One-time payment for life and future updates

14 hours on-demand video

Access on mobile and TV

  • CISM official exam preparation

CISM (Certified Information Security Manager)


The CISM is a management-focused certification that promotes international security practices and validates individuals’ skills to manage designs, oversee, and assesses an enterprise’s information security. The CISM training course at Infosec Train helps candidates develop an Understanding of Risk management, information security governance, and drafting security policies and strategies to achieve the organizational goals.

The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security. The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area.
CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.

Target Audience

  • Security consultants and managers
  • IT directors and managers
  • Security auditors and architects
  • Security systems engineers
  • Chief Information Security Officers (CISOs)
  • Information security managers
  • IS/IT consultants
  • Chief Compliance/Privacy/Risk Officers
Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of work experience in three or more job practice analysis areas of information security management. The work experience must be gained within the 10 years preceding the application date for certification or within 5 years from the exam’s passing date.
The following security-related certifications and information systems management experience can be used to substitute the indicated amount of information security work experience.
Two Years:
  • Certified Information Systems Auditor (CISA) in good standing
  • Certified Information Systems Security Professional (CISSP) in good standing
  • Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)
One Year:
    • One full year of information systems management experience
    • One full year of general security management experience
    • Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business
    • Continuity Professional (CBCP), ESL IT Security Manager)
Completion of an information security management program at an institution aligned with the Model Curriculum
Exam Information
    • Duration: 4 Hours
    • Number of questions: 150
    • Question format: Multiple Choice
    • Passing marks: 450 out of 800
    • Exam language: English, Japanese, Korean, Spanish


  • Chief Information Security Officer (CISO)
  • Chief Security Officer (CSO)
  • Senior Security Engineer
  • Security Consultant
  • Security Manager
  • Security Auditor
  • Security Director
  • Security Architect
  • Network Architect
  • IT Director/Manager
  • Security Analyst
  • Security Systems Engineer


  • Chief Information Security Officer (CISO)
  • Chief Security Officer (CSO)
  • Senior Security Engineer
  • Security Consultant
  • Security Manager
  • Security Auditor
  • Security Director
  • Security Architect
  • Network Architect
  • IT Director/Manager
  • Security Analyst
  • Security Systems Engineer


  • Full CISSP® domains coverage
  • Pass your exam first time
  • Delivered by an industry professional
  • Free study guides, mock exams, exam simulator, and slides included
  • Expert support
  • Learn at your own pace

      • Understand and apply concepts of confidentiality, integrity and availability
      • Evaluate and apply security governance principles
      • Determine compliance requirements
      • Understand legal and regulatory issues that pertain to information security in a global context
      • Understand, adhere to, and promote professional ethics
      • Develop, document, and implement security policy, standards, procedures, and guidelines
      • Identify, analyze, and prioritize Business Continuity (BC) requirements
      • Contribute to and enforce personnel security policies and procedures
      • Understand and apply risk management concepts
      • Understand and apply threat modeling concepts and methodologies
      • Apply risk-based management concepts to the supply chain
      • Establish and maintain a security awareness, education, and training program

    • Identify and classify information and assets
    • Determine and maintain information and asset ownership
    • Protect privacy
    • Ensure appropriate asset retention
    • Determine data security controls
    • Establish information and asset handling requirements

    • Implement and manage engineering processes using secure design principles
    • Understand the fundamental concepts of security models
    • Select controls based upon systems security requirements
    • Understand security capabilities of information systems
    • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
    • Assess and mitigate vulnerabilities in web-based systems
    • Assess and mitigate vulnerabilities in mobile systems
    • Assess and mitigate vulnerabilities in embedded devices
    • Apply cryptography

    • Implement secure design principles in network architectures
    • Secure network components
    • Implement secure communication channels according to design

    • Control physical and logical access to assets
    • Manage identification and authentication of people, devices, and services
    • Integrate identity as a third-party service
    • Implement and manage authorization mechanisms
    • Manage the identity and access provisioning lifecycle

    • Design and validate assessment, test, and audit strategies
    • Conduct security control testing
    • Collect security process data (e.g., technical and administrative)
    • Analyze test output and generate report
    • Conduct or facilitate security audits

    • Understand and support investigations
    • Understand requirements for investigation types
    • Conduct logging and monitoring activities
    • Securely provisioning resources
    • Understand and apply foundational security operations concepts
    • Apply resource protection techniques
    • Conduct incident management
    • Operate and maintain detective and preventative measures
    • Implement and support patch and vulnerability management
    • Understand and participate in change management processes
    • Implement recovery strategies
    • Implement Disaster Recovery (DR) processes
    • Test Disaster Recovery Plans (DRP)
    • Participate in Business Continuity (BC) planning and exercises
    • Implement and manage physical security
    • Address personnel safety and security concerns

    • Understand and integrate security in the Software Development Life Cycle (SDLC)
    • Identify and apply security controls in development environments
    • Assess the effectiveness of software security
    • Define and apply secure coding guidelines and standards
    • Assess security impact of acquired software

Course Curriculum

Mohamed Atef

Cyber Security Consultant / Certified Instructor with more than 20 years of experience.