Next boot camp starts soon. Enroll now.

ISACA Certified Information Security Manager (CISM) Training Boot Camp

4.5 (1,925 ratings)

Infosec’s ISACA CISM Certification Boot Camp is designed for professionals seeking career advancement in information security management. This comprehensive training equips you with the skills needed to excel in the field. You will gain confidence and experience to validate your abilities and pursue new career opportunities through this course. 

What you'll learn

Training overview

At Infosec’s CISM Boot Camp, you will explore and develop your essential skills and knowledge in the following domains:  

  • Domain 1: Information security governance (17%) 
  • Domain 2: Information security risk management (20%) 
  • Domain 3: Information security program (33%) 
  • Domain 4: Incident management (30%) 

By the end of the boot camp, you will have the knowledge, skills and confidence to excel in information security management and pass the CISM exam with flying colors.  

What's included

Everything you need to know about CISM course

Certification Logo
  • 90-day extended access to Boot Camp components, including class recordings
  • 12-Month subscription to the ISACA Official Question, Answer & Explanation (QAE) database
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path
  • Unlimited practice exam attempts
View Pricing

Syllabus

Training schedule

Day 1
Morning session

Information security governance

  • Information security concepts
  • Relationship between information security and business operations
  • Techniques used to secure senior management commitment and support of information security management
  • Methods of integrating information security governance into the overall enterprise governance framework
  • Practices associated with an overall policy directive that captures senior management
  • Level direction and expectations for information security in laying the foundation for information security management within an organization
  • An information security steering group function
  • Information security management roles, responsibilities and organizational structure
  • Areas of governance (e.g., risk management, data classification management, network security, system access)
  • Centralized and decentralized approaches to coordinating information security
Afternoon session

Information security governance continued

  • Legal and regulatory issues associated with internet businesses, global transmissions and transborder data flows (e.g., privacy, tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security)
  • Common insurance policies and imposed conditions (e.g., crime or fidelity insurance, business interruption)
  • Requirements for the content and retention of business records and compliance
  • Process for linking policies to enterprise business objectives
  • Function and content of essential elements of an information security program (e.g., policy statements, procedures and guidelines)
  • Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures
  • Information security process improvement and its relationship to traditional process management, security architecture development and modeling, and security infrastructure
  • Generally accepted international standards for information security management and related process improvement models
  • The key components of cost benefit analysis and enterprise transformation/ migration plans (e.g., architectural alignment, organizational positioning, change management, benchmarking, market/competitive analysis)
  • Methodology for business case development and computing enterprise value propositions
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 2
Morning session

Risk management

  • Information resources used in support of business processes
  • Information resource valuation methodologies
  • Information classification
  • The principles of development of baselines and their relationship to risk-based assessments of control requirements
  • Life-cycle-based risk management principles and practices
  • Threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources
Afternoon session

Risk management continued

  • Quantitative and qualitative methods used to determine sensitivity and criticality of information resources and the impact of adverse events
  • Use of gap analysis to assess generally accepted standards of good practice for information security management against current state
  • Recovery time objectives (RTO) for information resources and how to determine RTO
  • RTO and how it relates to business continuity and contingency planning objectives and processes
  • Risk mitigation strategies used in defining security requirements for information resources supporting business applications
  • Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
  • Managing and reporting status of identified risks
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 3
Morning session

Information security program development and management

  • Methods to develop an implementation plan that meets security requirements identified in risk analyses
  • Project management methods and techniques
  • The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise
  • Security baselines and configuration management in the design and management of business applications and the infrastructure
  • Information security architectures (e.g., single sign-on, rules-based as opposed to list-based system access control for systems, limited points of systems administration)
  • Information security technologies (e.g., cryptographic techniques and digital signatures, enabling management to select appropriate controls)
  • Security procedures and guidelines for business processes and infrastructure activities
Afternoon session

