Upgrade your skills with an extra 25% off selected courses with codeMTA25

Certified Information Security Manager (CISM)

99.0000 2023-12-30 CISM 99.0000
104 104 104 0 The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area. CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry. https://mytrainingacademy.org.uk/pub/media/catalog/product/9/_/9_1.jpg
  • Price

    £99.00 including VAT (was £395.00)

    Offer ends 30 June 2024

    Save £296.00
  • Course Type Online Course
  • Course Duration 13 Hours
  • Course Access 12 Months
  • Awarded By ISACA
  • Student Discount Card All students enrolled on this course are eligible to apply for a TOTUM Pro card
The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area. CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.
Course Description

Our CISM course, originally released in February 2021, remains current despite updates to the CISM curriculum and domains on June 1, 2022. The changes were not significant enough to warrant a new course, ensuring that our existing material continues to provide comprehensive preparation for the CISM certification.

The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area. CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.

CISM Certification:

  • Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives
  • Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program
  • Puts you in an elite peer network
  • Is considered essential to ongoing education, career progression and value delivery to enterprises.

My Training Academy's CISM course is designed to help learners to pass the ISACA CISM exam.

What's included in this CISM Online Course?

  • 12 months unlimited access.
  • Online video tutorials created by expert instructors.
  • Practice quizzes after each module.
  • Mock exam at the end of each course.
  • Flashcard and educational games.
  • MTA Course completion certificate.

To apply for the CISM certification you must have a minimum of five years of professional information systems management experience. If you do not have this experience, you can complete the course, pass your exam and gain the experience later, as long as it is achieved within a period of five years.

The CISM course has been designed to give you real-world knowledge that you can put to use from day one. It's highly flexible, so you can set your own timetable and study at your own pace. 

Learn with confidence

We’re so certain that you’ll get great value from our CISM course that we offer a 14 Day 100% Money Back Guarantee.

Our students frequently recommend our courses to their friends, family and colleagues, so it’s vitally important to us that you are 100% satisfied with the service you receive from My Training Academy.

If you’re not entirely satisfied, then you will receive a full refund.

Click the “Add to Basket” button to book your course today.

Bulk discounts

Bulk discounts are available on purchases of 10 or more courses.

If you wish to discuss a large individual order for this course, and/or would like to be invoiced in advance, please call our sales team on 0808 175 1269 to make an enquiry.

Course Assessment Process

To earn your official CISM certification from ISACA, you will need to study this training course and achieve a passing mark for the CISM exam. 

To prepare you for your exam, we provide interactive quizzes after each module and a mock exam at the end of your course to ensure you’re fully prepared for the real thing. Once you’ve passed with at least 85%, you’ll be ready to book your exam as a private candidate. To make life easier, we can help you find an appropriate exam centre and give you all the information you need to secure your place.

Please note that the CISM exam fees aren’t included in the course price. To find the latest exam prices, visit:

Once you’re fully prepared and ready to sit your exam, all you’ll have to do is register with ISACA, purchase your exam and sit your exam either online or at a test centre near you. Online testing offers you the ease and convenience to test for your certification from any quiet, distraction-free and secure location at any time.

Got a question about exams? Contact our course advisors by email or by phone on 0808 175 1269. We're happy to help!


Our training works on all devices including Mobile phones, IPad’s, Android tablets, Macs and PC’s.

For the best viewing experience on our state-of-the-art eLearning platform we recommend an internet connection of 10Mbps or better. Please also use Google Chrome or Mozilla Firefox as your browser with Adobe Flash Player.

Looking for more information?
What are the eligibility requirements for the CISM certification?
The requirements for the CISM certification are listed on ISACA’s website here: https://www.isaca.org/
How long is the CISM exam?
The CISM exam has a time limit of 4 hours.
What is CISM?
The Certified Information Security Manager (CISM) qualification is an international professional certification offered by ISACA for Information Security Managers. The certification recognises an individual's ability to design, implement and manage an information security programme.

CISM is globally recognised as one of the most prestigious certifications for Information Security Managers. CISM-certified professionals are in high demand and the certification can help individuals to progress in their careers and earn higher salaries.
Is CISM worth it?
Certified Information Security Manager (CISM) is worth considering for information security professionals. Earning your CISM demonstrates your commitment to information security and throws your hat in the ring for management-level positions.
How to register and schedule the CISM exam
The CISM exam is offered via a computer-based testing (CBT) session, which is available online, or at a PSI exam centre all year round. All candidates must first register online directly with ISACA (https://www.isaca.org/credentialing/cism/cism-exam). They will then receive email instructions on how to schedule an exam appointment.
How long will it take to complete the CISM course?
The CISM course requires 13 hours to complete. This is only a guide to the learning hours required and it depends on how quickly an individual can absorb the information. The learning is online so it can be spread out over multiple sessions or done in one session.

