness and Training
Methods of Testing the Effectiveness of Info Security Control
The Penetration Testing Process
Types of Penetration Testing
Password Cracking
Social Engineering Attacks
Social Engineering Types
External Vulnerability Reporting Sources
Regulatory Reporting Requirements
Internal Reporting Requirements
How to Analyze the Effectiveness of Info Security Controls
Noncompliance Issues
Security Baselines
Events Affecting the Security Baseline
Info Security Problem Management Process
How to Resolve Noncompliance Issues

Incident Management and Response

Incident Response Capability
Components of Incident Response
BIA Phase
Alternate Sites
Develop a BCP
Develop a DRP
Data Backup Strategies
Data Backup Types
Data Restoration Strategies
Info Incident Management Practices
Trigger Events and Types of Trigger Events
Methods of Containing Damage
How to Develop an IRP
Escalation Process
Notification Process
Crisis Communication
How to Establish an Escalation Process
Internal Reporting Requirements
External Reporting Requirements
Communication Process
How to Develop a Communication Process
Methods of Identifying Business Resources Essential to Recovery
How to Integrate an IRP
Role of Primary IRT Members and Role of Additional IRT Members
Response Team Tools and Equipment
How to Develop IRT's
BCP testing
Disaster Recovery Testing
Schedule Disaster Recovery Testing
Refine IRP
How to Test an IRP
Damage Assessment
Business Impacts Cause by Security Incidents
How to Manage Responses to Info Security Incidents
Computer and Digital Forensics
Forensic Requirements for Responding to Info Security Incidents
Evidence Life Cycle
Evidence Collection
Evidence Types
Five Common Rules of Evidence
Chain of Custody
How to Investigate an Info Security Incident
PIR Methods
Security Incident Review Process
Investigate Cause of a Security Incident
Identify Corrective Actions
Reassess Security Risks After a Security Incident
How to Conduct a Post-Incident Review
Outro - Pre Test/Test Strategy
Post Test

Why become a Cybersecurity Engineer?

Growing Demand for Cybersecurity Professionals

The field of cybersecurity is experiencing rapid growth, driven by the escalating number and complexity of cyber threats. Both public and private sectors are investing heavily in cybersecurity measures to protect sensitive information and secure critical infrastructure. This increased investment has created a substantial demand for cybersecurity professionals, and the job market is teeming with opportunities. By becoming a cybersecurity engineer, you position yourself at the forefront of a booming industry with a multitude of career prospects.

Lucrative Salaries and Career Advancement

Cybersecurity professionals are highly sought after, and as a result, they enjoy attractive salaries and excellent benefits. The specialized skills and expertise required in this field command a premium in the job market. Furthermore, as you gain experience and demonstrate your capabilities, the potential for career advancement becomes significant. Cybersecurity engineers can progress to leadership positions, such as Chief Information Security Officer (CISO), and take on strategic roles in shaping an organization's security posture.

Global Relevance and Job Security

Cybersecurity is a global concern affecting organizations of all sizes and industries worldwide. The need for cybersecurity professionals extends beyond borders, making it a globally relevant field. By becoming a cybersecurity engineer, you equip yourself with skills that are in demand not only locally but also internationally. Job security in the field of cybersecurity is robust, as the increasing threat landscape ensures a constant need for skilled professionals to protect against attacks and mitigate risks.

Continuous Learning and Growth

The field of UX/UI design is dynamic and ever-evolving. To stay competitive, designers need to keep learning and adapting to new technologies and design trends. This continuous learning keeps the work interesting and provides opportunities for personal and professional growth.

Opportunities for growth

As software testers gain experience and develop their skills, they can take on more challenging roles and responsibilities. This can lead to promotions and career advancement opportunities. Most Manual testers progress to QA automation, Software development, DevOps, or Cloud Engineering.

Our Talents Work Here

Our talentstories

We connect learners with peers and experts from around the world, facilitating networking and collaboration opportunities.

IBT Training's DevOps course provided a comprehensive and insightful learning experience with valuable hands-on exercises. While the internship placement was beneficial, additional guidance could enhance the overall transition. Overall, IBT Training lays a solid foundation for entering the DevOps field.

Olaniyan Olatunde Kubernetes Admin, Microsoft

Enrolling in this course proved career-defining, offering invaluable knowledge and a guaranteed internship. It set me on a path to success, delivering everything promised—free certification, ongoing learning, and the ability to pass my sec+ on the first try.

Solomon Awuku Cybersecurity Analyst, Tek Computers

Upon completing the class, I felt confident and prepared to embark on a career in cybersecurity. The skills and knowledge I acquired have already proven invaluable, as I find myself better equipped to tackle real-world challenges and contribute to the protection of digital assets.


"IBT Learning is an outstanding tech school, with experienced teachers. Graduates gain hands-on experience with management tools such as Git, Maven, Nexus, SonarQube, Ansible, Docker for microservices, Kubernetes for container orchestration, and Terraform for Infras as Code"

Landric N DevOps Engineer, Transportation Insight

Your Questions, Answered

What is the Certified Information Security Manager (CISM) course?

The CISM course is designed for those looking to enter into risk management, security auditing, compliance, or executive management as a CSO, CTO, or CIO. It provides comprehensive training in global practices of IT security, making those who earn the certification highly sought after by employers​.

How can I access the CISM course?

The course can be accessed through ITU Online’s All Access Monthly Subscription, which also provides access to over 2,500 hours of on-demand content. You can start a 7-day free trial with no obligation, and you can cancel anytime.

What are the benefits of acquiring CISM certification?

CISM certification provides credibility, strengthens interactions with stakeholders, peers, and regulatory bodies, and is ideal for those looking to transition from an individual contributor role into a management position in the field of cybersecurity​.

What topics does the CISM certification exam cover?

The CISM exam focuses on four main areas: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management. Each of these areas is designed to test the candidate’s proficiency in information security management knowledge and skills​.

What is the format of the CISM certification exam?

The CISM certification exam consists of 150 multiple-choice questions that test the candidate’s proficiency in four information security management areas​.