Certified Information Security Manager (CISM)

Disclaimer: Tech-Act is an independent training services provider. Any use of third party trademarks, brand names, products and services is only referential.Tech-Act disclaims any sponsorship, affiliation or endorsement of or by any third parties. Tech-Act is an authorized training partner only where explicitly stated and as listed here.


IT Certification Training Courses
mta certification
microsoft technology associate certification
mcsa certification

Certified Information Security Manager (CISM)

About This Course

An independent association, ISACA advocates for all the IT professionals involved in the field of risk management, information security, governance, assurance and compliance. Currently, ISACA serves more than 110,000 constituents. ISACA certified work as CIOs, IS auditors, security professionals/consultants and internal system auditors. ISACA certifications work in almost all the industry domains.

CISM is a management-oriented certification, which validates international security standards and authenticates an individual to design, administer and assess enterprise information security. An advanced level ISACA certification, CISM validates candidates to demonstrate expertise and knowledge required to manage and develop enterprise security programs. The certification is aimed at IT consultants, budding IT managers and information security personnel, who are involved in the support and maintenance of enterprise information security systems.

Who Should Attend This Course

CISM certification is globally accepted and is best for:

  • Chief risk/privacy/compliance personnel
  • IT/IS consultants
  • Information security personnel
  • CISO (Chief Information Security Officer)
  • Security system managers
  • Security architects and auditors
  • IT managers and directors
  • Security managers and consultants

Why This Course

The CISM certification from Tech-Act intends to nurture IT experts in the field of information security management. Designed to train professionals about international and industry-grade security expertise and practices for managing, assessing, administering and designing IT security for businesses of all sizes. The course helps you gain core skillsets to maintain security aspects of enterprise IT. Candidates develop and learn critical thinking abilities to help execute tasks needed to secure and manage information systems.

Most importantly, it is a globally accepted ISACA certifications and lucrative as well with businesses offering high salaries.

After you successfully complete the CISM course, you can:

  • Manage and develop information security
  • Administer incident management
  • Manage risk compliance

Administer Information security

Did you know that CISM certified professionals earn an average salary of around $122,291 / annum.   (Source: itcareerfinder.com)

Course Objectives

CISM certification from Tech-Act will train you on the important expertise required to deploy, manage and design enterprise security architecture. Aligned with ISACA prescribed practices, the course is meticulously devised to pass the CISM examination. Organizations as well as government enterprises expect IT professionals to possess a CISM certification. It is also essential to boost your career development and IT knowhow. This course arms you with the required skills and knowledge to manage compliance and security of your IT firm.

Course Prerequisites

5 years of experience in information security with a least of 3-year experience in information security management.

Course Benefits

Post the successful completion of this course, you learn about:

  • Information security management and development
  • Information security (IS) incident management
  • Information risk compliance and management
  • Information security governance.




This section discusses Certified Information Security Manager certification course. The certification is designed for those individuals seeking to enhance their skills, and be recognized for their expertise in Information Security Management. It explains security practices from around the world and identifies the individual’s knowledge and expertise in this area.

Introduction and Exam Prep

This section discusses the Certified Information Security Manager(CISM) exam. It covers what a CISM is , what are the requirements for a test candidate and explains 4 test domains and exam preparation tips.

Information Security Governance Structure

This section discusses the knowledge and tasks associated with a CISM effectively developing an Information Governance Structure. It talks about COBIT 5 as well as the first few task statements that ISACA expects a CISM to know and perform.

The Information Security Manager Role

This section explores the role of the CISM. It explains IS Governance in the realm of Enterprise Governance, the importance of the CISM to get Stakeholder buy-in, and implementing Build-Use Case scenarios. It also discusses establishing, maintaining, and communicating directives regarding policies, standards, procedures, and guidelines.

IS Standards

This section talks about standards, frameworks, and best practices related to IS Governance. It discusses ISO 27000, CORBIT 5, and PCI 3.x, as well as HIPAA to some extent. It also explains internal/external influences of an organization, the Capability Maturity Model, and the Balanced Scorecard.

IS Policies

This section explores Policies and how they drive the intent of the organization. It covers the importance of baselines and GAP assessments, and the development of a strategy.

IS Controls and Countermeasures

This section explores controls; the primary component of an IS program. It covers the types of controls (physical, technical, procedural, and IT/Non-IT) and explain both active and passive countermeasures. At the end It also dicusses the concepts of Defense-in-Depth and the importance of awareness and education.

Security and Audit Activities

This section discusses the topic of security and audit activities. It covers concept of an internal audit, external audit, frequency, and scope. It demonstrates the tools used in a security audit to assess threats and vulnerabilities.

Management and Organizational Structures

This section talks about getting buy-in from senior management. It covers many C-level roles like CEO, CIO, CISO, etc. and also discusses the roles and importance of organizational structures like HR, IT, and Finance. It also demonstrates the implementation of an IS program.

Reporting Requirements and Strategies

This section explains reporting requirements and strategies. It discusses whom to report to and the reasons that might necessitate to report. It also talks about What/When/Where to report.

IS Risk Management and Compliance

This section discusses the information that a CISM must understand in order to effectively apply risk management principles and practices to an IS program.