Learners will have access to the CISM course for up to 12 months from the date of joining. There is no time limit to complete the course during this period.
What experience does the course instructor have?
We only use the industry’s finest instructors to develop our courses. They have a minimum of 10 years real-world experience and are subject matter experts in their fields.
What happens after I buy the course?
You will instantly receive a confirmation email with your order details and your course login details will follow within one business working day.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 14 days and we will give you a full refund.
Will I receive assistance with booking my exam?
Yes. You can call or email us whenever you are ready to sit the exam.
How much is the CISM exam?
CISM Exam is $575 for ISACA Members or $760 for Non-members
Why is the price so low?
We are committed to providing high quality training courses in vital skills at an affordable price. The cost of our courses and bundle offers reflect that commitment.
When can I enrol on a course?
We do not have set term dates, therefore you can enrol on a course at any time and study at a pace that suits you.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 14 days and we will give you a full refund.
Does the course reflect the changes made to the CISM curriculum on June 1, 2022?
The changes made to the CISM curriculum were deemed minor and did not warrant the creation of a new course. Our existing course remains comprehensive and relevant for CISM certification preparation.

The updates include:

• Some topics moved from one domain to another.
• Domain weight changes.
• Slightly more technical content.
• Increased focus on management/tactical aspects and reduced emphasis on governance.
• Introduction of new topics such

How did the domain weights change with the June 2022 update?

Before June 1, 2022:

• Domain 1: Information Security Governance – 24% (36 questions)
• Domain 2: Information Risk Management – 30% (45 questions)
• Domain 3: Information Security Program Development and Management – 27% (40 questions)
• Domain 4: Information Security Incident Management – 19% (29 questions)

After June 1, 2022:

• Domain 1: Information Security Governance – 17% (-7%) (25 questions)
• Domain 2: Information Security Risk Management – 20% (-10%) (30 questions)
• Domain 3: Information Security Program – 33% (+6%) (50 questions)
• Domain 4: Incident Management – 30% (+11%) (45 questions)

Will the current CISM course still help me prepare for the certification exam?

Yes, despite the updates, the current CISM course remains a valuable training resource and will help you prepare effectively for the CISM certification exam.
If we haven't answered your questions, please submit a question. We are happy to help and answer any questions you might have.
Career Path

We've put together a list of relevant job titles you can apply for after achieving the CISM certification (note that some careers may require further study, training and/or work experience):

  • IT Risk Manager
  • Information Security Manager
  • Network Security Specialist
  • IT Security Officer
  • Cyber Security Manager
  • IT Security Incident Manager

Career Advice

Once you enrol on a course with us, you'll have full access to our recruitment package for a wide range of information and advice - including:

  • How to put together a killer CV, Covering Letters and Thank You email's.
  • How to gain relevant work experience.
  • How to prepare for interviews.
  • How to understand Job adverts.
  • How to choose the right recruitment agency.
  • How to look for work on LinkedIn.
  • Information on dealing with redundancy.

Our careers advice section is available for you to see now. For more information about our career advice services, contact us on 0808 175 1269 to speak with one of our friendly course advisors today.

Course Outline

This course covers the following modules:

Domain 1: Information Security Governance

  • CISM Introduction
  • Information Security
  • Business Goals, Objectives, and Functions
  • Business Goals and Information Security
  • Information Security Threats
  • Information Security Management
  • Identity Management
  • Data Protection
  • Network Security
  • Personnel Security
  • Facility Security
  • Security Compliance and Standards
  • Information Security Strategy
  • Inputs and Outputs of the Informtion Security Strategy
  • Processes in an Information Security Strategy
  • People in an Information Security Strategy
  • Technologies in an Indormation Security Strategy
  • Logical and Physical Information Security Strategy Architectures
  • Information Security and Business Functions
  • Information Security Policies and Enterprise Objectives
  • International Standards for the Security Management
  • ISO/IEC 27000 Standards
  • International Info Government Standards
  • Information Security Government Standards in the United States
  • Methods of Coordinating Information Security Activites
  • How to Develop an Information Security Strategy
  • Information Security Governance
  • Role of the Security in Governance
  • Scope of Information Security Governance
  • Charter of Information Security Governance
  • Information Security Governance and Enterprise Governance
  • How to Align Information Security Strategy with Corporate Governance
  • Regulatory Requirements and Information Security
  • Business Impact of Regulatory Requirements
  • Liability Management
  • Liability Management Strategies
  • How to Identify Legal and Regulatory Requirements
  • Business Case Development
  • Budgetary Reporting Methods
  • Budgetary Planning Strategy
  • How to Justify Investment in Info Security
  • Organizational Drivers
  • Impact of Drivers on Info Security
  • Third Party Relationships
  • How to Identify Drivers Affecting the Organization
  • Purpose of Obtaining Commitment to Info Security
  • Methods for Obtaining Commitment
  • ISSG
  • ISSG Roles and Responsibilities
  • ISSG Operation
  • How to Obtain Senior Management's Commitment to Info Security
  • Info Security Management Roles and Responsibilities
  • How to Define Roles and Responsibilities for Info Security
  • The Need for Reporting and Communicating
  • Methods for Reporting in an Organization
  • Methods of Communication in an Organization
  • How to Establish Reporting and Communicating Channels

Domain 2: Risk Management

  • Risk
  • Risk Assessment
  • Info Threat Types
  • Info Vulnerabilities
  • Common Points of Exposure
  • Info Security Controls
  • Types of Info Security Controls
  • Common Info Security Countermeasures
  • Overview of the Risk Assessment Process
  • Factors Used in Risk Assessment and Analysis
  • Risk Assessment Methodologies
  • Quantitative Risk Assessment - Part 1
  • Quantitative Risk Assessment - Part 2
  • Qualitative Risk Assessment
  • Hybrid Risk Assessment
  • Best Practices for Info Security Management
  • Gap Analysis
  • How to Implement an Info Risk Assessment Process
  • Info Classification Schemas
  • Components of Info Classification Schemas
  • Info Ownership Schemas
  • Components of Info Ownership Schemas
  • Info Resource Valuation
  • Valuation Methodologies
  • How to Determine Info Asset Classification and Ownership
  • Baseline Modeling
  • Control Requirements
  • Baseline Modeling and Risk Based Assessment of Control Requirements
  • How to Conduct Ongoing Threat and Vulnerability Evaluations
  • BIA's
  • BIA Methods
  • Factors for Determining Info Resource Sensitivity and Critically
  • Impact of Adverse Events
  • How to Conduct Periodic BIA's
  • Methods for Measuring Effectiveness of Controls and Countermeasures
  • Risk Mitigation
  • Risk Mitigation Strategies
  • Effect of Implementing Risk Mitigation Strategies
  • Acceptable Levels of Risk
  • Cost Benefit Analysis
  • How to Identify and Evaluate Risk Mitigation Strategies
  • Life Cycle Processes
  • Life Cycle-Based Risk Management
  • Risk Management Life Cycle
  • Business Life Cycle Processes Affected by Risk Management
  • Life Cycled-Based Risk Management Principles and Practices
  • How to Integrate Risk Management Into Business Life Cycle Processes
  • Significant Changes
  • Risk Management Process
  • Risk Reporting Methods
  • Components of Risk Reports
  • How to Report Changes in Info Risk

