CISM Training Boot Camp

You will leave the InfoSec Institute CISM boot camp with the knowledge and expertise to successfully pass the CISM exam the first time you take it. Our boot camp currently has the highest pass rate in the industry — 94%!

Award-Winning Training

For 20 years InfoSec has been one of the most awarded and trusted information security training vendors — 40+ industry awards!

Exam Pass Guarantee

We offer peace of mind with our Exam Pass Guarantee for Flex Pro students.

Track Record of Success

InfoSec Institute training courses have received 10,000+ 5-star reviews from our students!

CISM Course Overview

This program will reinforce the concepts required for successful completion of the ISACA CISM exam. The course includes five intense days of instructor-led training with a master of the CISM, as well as training in the form of:

  • The ISACA Official CISM Review Manual, covering all of the domains relevant to the CISM
  • Instructor-led class exam prep using the Official ISACA CISM Practice Question v8Database

In addition, our course is focused on competently preparing students for the CISM examination through testing of knowledge and the ability to apply it to real-world scenarios. You’ll get real insight from expert information security managers and consultants and expert mentoring from CISM-certified instructors.

Our CISM boot camp will analyze qualifications for these four key areas:

  1. Security governance — To effectively address the ever-growing challenges of providing protection to an organization’s assets, it is critical that senior
    management define the outcomes it wants from the information security program.
  2. Risk management — Asset classification/valuation is the essential part of an effective risk management program: the greater the value, the greater the impact, the greater the risk.
  3. Information security program management — The purpose of this area is to implement management’s strategy with respect to their governance: their “due diligence” and “due care” of protecting the corporation’s assets.
  4. Information security management — This area is focused on how to effectively manage unexpected (and expected) events, which may or may not be disruptive, and can be summed up in five words: identification, protection, detection, respond and recover.

Students who complete our five-day boot camp will gain a holistic perspective on effective, competent security management and consulting. Individuals involved in the information systems profession who have security experience will broaden their knowledge level and find excellent value in this next generation designation.

CISM boot camp

Rated 4.7/5 based on 29 customer reviews

Award-Winning Training

The Most Flexible Training — Guaranteed

Exam Pass Guarantee — If you don’t pass your exam on the first attempt, get a second attempt for free; includes the ability to re-sit the course for free for up to one year

100% Satisfaction Guarantee — If you’re not 100% satisfied with your training at the end of the first day, you may enroll in a different Flex Pro or Flex Classroom course

Knowledge Transfer Guarantee — If an employee leaves within three months of obtaining certification, InfoSec Institute will train a different employee at the same organization tuition-free for up to one year

What Will You Learn in this Course?

Upon the completion of our CISM boot camp, students will have an understanding of:

  • Information security governance
  • An information security steering group function
  • Legal and regulatory issues associated with internet businesses, global transmissions and transborder data flows
  • Common insurance policies and imposed conditions
  • Information security process improvement
  • Recovery time objectives (RTO) for information resources
  • Cost-benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
  • Security metrics design, development and implementation
  • Information security management due diligence activities and reviews of the infrastructure
  • Events affecting security baselines that may require risk reassessments
  • Changes to information security requirements in security plans, test plans and reperformance
  • Disaster recovery testing for infrastructure and critical business applications
  • The requirements for collecting and presenting evidence: rules for evidence, admissibility of evidence, quality and completeness of evidence.
  • External vulnerability reporting sources
  • The key components of cost benefit analysis and enterprise migration plans
  • Privacy and tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets and national security
  • CISM information classification methods
  • Life-cycle-based risk management principles and practices
  • Cost-benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
  • Security baselines and configuration management in the design and management of business applications and the infrastructure
  • Acquisition management methods and techniques
  • Evaluation of vendor service level agreements, preparation of contracts)
  • CISM question and answer review

Who Should Attend?

The CISM certification program is developed specifically for experienced information security managers and those who have information security management responsibilities.

The CISM certification is for individuals who manage, design, oversee and/or assess an enterprise’s information security.

What's Included?

  • - Five full days of training with an expert instructor

  • - CISM pre-study course via your Flex Center

  • - Pre-shipment of pre-study textbook

  • - InfoSec Institute proprietary digital courseware (physical textbooks available to purchase)

  • - Detailed reporting on exam readiness via your Flex Center (Flex Pro)

  • - CISM exam voucher

  • - 100% Satisfaction Guarantee

  • - Exam Pass Guarantee (Flex Pro)

  • - Add-on: Video replays of daily lessons

  • - Add-on: Curated videos from other top-rated instructors

InfoSec Flex Center: Your Personalized Learning Experience

Learn More

Why Choose InfoSec Institute?

Industry-Leading Exam Pass Rates — 93% of our students pass their certification exams on their first attempt

Training to Fit Your Schedule — In addition to Flex Pro, the highest-quality live online training in the industry, InfoSec Institute offers Flex Classroom training around the country and learn-at-your-own pace Flex Basic courses

Experienced Instructors — InfoSec Institute instructors have at least 10 years of industry training experience and are professionals with active roles in the industry

Most Thorough Exam Prep Services Available — Students get free exam readiness testing through SkillSet.com as well as advanced access to all course materials

CISM Certification Details

The Certified Information Security Manager® (CISM®) certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise’s information security (IS).

