CISM Course | CISM Training

4-day CISM course

Led by former ISACA President
Early booking fee of £1195.00 + vat
Call for more information on +44 (0) 20 8840 4496

CISM Course Description

It is important to select a training course which models itself on universally accepted technical practices. It provides thorough preparation of CISM exam preparation. The course is affiliated to ISACA and also provides official handbooks at the time of enrolling into the course


Achieving the CISM training demonstrates competency in the field of information security and is the standard for excellence in the profession CISM exam is recognized worldwide, by all industries, because it is the preferred designation for IS audit, control and security professionals.


The CISM course is meant for:

  • IT security professional that have at least 5 years experience in the front line.
  • Information security managers.
  • Information security personnel and others who need complete knowledge of information security management including CISOs, CIOs, CSOs and private officers.
  • Risk managers
  • Security auditors
  • BCP/DR personnel
  • Executive and operational managers

Domain1-Information Security Governance: It formulates information security processes to make sure that the information security norms are in line with the organisations objectives.

(1) Establish and maintain information security guidelines in line with the organizational targets to guide the organisation and management of the information security program.
(2) Establish and maintain an information security governance rules to help in activities that support the information security strategy.
(3) Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program.
(4) Establish and maintain information security policies to communicate management’s instructions and advice in the development of standards, procedures and guidelines.
(5) Develop business cases to support investments in information security.
(6) Identify internal and external influences to the organization
(7) Obtain commitment from senior management and support from other stakeholders to maximize implementation of the information security strategy.
(8) Define and communicate the roles and responsibilities of information security
(9) Establish, monitor, evaluate and report metrics

Domain 2-Information Risk Management And Compliance:  It includes managing of information risk to meet the organisations and comply with the organisations needs.
(1) Establish and maintain a process for classification of assets to make sure that measures taken to protect assets are appropriate.
(2) Identify legal, regulatory, organizational and other applicable requirements to manage risk.
(3) Ensure that risk assessments, vulnerability assessments and threat analyses are done after a certain time period to know about any risk to the organization’s information.
(4) Determine appropriate risk treatment options to manage risk.
(5) Evaluate information security controls to determine whether they are appropriate and effectively reduce risk.
(6) Identify the gap between current and desired risk levels to manage risk to an acceptable level.
(7) Integrate information risk management into business and IT processes
(8) Monitor existing risk to ensure that changes are identified and managed appropriately.
(9) Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision-making process.

Domain 3- Information Security Program Development And Management: To manage the information security program in accordance to the information security strategy.

(1) Establish and maintain the information security program in alignment with the information security strategy.
(2)  Ensure alignment between the information security program and other business functions
(3) Identify, acquire, manage and define requirements for internal and external resources to execute the information security program.
(4)  Establish and maintain information security architectures (people, process, technology) to execute the information security program.
(5)  Establish, communicate and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies.
(6)  Establish and maintain a program for information security awareness and training to promote a secure environment.
(7) Integrate information security requirements into organizational processes
(8)  Integrate information security requirements into contracts and activities of third parties like joint ventures, business partners, customers, etc to maintain the organization’s security baseline.
(9) Establish, monitor and periodically report program management and evaluate the effectiveness and efficiency of the information security program.

Domain 4- Information Security Incident Management: Plan, establish and manage the ability to know, enquire, react to and recover from information security incidents to minimize business impact.

(1) Establish and maintain an organizational definition of, and learn from past information security incidents to allow accurate identification of and response to incidents.
(2)  Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents.
(3)  Develop and implement processes to ensure the timely identification of information security incidents.
(4)  Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organizational requirements.
(5)  Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management.
(6) Organize, train and equip teams to effectively respond to information security incidents in a timely manner.
(7)  Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities.
(8)  Establish and maintain communication plans and processes to manage communication with internal and external entities.
(9)  Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.
(10)  Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan.

CISM Exam Registration Information

The ISACA exam takes up only twice a year in the months of June and December and the information pertaining to the date of examination and fee structure is available on ISACAs website. There are also special; discounts on the fees for those who register their names early for the exams as the candidates can just avail the discounts after joining the ISACA online.

To download the booking form or get more information on our standard CISM course, simply fill out the form on the right and we’d immediately get in touch to discuss your requirements.