Domain 3: Information Security Program

  • Info Security Strategies
  • Common Info Security Strategies
  • Info Security Implementation Plans
  • Conversation of Strategies Into Implementation Plans
  • Info Security Programs
  • Info Security Program Maintenance
  • Methods for Maintaining an Info Security Program
  • Succession Planning
  • Allocation of Jobs
  • Program Documentation
  • How to Develop Plans to Implement an Info Security Strategy
  • Security Technologies and Controls
  • Cryptographic Techniques
  • Symmetric Cryptography
  • Public Key Cryptography
  • Hashes
  • Access Control
  • Access Control Categories
  • Physical Access Controls
  • Technical Access Controls
  • Administrative Access Controls
  • Monitoring Tools
  • IDS's
  • Anti-Virus Systems
  • Policy-Compliance Systems
  • Common Activities Required in Info Security Programs
  • Prerequisites for Implementing the Program
  • Implementation Plan Management
  • Types of Security Controls
  • Info Security Controls Development
  • How to Specify info Security Program Activities
  • Business Assurance Function
  • Common Business Assurance Functions
  • Methods for Aligning info Security Programs with Business Assurance Functions
  • How to Coordinate Info Security Programs with Business Assurance Functions
  • SLA's
  • Internal Resources
  • External Resources
  • Services Provided by External Resources - Part 1
  • Services Provided by External Resources - Part 2
  • Skills Commonly Required for Info Security Program Implementation
  • Dentification of Resources and Skills Required for a Particular Implementation
  • Resource Acquisition Methods
  • Skills Acquisition Methods
  • How to Identify Resources Needed for Info Security Program Implementation
  • Info Security Architectures
  • The SABSA Model for Security Architecture
  • Deployment Considerations
  • Deployment of Info Security Architectures
  • How to Develop Info Security Architecture
  • Info Security Policies
  • Components of Info Security Policies
  • Info Security Policies and the Info Security Strategy
  • Info Security Policies and Enterprise Business Objectives
  • Info Security Policy Development Factors
  • Methods for Communicating Info Security Policies
  • Info Security Policy Maintenance
  • How to Develop Info Security Policies
  • Info Security Awareness Program, Training Programs, and Education Programs
  • Security Awareness, Training, and Education Gap Analysis
  • Methods for Closing the Security Awareness, Training, and Education Gaps
  • Security-Based Cultures and Behaviors
  • Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
  • How to Develop Info Security Awareness, Training, and Education Programs
  • Supporting Documentation for Info Security Policies
  • Standards, Procedures, Guidelines, and Baselines
  • Codes of Conduct
  • NDA's
  • Methods for Developing Supporting Documentation
  • Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
  • Methods for Maintaining Supporting Documentation
  • C and A
  • C and A Programs
  • How to Develop Supporting Documentation for Info Security Policies

Domain 4: Information Security Program Implementation

  • Enterprise Business Objectives
  • Integrating Enterprise Business Objectives & Info Security Policies
  • Organizational Processes
  • Change Control
  • Merges & Acquisitions
  • Organizational Processes & Info Security Policies
  • Methods for Integrating Info Security Policies & Organizational Processes
  • Life Cycle Methodologies
  • Types of Life Cycle Methodologies
  • How to Integrate Info Security Requirements Into Organizational Processes
  • Types of Contracts Affected by Info Security Programs
  • Joint Ventures
  • Outsourced Provides & Info Security
  • Business Partners & Info Security
  • Customers & Info Security
  • Third Party & Info Security
  • Risk Management
  • Risk Management Methods & Techniques for Third Parties
  • SLA's & Info Security
  • Contracts & Info Security
  • Due Diligence & Info Security
  • Suppliers & Info Security
  • Subcontractors & Info Security
  • How to Integrate Info Security Controls Into Contracts
  • Info Security Metrics
  • Types of Metrics Commonly Used for Info Security
  • Metric Design, Development & Implementation
  • Goals of Evaluating Info Security Controls
  • Methods of Evaluating Info Security Controls
  • Vulnerability Testing
  • Types of Vulnerability Testing
  • Effects of Vulnerability Assessment & Testing
  • Vulnerability Correction
  • Commercial Assessment Tools
  • Goals of Tracking Info Security Awareness, Training, & Education Programs
  • Methods for Tracking Info Security Awareness, Training, & Education Programs
  • Evaluation of Training Effectiveness & Relevance
  • How to Create Info Security Program Evaluation Metrics

Domain 5: Information Security Program Management

  • Management Metrics
  • Types of Management Metrics
  • Data Collection
  • Periodic Reviews
  • Monitoring Approaches
  • KPI's
  • Types of Measurements
  • Other Measurements
  • Info Security Reviews