IS Asset Classification

This section discusses the necessary knowledge related to establishing an Information Asset Classification model. It explains what a Classification Model is and how to assign responsibilities for risk and asset ownership.

Risk Assessment and Management

This section discusses risk assessment and management processes. It covers trusted and reliable sources for threat intelligence and what kind of events should trigger re-assessment. It also explains the importance of understanding current threats and how to get plugged-in through different Information Sharing and Analysis Centers(ISACs).

Risk Assessment and Analysis Methods

This section discusses risk assessment and analysis methodologies and treatment strategies. It covers qualitative vs. quantitative risk assessment methods, risk reporting requirements and methods used to monitor risk.

NIST Assessment Methodology

This section dive into the NIST risk assessment methodology. It explains types of Risk Analysis such as Factor Analysis of Information Risk, Probabilistic Risk Assessment(PRA), and Risk Factor Analysis.

Risk Identification

This section discusses risk identification. It explains identifying threats and vulnerabilities and the differences between the two. It demonstrates how to calculate risk using APT formulas.

Risk Analysis Models

This section explores the different risk analysis models covered in the CISM exam. It covers qualitative, quantitative, and semi-quantitative risk analysis. It also explains risk analysis models like bayesian, bow-tie, and delphi.

Risk Treatment

This section discusses Risk Treatment. It covers different ways to treat risk such as to transfer, terminate, mitigate, or tolerate. It also explains Return Time Objective(RTO), Return Point Objective(RPO), and documentation.

IS Program Overview Objectives and Concepts

This section discusses 3rd domain of the CISM by overviewing objectives and concepts in said domain. It explains IS program trends and essential elements. and the outcomes of IS program management. It also covers specific IS program concepts like SDLC, QA, documentation, and technology resources.

IS Scope and Charter

This section discusses the Information Security Scope and Charter. It explains official ISACA description of IS and demonstrates the steps when developing an IS program, including GAP analysis, defining objectives, creating a roadmap, and conducting risk assessment.

IS Management Framework and Components

This section discusses IS Management frameworks and components. It covers COBIT 5 principles of IS Management, ISO/IEC 27000:2013 framework and generic operational components like IAM, event monitoring, change management, and incident response.

IS Roadmap

This section explains how to develop an IS roadmap as well as IS Infrastructure and Architecture. It dicusses defining and creating a Roadmap, moving on to the IS Infrastructure and Architecture development. It also covers Enterprise IS Architecture(EISA), Cap-Gemini, COBIT, The Open Group Architecture(TOGAF) and the Architecture Development Model(ADM).

Program Management Activities and Services

This section discusses IS Program management, Administrative Activities, Program Services, and Operational Activities. It covers Program checklist and key topics of Program Administration.

Controls and Countermeasures

This section explores controls and countermeasures in an IS program. It covers control categories, including Preventative, Detective, Corrective, Compensatory, and Deterrent.

Outsourcing Technology Services

This section discusses outsourcing technology services. It explains the advantages of leveraging cloud computing and characteristics of the cloud. It also covers the cloud computing models, security considerations, and standards/frameworks.

Incident Management Overview

This section takes a look at what will be covered in the 4th domain of the CISM exam. It covers the purpose of incident management and goals of incident management.

Incident Response Procedure

This section discusses incident response procedures. It explains the importance of IR and the outcomes of implementing good Incident Management. It also covers Incident Management concepts as well as Incident Management systems.

Management Organization

This section discusses the management organization of a CISM with regards the Incident Management and Incident Response. It covers the responsibilities and necessary knowledge base of an IM Manager and the resources available to an IM Manager.


This section discusses procedures and plan development for Incident Response. It explains creating a Plan of Action and Plan Development. It covers the importance of a Business Impact Analysis including the 3 primary goals of the BIA, BIA steps, Elements, and Benefits.


This section discusses business continuity and disaster recovery. It covers the strategies, concepts, and elements such as addressing threats, recovery sites, and methods for redundancy and resiliency.

Execution and Post Incident

This section discusses Incident Response execution as well as post-incident procedures. It covers documenting events and working with evidence in case of an actual incident.

Schedule & Fees

Online Instructor Led Certified Information Security Manager (CISM) Certification Training

Please contact us for more information on course fees and upcoming batch schedule.

Course FAQ

Why Tech-Act for CISM?

  • Expert team of experienced trainers
  • Practical and hands-on learning
  • Learning-friendly course framework
  • Exam relevant coursework
  • Online and traditional learning.

Do you have certified trainers onboard?

  • Yes, all our CISM trainers are industry experienced and certified with a decade of relevant experience in the domain.

What are the benefits of CISA?

CISM certification provides the following benefits:

  • Information security development and management
  • IS risk compliance
  • IS incident response and management
  • IS governance.

What’s the eligibility criteria to enroll?

Globally recognized, CISM certificate is apt for:

  • IT/IS consultants
  • IT managers and directors
  • Chief risk/privacy/compliance personnel
  • Security managers and consultants
  • CISO (Chief Information Security Officer)
  • Information security personnel
  • Security architects and auditors

Security system managers




Your Cart