Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

CGEIT Training Boot Camp

Infosec’s Certified in the Governance of Enterprise IT (CGEIT) Boot Camp is a four-day training focused on preparing you for the ISACA CGEIT exam. You’ll leave with the knowledge and domain expertise needed to pass the CGEIT exam the first time you take it.

Train from home — save up to $1,000

Get expert, live instruction without having to travel with an Infosec Flex Pro boot camp. We’ve trained 1,000s of students online over the past 5 years, helping our clients meet their career goals wherever they are most comfortable studying.

Now through the end of the month, you can enroll in any online Infosec Flex boot camp and save up to $1,000.

Earn your CGEIT, guaranteed!

Boot camp overview

This CGEIT Boot Camp is designed for experienced IT governance personnel and those who have responsibilities for the stewardship of IT resources. You will learn how to effectively implement and manage governance across all areas of technology — as well as align that technology with strategic enterprise goals.

This training also explains the CGEIT examination process and helps prepare you for your CGEIT exam by providing guidance and testing your exam readiness through sample questions. You’ll leave fully prepared to earn your CGEIT certification.

Skill up and get certified, guaranteed

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

93% pass rate — the best in the industry

  • Four days of training with an expert instructor
  • Infosec digital courseware (physical textbooks available to purchase)
  • ISACA review manual
  • CGEIT exam voucher
  • 90-day access to course replays (Flex Pro)
  • Curated videos from other top-rated instructors (Flex Pro)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)

Limited-time offer: Continue learning after your boot camp with a complimentary 90-day subscription to Infosec Skills, which includes unlimited access to 500+ online courses, 100+ hands-on labs and projects, skill assessments, custom certification practice exams and more.

Learn from experts

We don’t just have great instructors, our instructors have years of industry experience and are recognized as experts. Over the past 15 years, we’ve helped tens of thousands of students get certified and advance their careers.

Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

Award-winning training that you can trust

Infosec Skills

Best IT Security-related Training Program

Cyber Work with Chris Sienko

Best Cybersecurity Podcast

2019 Wisconsin Innovation Award


Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Who should attend?

  • Risk professionals
  • Business analysts
  • Project managers
  • Compliance professionals
  • IT professionals
  • Anyone whose work includes evaluating and mitigating risk


To earn your CGEIT, you must submit verified evidence of a minimum of five years of experience managing, serving in an advisory or oversight role, and/or otherwise supporting the governance of the IT-related contribution to an enterprise. This includes one year relating to the definition, establishment and management of a framework for the governance of IT, as well as broad experience in at least two of the other CGEIT domains.

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee



Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Course overview

This boot camp prepares you to pass the ISACA CGEIT exam, which covers four domain areas designed to reflect the work performed by individuals who have a significant management, advisory or assurance role relating to the governance of IT.

  • Framework for the governance of enterprise IT: Define, establish and maintain an IT governance framework (leadership, organizational structures and processes) to ensure alignment with enterprise governance, control the business information and information technology environment through the implementation of good practices, and assure compliance with external requirements.
  • Strategic management: Ensure that IT enables and supports the achievement of business objectives through the integration of IT strategic plans with business strategic plans and the alignment of IT services with enterprise operations to optimize business processes.
  • Benefits realization: Ensure IT and the business fulfill their value management responsibilities, including IT-enabled business investments achieving the benefits as promised and delivering measurable business value both individually and collectively, delivering required capabilities (solutions and services) on-time and within budget, and getting IT services and other IT assets to continue to contribute to business value.
  • Risk optimization: Ensure that appropriate frameworks exist and are aligned with relevant standards to identify, assess, mitigate, manage, communicate and monitor IT-related business risks as an integral part of an enterprise’s governance environment.
  • Resource optimization: Ensure that IT has sufficient, competent and capable resources to execute current and future strategic objectives and keep up with business demands by optimizing the investment, use and allocation of IT assets.

Can’t get away for a week?