Domain 6: Incident Management and Response

  • Management Metrics
  • Types of Management Metrics
  • Data Collection
  • Periodic Reviews
  • Monitoring Approaches
  • KPI's
  • Types of Measurements
  • Other Measurements
  • Info Security Reviews
  • The Role of Assurance Providers
  • Comparing Internal and External Assurance Providers
  • Line Management Technique
  • Budgeting
  • Staff Management
  • Facilities
  • How to Manage Info Security Program Resources
  • Security Policies
  • Security Policy Components
  • Implementation of Info Security Policies
  • Administrative Processes and Procedures
  • Access Control Types
  • ACM
  • Access Security Policy Principles
  • Identity Management and Compliance
  • Authentication Factors
  • Remote Access
  • User Registration
  • Procurement
  • How to Enforce Policy and Standards Compliance
  • Types of Third Party Relationships
  • Methods for Managing Info Security Regarding Third Parties
  • Security Service Providers
  • Third Party Contract Provisions
  • Methods to Define Security Requirements in SLA's, Security Provisions and SLA's, and Methods to Monitor Security
  • How to Enforce Contractual Info Security Controls
  • SDLC
  • Code Development
  • Common Techniques for Security Enforcement
  • How to Enforce Info Security During Systems Development
  • Maintenance
  • Methods of Monitoring Security Activities
  • Impact of Change and Configuration Management Activities
  • How to Maintain Info Security Within an Organization
  • Due Diligence Activities
  • Types of Due Diligence Activities
  • Reviews of Info Access
  • Standards of Managing and Controlling Info Access
  • How to Provide Info Security Advice and Guidance
  • Info Security Awareness
  • Types of Info Security Stakeholders
  • Methods of Stakeholder Education
  • Security Stakeholder Education Process
  • How to Provide Info Security Awareness and Training
  • Methods of Testing the Effectiveness of Info Security Control
  • The Penetration Testing Process
  • Types of Penetration Testing
  • Password Cracking
  • Social Engineering Attacks
  • Social Engineering Types
  • External Vulnerability Reporting Sources
  • Regulatory Reporting Requirements
  • Internal Reporting Requirements
  • How to Analyze the Effectiveness of Info Security Controls
  • Noncompliance Issues
  • Security Baselines
  • Events Affecting the Security Baseline
  • Info Security Problem Management Process
  • How to Resolve Noncompliance Issues
Training Features
  • feature

    We only uses the industry’s finest instructors to develop our courses. They have a minimum of 15 years real-world experience and are subject matter experts in their fields. Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This creates a personal learning experience and gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.

  • feature

    Our custom practice exams prepare you for your exams differently and more effectively than the traditional exam preps on the market. You will have practice quizzes after each module to ensure you are confident on the topic you have completed before proceeding. This will allow you to gauge your effectiveness before moving to the next module in your course. Our Courses also include practice exams designed to replicate and mirror the environment in the testing centre. These exams are on average 100 questions to ensure you are 100% prepared before taking your certification exam.

  • feature

    Our courseware includes instructor-led demonstrations and visual presentations that allow students to develop their skills based on real world scenarios explained by the instructor. Our Courseware always focuses on real world scenarios and skill-set development.

  • feature

    Our self-paced training programs are designed in a modular fashion to allow you the flexibility to work with expert level instruction anytime 24/7. All courses are arranged in defined sections with navigation controls allowing you to control the pace of your training. This allows students to learn at their own pace around their schedule.

  • feature

    We Have designed a world class Learning Management System (LMS). This system allows you to interact and collaborate with other students, form study groups, engage in discussions in our NOW@ Forums, rate and “like” different courses and stay up to date with all the latest industry knowledge through our forums, student contributions and announcement features. This LMS is unmatched in the industry and makes learning fun and enjoyable.

  • feature

    Our Courseware knows that education is not a one size fits all approach. Students learn in different ways through different tools. That is why we provide Flash Cards and Education Games throughout our courses. This will allow you to train in ways that keep you engaged and focused. Each course will have dozens of Flash Cards so you can sharpen your skill-sets throughout your training as well as educational games designed to make sure your retention level of the materials is extremely high.

  • feature

    Each student will have 12 months unlimited access to allow you to have access to the training anytime 24/7.

Payment Options

For purchases of 1 to 9 user enrolments select the number of users you require and add the course to your shopping basket by selecting Add to Basket. You will then be able to make payment using most credit and debit cards or a PayPal account. Once payment is confirmed, we’ll process your order and email your course login instructions.

For a licence for 10 or more user enrolments, discounts, or if you would like to pay by BACs transfer or by invoice, please contact us on 0808 175 1269 or email sales@mytrainingacademy.org.uk.

Purchase Order Payments: To pay and enrol for courses using a purchase order (PO), please email your PO details to sales@mytrainingacademy.org.uk.


All students enrolled on this course are eligible to apply for a TOTUM PRO Card, which offers discounts in a wide range of shops and websites, helping you get money off food, holidays and flights, clothes, make-up gym memberships and much more.

TOTUM PRO card is aimed at professional learners, giving you access to exclusive discounts. Explore the full list of offers.

Student Reviews

We make it our absolute mission to give you the training you need and the service you deserve. Hear what our students say about us...

£395.00 £99.00

Save £296.00

Was £395.00 (Offer ends 30/06/2024)
Certified Information Security Manager (CISM)
Enquire now

Speak to an advisor

+44 (0)808 175 1269

This is a local rate number


Spread the cost

Interest-free instalments


14-Day money-back guarantee

Buying for your team?

Enquire now



We're trusted by
Individuals, small businesses and large corporations who continuously put their trust in My Training Academy.
We are privileged to have trained individuals who work for some of the world’s largest companies, including: