Certified Information Security Manager (CISM)

ISACA’s Certified Information Security Manager (CISM) certification indicates expertise in information security governance, program development and management, incident management and risk management. Take your career out of the technical realm to management!


The management-focused CISM certification promotes international security practices and recognizes the individual who manages, designs, oversees and assesses an enterprise’s information security.

Around the world, demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area. The uniquely management-focused CISM certification ensures holders understand business and know how to manage and adapt technology to their enterprise and industry. Since its inception in 2002, more than 30,000 professionals worldwide have earned the CISM to affirm their high level of technical competence and qualification for top-caliber leadership and management roles.


This course does not include the CISM exam. 

Course Information

Price: $2,395.00
Duration: 5 days
Certification: Yes
Learning Credits:
Course Delivery Options

Check out our full list of training locations and learning formats. Please note that the location you choose may be an Established HD-ILT location with a virtual live instructor.

Train face-to-face with the live instructor.

Access to on-demand training content anytime, anywhere.

Attend the live class from the comfort of your home or office.

Interact with a live, remote instructor from a specialized, HD-equipped classroom near you. An SLI sales rep will confirm location availability prior to registration confirmation.

All Sunset Learning dates are guaranteed to run!



As the case with the CISM certification exam, the candidates are required to have a minimum of five years of experience in information security management. Experience in the fields of information security governance, risk management, compliance, and incident management is also preferable.


Target Audience:

ISACA’s Certified Information Security Manager (CISM) certification is for those with technical expertise and experience in IS/IT security and control and wants to make the move from team player to manager. CISM can add credibility and confidence to your interactions with internal and external stakeholders, peers and regulators.


Course Objectives:

ISACA’s Certified Information Security Manager (CISM) certification brings credibility to your team and ensures alignment between the organization’s information security program and its broader goals and objectives. CISM can validate your team’s commitment to compliance, security, and integrity and increase customer retention!

  • CISM demonstrates a deep understanding of the relationship between information security programs and broader business goals and objectives.
  • Earning a CISM is considered a great way to pave the path from security technologist to the security manager.
  • CISM holders are consistently recognized among the most qualified professionals in the information security and risk management fields.
  • CISM-certified employees provide enterprises with an information security management certification recognized by organizations and clients around the globe.
  • The credibility CISM offers is strengthened by its real-world experience requirement.


Course Outline:

CISM Exam overview and tips for preparation

  • Review questions with answers and explanations

Domain 1: Information Security Governance

  • Designing a strategy and governance framework
  • Gaining management support and approval
  • Implementing the security strategy

Domain 2: Information Risk Management

  • Risk identification
  • Risk analysis and treatment
  • Risk monitoring and reporting

Domain 3: Information Security Program Development and Management

  • Alignment and resource management
  • Standards, awareness, and training
  • Building security into processes and practices
  • Security monitoring and reporting

Domain 4: Information Security Incident Management

  • Planning and integration
  • Readiness and assessment
  • Identification and response