Information security program development and management continued

  • Systems development life cycle methodologies (e.g., traditional SDLC, prototyping)
  • Planning, conducting, reporting and follow-up of security testing
  • Assessing and authorizing the compliance of business applications and infrastructure to the enterprise’s information security governance framework
  • Types, benefits and costs of physical, administrative and technical controls
  • Planning, designing, developing, testing and implementing information security requirements into an enterprise’s business processes
  • Security metrics design, development and implementation
  • Acquisition management methods and techniques (e.g., evaluation of vendor service level agreements, preparation of contracts)
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 4
Morning session

Information security program development and management continued

  • How to interpret information security policies into operational use
  • Information security administration process and procedures
  • Methods for managing the implementation of the enterprise’s information security program through third parties, including trading partners and security services providers
  • Continuous monitoring of security activities in the enterprise’s infrastructure and business applications
  • Methods used to manage success/failure in information security investments through data collection and periodic review of key performance indicators
  • Change and configuration management activities
  • Information security management due diligence activities and reviews of the infrastructure
  • Liaison activities with internal/external assurance
    providers performing information security reviews
Afternoon session

Information security program development and management continued

  • Due diligence activities, reviews and related standards for managing and controlling access to information resources
  • External vulnerability reporting sources, which provide information that may require changes to the information security in applications and infrastructure
  • Events affecting security baselines that may require risk reassessments and changes to information security requirements in security plans, test plans and reperformance
  • Information security problem management practices
  • Information security manager facilitative roles as change agents, educators and consultants
  • Ways in which cultural and socially acceptable differences affect the behavior of staff
  • Activities that can change cultural and socially acceptable behavior of staff
  • Methods and techniques for security awareness training and education
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 5
Morning session

Information security incident management

  • Components of an incident response capability
  • Information security emergency management practices (e.g., production change control activities, development of computer emergency response team)
  • Disaster recovery planning and business recovery processes
  • Disaster recovery testing for infrastructure and critical business applications
  • Escalation processes for effective security management
Afternoon session

Information security incident management continued

  • Intrusion detection policies and processes
  • Help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks
  • Notification process in managing security incidents and recovery (e.g., automated notice and recovery mechanisms in response to virus alerts in a real-time fashion)
  • Requirements for collecting and presenting evidence: rules for evidence, admissibility of evidence, quality and completeness of evidence
  • Post-incident reviews and follow-up procedures

Schedule may vary from class to class

Download Full Syllabus

Can't take time off? Choose one of our self-paced training courses.

Enjoy the flexibility of Infosec's self-paced Certified Information Security Manager training, where you can access course materials anytime, anywhere, fitting seamlessly into your busy work schedule.

  • Open enrollment (begin anytime)
  • Exam voucher included
  • 6-month access to course materials
  • Asynchronous instructor assistance
Compare Prices

Guaranteed results

Our Boot Camp guarantees

Guarantee icon

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB Boot Camps).

Guarantee icon

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Guarantee icon

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Who should attend

Who Should Attend Image

The CISM security certification is ideal for mid-level and advanced-level cybersecurity professionals with prior information security experience. Because this certification empowers professionals to advance in managerial positions and navigate challenges in information security, the course is recommended for the following roles: 

  • Information security managers  
  • Information security consultants  
  • Chief information officers (CIOs) 
  • Chief information security officers (CISOs)  

By obtaining an ISACA CISM certification, you will demonstrate expertise in assessing and designing information security management programs. This empowers students to advance their careers as they gain the knowledge and skills to confidently tackle cyber threats — a desirable trait to employers in the field. 

What makes the Infosec CISM training different?

All CISM certification training materials are fully updated and synced with the latest version of the exam. You will also gain access to a CISM prep course the moment you enroll, allowing you to prepare for and get the most out of your boot camp.

Plus, you can enjoy the assurance of the Exam Pass Guarantee. This means if you don’t pass the exam on the first attempt, we will pay for your second exam at no additional cost to you.  

Learn More

ISACA Accredited Training Organization (ATO)

Infosec is one of a select number of ISACA accredited Elite+ Partners in the world. When you enroll in an Infosec CISM Boot Camp, you can rest assured you are receiving the most effective and up-to-date certification prep available, including official ISACA training materials and instruction that has been independently assessed to meet ISACA’s quality standards.