Learn IT governance on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 70+ learning paths
  • 500+ courses
  • Cloud-hosted cyber ranges and hands-on projects
  • Skill assessments and certification practice exams
  • Infosec community peer support

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

CGEIT Boot Camp details

Domain 1 — Framework for the governance of enterprise IT (25%)

Task statements

  • Ensure that a framework for the governance of enterprise IT is established and enables the achievement of enterprise goals and objectives to create stakeholder value, taking into account benefits realization, risk optimization and resource optimization.
  • Identify the requirements and objectives for the framework for the governance of enterprise IT incorporating input from enablers such as principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies.
  • Ensure that the framework for the governance of enterprise IT addresses applicable internal and external requirements (for example, principles, policies and standards, laws, regulations, service capabilities and contracts).
  • Ensure that strategic planning processes are incorporated into the framework for the governance of enterprise IT.
  • Ensure the incorporation of enterprise architecture (EA) into the framework for the governance of enterprise IT in order to optimize IT-enabled business solutions.
  • Ensure that the framework for the governance of enterprise IT incorporates comprehensive and repeatable processes and activities.
  • Ensure that the roles, responsibilities and accountabilities for information systems and IT processes are established.
  • Ensure issues related to the framework for the governance of enterprise IT are reviewed, monitored, reported and remediated.
  • Ensure that organizational structures are in place to enable effective planning and implementation of IT-enabled business investments.
  • Ensure the establishment of a communication channel to reinforce the value of the governance of enterprise IT and transparency of IT costs, benefits and risk throughout the enterprise.
  • Ensure that the framework for the governance of enterprise IT is periodically assessed, including the identification of improvement opportunities.

Knowledge statements

  • Knowledge of components of a framework for the governance of enterprise IT
  • Knowledge of IT governance industry practices, standards and frameworks (for example, COBIT, Information Technology Infrastructure Library [ITIL], International Organization for Standardization [ISO] 20000, ISO 38500)
  • Knowledge of business drivers related to IT governance (for example, legal, regulatory and contractual requirements)
  • Knowledge of IT governance enablers (for example, principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies)
  • Knowledge of techniques used to identify IT strategy (for example, SWOT, BCG Matrix)
  • Knowledge of components, principles, and concepts related to enterprise architecture (EA)
  • Knowledge of organizational structures and their roles and responsibilities (for example, enterprise investment committee, program management office, IT strategy committee, IT architecture review board, IT risk management committee)
  • Knowledge of methods to manage organizational, process and cultural change
  • Knowledge of models and methods to establish accountability for information requirements, data and system ownership; and IT processes
  • Knowledge of IT governance monitoring processes/mechanisms (for example, balanced scorecard (BSC)
  • Knowledge of IT governance reporting processes/mechanisms
  • Knowledge of communication and promotion techniques
  • Knowledge of assurance methodologies and techniques
  • Knowledge of continuous improvement techniques and processes

Domain 2: Strategic management (20%)

Task statements

  • Evaluate, direct and monitor IT strategic planning processes to ensure alignment with enterprise goals.
  • Ensure that appropriate policies and procedures are in place to support IT and enterprise strategic alignment.
  • Ensure that the IT strategic planning processes and related outputs are adequately documented and communicated.
  • Ensure that enterprise architecture (EA) is integrated into the IT strategic planning process.
  • Ensure prioritization of IT initiatives to achieve enterprise objectives.
  • Ensure that IT objectives cascade into clear roles, responsibilities and actions of IT personnel.

Knowledge statements

  • Knowledge of an enterprise’s strategic plan and how it relates to IT
  • Knowledge of strategic planning processes and techniques
  • Knowledge of impact of changes in business strategy on IT strategy
  • Knowledge of barriers to the achievement of strategic alignment
  • Knowledge of policies and procedures necessary to support IT and business strategic alignment
  • Knowledge of methods to document and communicate IT strategic planning processes (for example, IT dashboard/balanced scorecard, key indicators)
  • Knowledge of components, principles and frameworks of enterprise architecture (EA)
  • Knowledge of current and future technologies
  • Knowledge of prioritization processes related to IT initiatives
  • Knowledge of scope, objectives and benefits of IT investment programs
  • Knowledge of IT roles and responsibilities and methods to cascade business and IT objectives to IT personnel

Domain 3: Benefits realization (16%)

Task statements

  • Ensure that IT-enabled investments are managed as a portfolio of investments.
  • Ensure that IT-enabled investments are managed through their economic life cycle to achieve business benefit.
  • Ensure business ownership and accountability for IT-enabled investments are established.
  • Ensure that IT investment management practices align with enterprise investment management practices.
  • Ensure that IT-enabled investment portfolios, IT processes and IT services are evaluated and benchmarked to achieve business benefit.
  • Ensure that outcome and performance measures are established and evaluated to assess progress towards the achievement of enterprise and IT objectives.
  • Ensure that outcome and performance measures are monitored and reported to key stakeholders in a timely manner.
  • Ensure that improvement initiatives are identified, prioritized, initiated and managed based on outcome and performance measures.

Knowledge statements

  • Knowledge of IT investment management processes, including the economic life cycle of investments
  • Knowledge of basic principles of portfolio management
  • Knowledge of benefit calculation techniques (for example, earned value, total cost of ownership, return on investment)
  • Knowledge of process and service measurement techniques (for example, maturity models, benchmarking, key performance indicators [KPIs])
  • Knowledge of processes and practices for planning, development, transition, delivery, and support of IT solutions and services
  • Knowledge of continuous improvement concepts and principles
  • Knowledge of outcome and performance measurement techniques (for example, service metrics, key performance indicators [KPIs])
  • Knowledge of procedures to manage and report the status of IT investments
  • Knowledge of cost optimization strategies (for example, outsourcing, adoption of new technologies)
  • Knowledge of models and methods to establish accountability over IT investments
  • Knowledge of value delivery frameworks (for example, Val IT)
  • Knowledge of business case development and evaluation techniques

Domain 4: Risk optimization (24%)

Task statements

  • Ensure that comprehensive IT risk management processes are established to identify, analyze, mitigate, manage, monitor and communicate IT risk.
  • Ensure that legal and regulatory compliance requirements are addressed through IT risk management.
  • Ensure that IT risk management is aligned with the enterprise risk management (ERM) framework.
  • Ensure appropriate senior level management sponsorship for IT risk management.
  • Ensure that IT risk management policies, procedures and standards are developed and communicated.
  • Ensure the identification of key risk indicators (KRIs).
  • Ensure timely reporting and proper escalation of risk events and responses to appropriate levels of management.

Knowledge statements

  • Knowledge of the application of risk management at the strategic, portfolio, program, project and operations levels
  • Knowledge of risk management frameworks and standards (for example, RISK IT, the Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management—Integrated Framework (2004) [COSO ERM], International Organization for Standardization (ISO) 31000)
  • Knowledge of the relationship of the risk management approach to legal and regulatory compliance
  • Knowledge of methods to align IT and enterprise risk management (ERM)
  • Knowledge of the relationship of the risk management approach to business resiliency (for example, business continuity planning [BCP] and disaster recovery planning [DRP])
  • Knowledge of risk, threats, vulnerabilities and opportunities inherent in the use of IT
  • Knowledge of types of business risk, exposures and threats (for example, external environment, internal fraud, information security) that can be addressed using IT resources
  • Knowledge of risk appetite and risk tolerance
  • Knowledge of quantitative and qualitative risk assessment methods
  • Knowledge of risk mitigation strategies related to IT in the enterprise
  • Knowledge of methods to monitor effectiveness of mitigation strategies and/or controls
  • Knowledge of stakeholder analysis and communication techniques
  • Knowledge of methods to establish key risk indicators (KRIs)
  • Knowledge of methods to manage and report the status of identified risk

Domain 5: Resource optimization (15%)

Task statements

  • Ensure that processes are in place to identify, acquire and maintain IT resources and capabilities (i.e., information, services, infrastructure and applications, and people).
  • Evaluate, direct and monitor sourcing strategies to ensure existing resources are taken into account to optimize IT resource utilization.
  • Ensure the integration of IT resource management into the enterprise’s strategic and tactical planning.
  • Ensure the alignment of IT resource management processes with the enterprise’s resource management processes.
  • Ensure that a resource gap analysis process is in place so that IT is able to meet strategic objectives of the enterprise.
  • Ensure that policies exist to guide IT resource sourcing strategies that include service level agreements (SLAs) and changes to sourcing strategies.
  • Ensure that policies and processes are in place for the assessment, training and development of staff to address enterprise requirements and personal/professional growth.

Knowledge statements

  • Knowledge of IT resource planning methods
  • Knowledge of human resource procurement, assessment, training and development methodologies
  • Knowledge of processes for acquiring application, information, and infrastructure resources
  • Knowledge of outsourcing and offshoring approaches that may be employed to meet the investment program and operation level agreements (OLAs) and service level agreements (SLAs)
  • Knowledge of methods used to record and monitor IT resource utilization and availability
  • Knowledge of methods used to evaluate and report on IT resource performance
  • Knowledge of interoperability, standardization and economies of scale
  • Knowledge of data management and data governance concepts
  • Knowledge of service level management concepts

Frequently asked questions

  • Why is getting certified an important part of a career in IT Governance?
    • Senior IT professionals often seek industry certification to prove their expertise in the field. Adding a high level credential like the CGEIT helps to differentiate yourself from your peers and shows a commitment to continued education and excellence.

  • What’s the job outlook for CGEIT professionals?
    • Possessing the CGEIT is a minimum requirement for a slew of jobs across the professional gamut. Common job titles include: Information Technology Director, Senior Business Consultant, VP of Information Technology, Senior IT manager, and many more.

  • What does this CGEIT training course provide that other offerings do not?
    • Infosec’s award-winning Training Boot Camps have an exam pass rate of 94%—the highest in the industry! Online or offline, this course offers four days of intense, zero-distraction instruction from top security experts in the industry. These factors coupled with our Exam Pass Guarantee mean that you can rest assured you’re receiving the best training available on the market.

  • What are the pre-requirements for taking the CGEIT?
    • Five or more years of experience managing, serving in an oversight or advisory role, or otherwise supporting the governance of an IT-related branch of an organization is required in order to apply for CGEIT certification. Click here for more specific IT Governance information, and click here for form information on the CGEIT prerequisites.

  • What qualifies as IT governance experience?
    • In order to narrow down their definition of IT Governance, ISACA has provided a detailed list of CGEIT Job Practices. Click here to view these five domains of task statements.

  • How does the CGEIT examination process work?
    • The CGEIT is a 150 question multiple choice exam that candidates must complete within four hours. The exam is based on a 200-800 point scale, with a passing score being 450 points. Click here for more exam information.

  • Is the online CGEIT Boot Camp as effective and informative as an in-person training session?
    • In short, yes! Online participants of our bootcamp find their training just as beneficial as our in-person students. Online or offline, students receive the exact same resources and personalized instruction.

  • What material is covered on the CGEIT exam?
    • The CGEIT exam is divided into five domains, which are as follows: Framework for the Governance of Enterprise IT (24% of the exam), Strategic Management (20% of the exam), Benefits Realization (16% of the exam), Risk Optimization (24% of the exam), Resource Optimization (15%). Click here for a breakdown of each section of the exam.

  • How is the CGEIT certification different from other comparable security certifications?
    • Unlike other certifications, the CGEIT credential is geared towards more senior IT professionals, particularly those in lead technical or management roles dealing with project management, governance, and risk management.

  • How long is the CGEIT certification valid after you pass the test, and what are the renewal requirements?
    • The CGEIT certification is valid for a period of three years, and can be renewed through continued payment of an annual maintenance fee and adherence to ISACA’s CPE (Continuing Professional Education) policy. This policy states that CGEIT holders must complete and report at least 20 CPE hours annually. Click here for more details about CGEIT renewal requirements.

  • Is a CGEIT exam voucher included with the purchase of this course?
    • Yes! Exam vouchers are included.

  • What are some tips for preparing for the CGEIT?
    • Infosec’s award-winning BootCamps help prepare you for certification exams better than any other resource on the market. With a 94% pass rate, no one in the industry compares! Other resources CGEIT candidates can utilize include ISACA’s selection of review manuals or their sample exam. For more CGEIT resources, click here.

  • What is the average CGEIT salary?
    • The median salary of CGEIT professionals is $120,950—making it one of the IT industry’s most remunerative certifications. Click here for a more detailed analysis of CGEIT salary data.