The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential.

The CISM job practice also defines a global job description for the information security manager and a method to measure existing staff or compare prospective new hires.

Prerequisites

To become a CISM, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.

CISM Boot Camp Training

What Our Students Are Saying

The course was awesome, the professor (teacher) was awesome, and the material provided in class (books/material), and even the food catered was great. This was the best boot camp I have ever attended. The professor knew his material, didn't read from the slides, and really had the entire class engaged.
C

Christinargo DSS

CISM Training Boot Camp

Our Major Clients

View Pricing

We will never share any of your information, spam you or annoy you with pushy sales pitches.

Book your course

    CISM Course Details

      Our instructors give you 100% of their time and dedication to ensure that your time is well spent. You receive an immersive experience with no distractions! The typical daily schedule is:

      • Day 1: Information Security Governance
        • Information security concepts
        • The relationship between information security and business operations techniques used to secure senior management commitment and support of information security management
        • Methods of integrating information security governance into the overall enterprise governance framework
        • Practices associated with an overall policy directive that captures senior management
        • Level direction and expectations for information security in laying the foundation for information security management within an organization
        • An information security steering group function
        • Information security management roles, responsibilities and organizational structure
        • Areas of governance (for example, risk management, data classification management, network security, system access)
        • Centralized and decentralized approaches to coordinating information security
        • Legal and regulatory issues associated with Internet businesses, global transmissions and transborder data flows (for example, privacy, tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties,patents, copyrights, trade secrets, national security)
        • Common insurance policies and imposed conditions (for example, crime or fidelity insurance, business interruptions)
        • The requirements for the content and retention of business records and compliance
        • The process for linking policies to enterprise business objectives
        • The function and content of essential elements of an information security program (for example, policy statements, procedures and guidelines)
        • Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures
        • Information security process improvement and its relationship to traditional process management
        • Information security process improvement and its relationship to security architecture development and modeling
        • Generally accepted international standards for information security management and related process improvement models
        • The key components of cost benefit analysis and enterprise transformation/migration plans (for example, architectural alignment, organizational positioning, change management, benchmarking, market/competitive analysis)
        • Methodology for business case development and computing enterprise value proposition
      • Day 2: Risk Management
        • Information resources used in support of business processes
        • Information resource valuation methodologies
        • Information classification
        • The principles of development of baselines and their relationship to risk-based assessments of control requirements
        • Life-cycle-based risk management principles and practices
        • Threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources
        • Quantitative and qualitative methods used to determine sensitivity and criticality of information
        • resources and the standards of good practice for information security management against current state
        • Recovery time objectives (RTO) for information resources and how to determine RTO
        • RTO and how it relates to business continuity and contingency planning objectives and processes
        • Risk mitigation strategies used in defining security requirements for information resources supporting business applications
        • Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
        • Managing and reporting status of identified risks
      • Day 3: Information Security Program Development and Management
        • Methods to develop an implementation plan that meets security requirements identified in risk analyses
        • Project management methods and techniques
        • The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise
        • Security baselines and configuration management in the design and management of business applications and the infrastructure
        • Information security architectures (for example, single sign-on, rules-based as opposed to list-based system access control for systems, limited points of systems administration)
        • Information security technologies (for example, cryptographic techniques and digital signatures, to enable management to select appropriate controls)
        • Security procedures and guidelines for business processes and infrastructure activities The systems development life cycle methodologies (for example, traditional SDLC, prototyping)
        • Planning, conducting, reporting and follow-up of security testing
        • Assessing and authorizing the compliance of business applications and infrastructure to the enterprise’s
        • information security governance framework
        • Types, benefits and costs of physical, administrative and technical controls
        • Planning, designing, developing, testing and implementing information security requirements into an enterprise’s business processes
        • Security metrics design, development and implementation
        • Acquisition management methods and techniques (for example, evaluation of vendor service level agreements, preparation of contracts)
      • Day 4: Information Security Program Development and Management (Continued)
        • How to interpret information security policies into operational use
        • Information security administration process and procedures
        • Methods for managing the implementation of the enterprise’s information security program through third parties including trading partners and security services providers
        • Continuous monitoring of security activities in the enterprise’s infrastructure and business applications
        • Methods used to manage success/failure in information security investments through data collection and periodic review of key performance indicators
        • Change and configuration management activities
        • Information security management due diligence activities and reviews of the infrastructure
        • Liaison activities with internal/external assurance providers performing information security reviews
        • Due diligence activities, reviews and related standards for managing and controlling access to information resources
        • External vulnerability reporting sources, which provide information that may require changes to the information security in applications and infrastructure
        • Events affecting security baselines that may require risk reassessments and changes to information security requirements in security plans, test plans and reperformance
        • Information security problem management practices
        • Information security manager facilitative roles as change agents, educators and consultants
        • The ways in which cultural and socially acceptable differences affect the behavior of staff
        • The activities that can change cultural and socially acceptable behavior of staff
        • Methods and techniques for security awareness training and education
      • Day 5: Information Security Incident Management
        • The components of an incident response capability
        • Information security emergency management practices (for example, production change control activities, development of computer emergency response team)
        • Disaster recovery planning and business recovery processes
        • Disaster recovery testing for infrastructure and critical business applications
        • Escalation processes for effective security management
        • Intrusion detection policies and processes
        • Help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks
        • The notification process in managing security incidents and recovery: (for example, automated notice and recovery mechanisms in response to virus alerts in a real-time fashion)
        • The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence
        • Post-incident reviews and follow-up procedures

      CISM Frequently Asked Questions

      Why is getting certified an important part of a career as an information security manager?

      Earning a high-level certification like the CISM demonstrates a working knowledge not just of the security systems practitioner’s use, but management of security professionals as well. Hard data also shows that Certified Information Security Managers earn a higher salary than their non-certified counterparts.

      What’s the job outlook for CISM professionals?

      CISM holders are highly sought-after in the information security industry, and are more likely to land senior roles that require greater responsibility. Common job titles include: Information System Security Officer, Information Security Manager, Information/Privacy Risk Consultant, and many others. Click here for more information about the job outlook for CISM professionals.

      What is the average CISM salary?

      While salary depends on a number of factors — including job title, location, and relevant work experience — CISM holder salaries range from $52,402 to $243,610. Entry-level positions trend towards the lower end of the spectrum while senior level candidates can expect significantly higher salaries. Click here for more detailed CISM salary information.

      What does this CISM training course provide that other offerings do not?

      InfoSec Institute’s CISM boot camp has the highest pass rate in the industry — 94%! Our award-winning training utilizes a five-day model of rigorous coursework with a knowledgeable instructor, so that you can rest assured you’re receiving the best training in the industry. And with our Exam Pass Guarantee, you can focus all your attention on the learning process instead of stressing out about pass rates!

      What are the pre-requirements for taking the CISM?

      In order to receive the CISM certification, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work. This work experience must be gained within a ten-year time period before the application date for certification — or within five years of originally passing the exam. Click here for more information about the pre-requirements of the CISM.

      What qualifies as information security management experience?

      The information security management field is broad and, out of necessity, often encompasses many duties within the security profession. Due to this, ISACA has defined four categories within their Job Task Analysis in order to narrow down their definition of what constitutes as information security management work. CISM candidates must perform the designated tasks within at least 3 of these 4 categories. Click here to see ISACA’s breakdown of their Job Task Analysis domains.

      How does the CISM examination process work?

      As of 2017, the CISM is administered digitally. The format is multiple choice, with questions delivered one-at-a-time, giving you the option to flag more difficult ones to return to later. While it is multiple choice, some questions may have more than one correct answer. In these instances, the test-taker must select the answer that they believe is most correct. The exam lasts around 4 hours, and includes 150 questions.

      Is the online CISM boot camp as effective and informative as an in-person training session?

      The short answer: Yes! Participants of the live online Flex Pro boot camp also get an Exam Pass Guarantee and other training features in addition to a live instructor.

      How is the CISM related to the DoD 8570?

      The Department of Defense (DoD) Directive 8570 requires anyone seeking a government job to hold certain certifications before they can be hired in a position related to information security. The CISM fulfills the DoD 8570’s requirements.

      What material is covered on the CISM exam?

      The CISM exam covers four domains that are weighted as follows: Information Security Governance (24%), Information Risk Management and Compliance (30%), Information Security Program Development and Management (27%), and Information Security Incident Management (19%). Click here for a detailed breakdown of what each domain covers.

      How is the CISM certification different from other comparable security certifications?

      The CISM is unique in its focus on management and meeting experience requirements. While other certifications are focused on tech skills or platform/product-specific knowledge, the CISM targets professionals who have progressed beyond the role of practitioner.

      How does the CISM experience waiver work?

      Certain experience substitutions can be used to satisfy the information security work experience requirement. However, none of these waivers satisfy any portion of the 3-year information security management requirement. For a detailed breakdown of what fulfills the experience substitution criteria, click here.

      How long is the CISM certification valid after you pass the test, and what are the renewal requirements?

      The CISM certification remains valid if holders comply with the continuing education policy of completing and reporting 20 CPE (Continuing Professional Education) hours annually and paying the CISM maintenance fee. Click here for more information on maintaining your CISM.

      Is an exam voucher included with the purchase of this course?

      Yes, an exam voucher is included.

      What are some tips for preparing for the CISM?

      Enrolling in an exam prep course like InfoSec Institute’s is a fantastic step towards earning your CISM. And with our exam pass rate of 94%, no one in the industry can compare! Other things you can do to get ready for the exam include making use of ISACA’s official prep guide, taking practice exams online, and figuring out which methods of self-study work best for you. Click here to read more tips for CISM exam success.

      Career Tracks

      • Security Pro Track

        The Security Pro Track goes through all aspects of Information Security. Our goals with this set of courses is to create the most complete Security Specialist an organization could wish for.
      Ready to get started? Get instant pricing for this award-winning boot camp. View course pricing
      View instant course pricing