Meets 8570.1 requirements

Attention DoD Information Assurance workers! This boot camp helps meet U.S. Department of Defense Directive 8570.1 requirements for department employees or contractors engaged in work related to information security.

View Pricing

Before your Boot Camp

CISM certification prerequisites

What are the CISM certification requirements? Becoming a CISM entails submitting verified evidence of the following requirements: 

  • A minimum of five years of information security work experience
  • A minimum of three years of information security management work experience in three or more of the job practice analysis areas

The work experience must be gained within the 10-year period preceding the application date for certification or within five years from the date of originally passing the exam.  

What's next?

After you finish the ISACA CISM Certification Boot Camp

What's Next Image

With your CISM certification training, you’ll be equipped with the information security management skills and knowledge sought by organizations worldwide. Some of the roles commonly held by CISM certification holders include:

  • Information security manager
  • Cybersecurity manager
  • Cybersecurity consultant
  • Chief information officer (CIO)
  • Chief information security officer (CISO)

These are just a few examples of the CISM career paths you can pursue with CISM certification training. Your expertise in information security management is highly valued in today's digital landscape.

Enroll Now

Exam Prep

What are some tips I should know when preparing for the CISM exam?

When preparing for the CISM exam, the most important thing you can do is study the major topics covered. The four domains are:

  1. Information security governance
  2. Information security risk management
  3. Information security program
  4. Incident management

Reviewing the exam format, details, and resources available online will also help. Use practice exams to become familiar with the questions that will be asked.

Learn More

What job titles are most common for people with ISACA CISM certification?

Some common positions that this certification can help you land include:

  • Chief information officers (CIOs) icon

    Chief information officers (CIOs)

  • Chief information security officers (CISOs) icon

    Chief information security officers (CISOs)

  • Information security managers icon

    Information security managers

  • Cybersecurity manager icon

    Cybersecurity manager

FAQ

Frequently asked questions

What's the job outlook for CISM professionals?

The demand for skilled information security professionals is rapidly increasing as organizations recognize the importance of robust security measures. According to the Bureau of Labor Statistics, employment of information systems managers is projected to grow 16% from 2021 to 2031. CISM-certified individuals are well-positioned to capitalize on these opportunities and pursue rewarding careers in information security.

What is the average CISM salary?

CISM-certified professionals earn a wide range of competitive salaries due to their specialized expertise, with an average $156,420. Visit our salary information page to access the latest data on CISM salaries and gain insights into this field’s earning potential.

How does the CISM examination process work?
The CISM exam consists of multiple-choice questions that assess your knowledge and application of information security management concepts. It is administered by ISACA and follows a rigorous evaluation process to ensure the integrity and validity of the certification. Read our CISM exam details article for more information.
What are some tips for preparing for the CISM?

Being well-prepared and rested is critical to success in the CISM exam. Here are a few tips to enhance your study approach:

  • Create a study schedule and allocate dedicated time for each domain.
  • Utilize resources such as study guides, practice exams and online forums.
  • Engage in practical exercises and real-world scenarios to strengthen your problem-solving skills.
  • Join study groups or seek guidance from experienced professionals to gain additional insights.
  • Stay focused, practice time management and review all domains comprehensively.
  • Get plenty of sleep. You won't perform your best if you stay up all night cramming for the CISM exam, so be sure you are well-rested the night before.

Find more tips here.

How long does CISM certification last?

Your CISM certification is valid for three years. To maintain the certification, you will need to earn and submit 120 continuing professional education (CPE) credits during the three-year renewal period, with a minimum of 20 CPEs earned annually. This renewal process helps ensure that certified professionals stay up-to-date with the latest developments in information security management. Read our CISM CPE article for more information.

Which is better CISM or CISSP?

Both the CISM and CISSP are well-respected certifications that require five years of industry experience. The CISM cybersecurity topics are more management-focused, whereas the CISSP topics are more broad and have more of a technical focus. Some cybersecurity professionals will earn both certifications, or you choose the one that is most aligned with your career goals. For more information, read our article comparing the CISM and CISSP certifications.

Average Salary

ISACA CISM certification salary expectations

Wondering about the financial rewards for earning your CISM? While salaries vary quite a bit based on location, experience and industry, CISM professionals are well-compensated for their skills.

The average U.S. CISM salary is more than $156,000, according to our latest Cybersecurity Salary Guide. Keep in mind that is just an average and there is a wider range of pay across various job opportunities.

View Pricing

You’re in Good Company

MJ

I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam but will help in all exams I take in the future.

Michelle Jemmott, Pentagon
JP

Our instructor had a vast background and related the materials to real life. Much better than just teaching the materials to pass an exam... but he did that as well. He went out of his way in class. The extra materials really benefited us when we returned to our real jobs! Great experience!

John Peck, EPA
SS

Very impressed with Infosec. My instructor did a great job delivering the information strategically and in a way for all to understand. I would definitely take another class/certification prep course.

Sylvia Swinson, Texeltek

View All Schedule Options

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Jun 02, 2025 - Jun 06, 2025
Online
Start Time: 7:30 AM (Central)

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Jun 16, 2025 - Jun 20, 2025
Online
Start Time: 10:30 AM (Central)

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Jun 16, 2025 - Jun 20, 2025
San Diego, California
Onsite
Start Time: 10:30 AM (Central)

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Jul 07, 2025 - Jul 11, 2025
Online
Start Time: 9:30 AM (Central)

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Aug 18, 2025 - Aug 22, 2025
Online
Start Time: 7:30 AM (Central)

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Aug 25, 2025 - Aug 29, 2025
Online
Start Time: 9:30 AM (Central)

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Sep 15, 2025 - Sep 19, 2025
Online
Start Time: 7:30 AM (Central)

ISACA Certified Information Security Manager (CISM) Training Boot Camp

$3,415.00

Sep 15, 2025 - Sep 19, 2025
Dulles, Virginia
Onsite
Start Time: 7:30 AM (Central)

Instant pricing

Join thousands of certified professionals who train with Infosec. Click below for complete pricing details.

Exam Pass Guarantee Logo

Award-winning training you can trust

Quick facts

Duration
5 days
Next boot camp
Jun 02, 2025
Method
Online, in-person, team onsite
Level
5 years of professional experience
Average salary
$156,420
Meets 8570.1 DoD requirements

Ready to discuss your training goals? We've got you covered.

Request Information

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Request Team Pricing

Instant pricing

Join thousands of certified professionals who train with Infosec. Click below for complete pricing details.

Exam Pass Guarantee Logo

Award-winning training you can trust

Explore our top Boot Camps

More learning opportunities

Most popular

CompTIA Security+ Certification Training Boot Camp Boot Camp

CompTIA Security+ Certification Training Boot Camp

  • 5 days of instructor-led training
  • 1-3 years of experience
  • Average Salary: $99,446
  • Exam Pass Guarantee
review-logo

4.8

(5,391 ratings)

Learn More

#1 FOR BEGINNERS

Cisco Certified Network Associate (CCNA) & Cybersecurity Associate Training Boot Camp Dual Certification Boot Camp

Cisco Certified Network Associate (CCNA) & Cybersecurity Associate Training Boot Camp Dual Certification

  • 7 days of instructor-led training
  • 0-1 year of professional experience
  • Average Salary: $93,071
  • Exam Pass Guarantee
review-logo

4.3

(3,372 ratings)

Learn More

Most requested

ISC2 Certified Information Systems Security Professional® (CISSP) Certification Training Boot Camp Boot Camp

ISC2 Certified Information Systems Security Professional® (CISSP) Certification Training Boot Camp

  • 6 days of instructor-led training
  • 5+ years of professional experience
  • Average Salary: $151,860
  • Exam Pass Guarantee
review-logo

4.7

(8,738 ratings)

Learn More