CISM explained
Learn all you need to know about CISM (Certified Information Security Manager), including how to get certified, the benefits of CISM and exam preparation.
What is CISM?
The official ISACA CISM (Certified Information Security Manager) training course focuses on the construction, development, and governance of information security operations. It showcases a professional’s advanced knowledge, practical experience, and capability in managing enterprise-level information security programmes, including security governance, risk management, and incident handling.
What does a CISM certification cover?
These are the four key domains that are covered in a CISM certification course:
- Information Security Governance: The first domain covers the essentials of Information Security Governance, including how to manage third party relationships, information security metrics and how to develop and implement a strategy.
- Information Risk Management and Compliance: The second domains teaches learners how to assess, monitor and manage risks, as well as an understanding of asset management and recovery time objectives.
- Information Security Program Development and Management: The third domain focuses on the development and management of information security programs, including how to develop a framework and create a roadmap. It also looks at how to measure operational performance and the metrics behind your security programs.
- Information Security Incident Management: The final domain focuses on Incident Management and will cover business continuity and recovery procedures in the worst-case scenarios. Delegates will also learn about ISACA’s code of professional ethics and wider considerations around laws, regulations and ethics.
Why is CISM important?
Demand for skilled security professionals is ever-increasing, and CISM is accepted as the universal standard to strive towards within the world of information security. It is a qualification that represents expertise and commitment to the field.
Those who hold a CISM certification are often identified as the most certified professionals in information security, and those that can recognise the role that security programmes play in the larger goals of an organisation.
It is considered to be an essential certification for IT and security professionals.
What are the benefits of becoming CISM Certified?
CISM empowers learners with the skills to design, deploy and manage security architecture within a business. It ensures that learners are equipped to manage on-going security programmes, as well as essential compliance and governance framework.
Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification. It is a globally recognised professional requirement in the IT security domain and one that is suitable to a range of IT and security roles.
What are the prerequisites of a CISM certification?
To gain a CISM certification, a learner must:
- Pass the CISM examination
- Submit an application for CISM certification
- Pay an application fee directly to ISACA
- Adhere to the Code of Professional Ethics
- Dedicate to the Continuing Professional Education Program
- Compliance with the Information Security Standards
What experience do I need to take a CISM certification course?
CISM is suitable for a number of different roles in IT and cyber security, including but not limited to: security consultants and managers, IT directors and managers, security auditors and architects, security systems engineers, chief information security officers, compliance officers and information security managers.
CISM training courses
CISM Exam Preparation
There are a number of resources and training materials available to help you in preparing for the CISM exam.
Study Resources
Given the depth and breadth of topics covered, preparing for CISM requires thorough study and commitment.
QA offers official CISSP training, with additional study resources within the QA group platform. These programs are often designed for working professionals, balancing hands-on learning with theoretical study.
You can also explore exam preparation and study materials from ISACA on their website.
CISM Exam Tricks & Tips
- The main aim of CISM is to align security with overarching business goals. Try to think like a manager and not just an IT or security specialist.
- Exam questions often relate to practical risk and governance decisions, so try to apply real-world-thinking.
- Take some time to familiarise yourself with ISACA terminology.
- Build confidence by practicing with questions that match the style of the exam.
The CISM Exam
The CISM exam is a four-hour, multiple-choice exam with 150 questions. The exam covers the four main domains, explained above: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management and Information Security Incident Management.
After Certification
CISM certification holders must maintain their credential through ISACA’s Continuing Professional Education (CPE) programme. Learn more here.
Why choose QA for CISM training?
Proud partner of ISACA
At QA, we can prepare you for the Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and Certificate of Cloud Auditing Knowledge (CCAK) exams.
Training led by cyber security experts
QA is an accredited, elite partner of ISACA: our trainers are recognised as having demonstrated excellence in the areas they teach.
Let's talk
Start your digital transformation journey today
Contact us today via the form or give us a call
