• 708.689.0131
  • Contact us
  • Login
Infosec Logo
  • Infosec Logo
  • Products
  • Solutions
  • Resources
  • Company
  • Product overview
  • Infosec IQ logo Security awareness & culture
  • Infosec Skills logo On-demand training & cyber ranges
  • Infosec Skills Live Boot Camps logo On-demand training & cyber ranges
  • Infosec IQ overview
  • Security awareness training
  • Phishing simulator
  • Reporting & assessments
  • Integrations & automation
  • Global administration
  • Browse all training
  • Pricing & features
  • Demo
  • Infosec Skills overview
  • Role-guided training
  • Infosec Skills Teams
  • Cyber ranges & labs
  • Certifications & CPEs
  • Skill assessments
  • Browse all training
  • Pricing & features
  • Book a meeting
  • Live boot camps
  • Infosec Institute certifications
  • DoD 8570 certifications
  • Get team boot camp pricing
  • View boot camp schedule
  • Book a meeting
  • Pre-built training plans
  • Compliance, industry & role-based training
  • Custom education
  • Personalized learning
  • Languages
  • Gamified learning
  • 1000+ phishing templates
  • Simulation types
  • Phishing email reporter
  • Dashboard reports
  • Security culture survey
  • Assessments
  • Learner analytics
  • Learner management
  • Threat response orchestration
  • Integrations
  • 52 NICE Work Roles
  • SOC Analyst
  • Cloud Security Engineer
  • Security Manager
  • ICS Security Practitioner
  • Security Engineer
  • Penetration Tester
  • Digital Forensics Analyst
  • Information Risk Analyst
  • Security Architect
  • Secure Coder
  • Boot camp overview
  • CISSP Boot Camp
  • Security+ Boot Camp
  • Ethical Hacking Boot Camp
  • CCNA Dual Cert Boot Camp
  • CASP+ Boot Camp
  • CCSP Boot Camp
  • CISM Boot Camp
  • CySA+ Boot Camp
  • PMP Boot Camp
  • Browse all boot camps
Choose Your Own Adventure

Security awareness games by Infosec

Click to Play

On-demand training for every cybersecurity role

Download Catalog

Certification training from industry experts

Get Pricing
  • Solutions overview
  • By organization type
  • By need
  • For business teams
  • For government & contractor teams
  • For MSPs & resellers
  • Security awareness
  • Phishing simulation
  • Technical skill development
  • IT certification
  • Compliance & framework
  • CMMC certification

    2021 IT & Security Talent Pipeline Study

    Download Now
    • Cyber Work
    • Webcasts
    • Case studies
    • Reports & whitepapers
    • Blog
    • Community
    • Infosec Inspire
    • Free tools
    • Cyber Work Podcast
    • Cyber Work Applied
    • Infosec Insiders
    • TechExams
    • YouTube
    • LinkedIn
    • Facebook
    • Twitter
    • Phishing Risk Test
    • Security awareness ROI calculator
    • Security awareness training plans
    • Security awareness buyer’s guide

      Cyber Work Podcast

      New cybersecurity career conversations every week

      Listen Now
      • About us
      • Events & webcasts
      • Careers
      • Scholarships & awards
      • Infosec Gives
      • Infosec Gives Partner Program
      • About us
      • Leadership
      • Newsroom
      • Recognition
      • Industry alliances
      • Infosec Hall of Fame
      • Infosec Security Awareness Awards
      • Infosec Accelerate Scholarship Program

        We’re hiring!

        Join a team dedicated to making a difference.

        Get To Know Us

        ISACA CISM Training Boot Camp

        Infosec’s Certified Information Security Manager (CISM) Boot Camp is a five-day training focused on preparing you for the ISACA CISM exam. You’ll leave with the knowledge and domain expertise needed to pass the CISM exam the first time you take it.

        ★★★★★
        4.5
        (1,925 ratings)
        View Pricing Book a Boot Camp
        cism-boot-camp

        Earn your CISM, guaranteed!

        • Five days of live, expert CISM instruction
        • Exam Pass Guarantee
        • Exam voucher
        • Unlimited practice exam attempts
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($599 value!)
        • 1-year access to all boot camp video replays and materials
        • 12-month subscription to the ISACA Official Question, Answer & Explanation (QAE) Database
        • Pre-study learning path
        • Knowledge Transfer Guarantee

        ISACA Accredited Training Organization (ATO)

        Infosec is one of a select number of ISACA accredited Elite+ Partners in the world. When you enroll in an Infosec CISM Boot Camp, you can rest assured you are receiving the most effective and up-to-date certification prep available, including official ISACA training materials and instruction that has been independently assessed to meet ISACA’s quality standards.

        View full course schedule

        Training overview

        This CISM Boot Camp is designed for experienced information security managers and other professionals who manage, design, oversee or assess an enterprise’s information security.

        The training prepares you for the CISM examination by testing your knowledge and your ability to apply it to real-world scenarios. You will gain in-depth knowledge of security governance, risk management, security program development and management, and security incident management. The boot camp has been updated to align with the new CISM job practice areas and is designed to fully prepare you to pass the challenging CISM exam.

        CISM training objectives

        The CISM certification promotes international practices and validates your knowledge and experience around effective security management and consulting. The four CISM domains include:

        1. Security governance: To effectively address the challenges of protecting an organization’s assets, senior management must define the desired outcomes of the information security program.
        2. Risk management: Asset classification and valuation is an essential part of an effective risk management program — the greater the value, the greater the impact, the greater the risk.
        3. Information security program development and management: The purpose of this area is to implement management’s governance strategy — the “due diligence” and “due care” of protecting the corporation’s assets.
        4. Information security incident management: This area focuses on effectively managing unexpected (and expected) events, which may or may not be disruptive, and can be summed up in five words: identify, protect, detect, respond and recover.

        What you'll learn

        • Information security governance
        • The role of an information security steering group
        • Legal and regulatory issues associated with internet businesses, global transmissions and transborder data flows
        • Common insurance policies and imposed conditions
        • Information security process improvement
        • Recovery time objectives (RTO) for information resources
        • Cost-benefit analysis techniques for mitigating risks to acceptable levels
        • Security metrics design, development and implementation
        • Information security management due to diligence activities and reviews of the infrastructure
        • Events affecting security baselines that may require risk reassessments
        • Changes to information security requirements in security plans, test plans and reperformance
        • Disaster recovery testing for infrastructure and critical business applications
        • External vulnerability reporting sources
        • CISM information classification methods
        • Life-cycle-based risk management principles and practices
        • Security baselines and configuration management in the design and management of business applications and infrastructure
        • Acquisition management methods and techniques
        • Evaluation of vendor service level agreements and preparation of contracts

        Who should attend

        • Information security managers
        • Information security consultants
        • Chief information officers
        • Chief information security officers
        • Anyone interested in learning information security management skills and getting certified

        Prerequisites

        To become a CISM, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.

        Everything you need to earn your CISM

        • Five days of live, expert CISM instruction
        • Exam Pass Guarantee
        • Exam voucher
        • Unlimited practice exam attempts
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($599 value!)
        • 1-year access to all boot camp video replays and materials
        • 12-month subscription to the ISACA Official Question, Answer & Explanation (QAE) Database
        • Pre-study learning path
        • Knowledge Transfer Guarantee
        Everything you need to earn your CISM
        View Pricing

        Exam Pass Guarantee

        We guarantee you’ll pass your exam on the first attempt. Learn more.

        CISM training schedule

        Infosec’s CISM courseware materials are always up to date and synchronized with the latest ISACA exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

        • Before your boot camp
          • Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth CISM prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.

        • During your boot camp
          • Day 1: Information security governance

            • Information security concepts
            • Relationship between information security and business operations
            • Techniques used to secure senior management commitment and support of information security management
            • Methods of integrating information security governance into the overall enterprise governance framework
            • Practices associated with an overall policy directive that captures senior management
            • Level direction and expectations for information security in laying the foundation for information security management within an organization
            • An information security steering group function
            • Information security management roles, responsibilities and organizational structure
            • Areas of governance (e.g., risk management, data classification management, network security, system access)
            • Centralized and decentralized approaches to coordinating information security
            • Legal and regulatory issues associated with internet businesses, global transmissions and transborder data flows (e.g., privacy, tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security)
            • Common insurance policies and imposed conditions (e.g., crime or fidelity insurance, business interruption)
            • Requirements for the content and retention of business records and compliance
            • Process for linking policies to enterprise business objectives
            • Function and content of essential elements of an information security program (e.g., policy statements, procedures and guidelines)
            • Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures
            • Information security process improvement and its relationship to traditional process management, security architecture development and modeling, and security infrastructure
            • Generally accepted international standards for information security management and related process improvement models
            • The key components of cost-benefit analysis and enterprise transformation/migration plans (e.g., architectural alignment, organizational positioning, change management, benchmarking, market/competitive analysis)
            • Methodology for business case development and computing enterprise value proposition

            Day 2: Risk management

            • Information resources used in support of business processes
            • Information resource valuation methodologies
            • Information classification
            • The principles of development of baselines and their relationship to risk-based assessments of control requirements
            • Life-cycle-based risk management principles and practices
            • Threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources
            • Quantitative and qualitative methods used to determine sensitivity and criticality of information resources and the impact of adverse events
            • Use of gap analysis to assess generally accepted standards of good practice for information security management against current state
            • Recovery time objectives (RTO) for information resources and how to determine RTO
            • RTO and how it relates to business continuity and contingency planning objectives and processes
            • Risk mitigation strategies used in defining security requirements for information resources supporting business applications
            • Cost-benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
            • Managing and reporting status of identified risks

            Day 3: Information security program development and management

            • Methods to develop an implementation plan that meets security requirements identified in risk analyses
            • Project management methods and techniques
            • The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise
            • Security baselines and configuration management in the design and management of business applications and the infrastructure
            • Information security architectures (e.g., single sign-on, rules-based as opposed to list-based system access control for systems, limited points of systems administration)
            • Information security technologies (e.g., cryptographic techniques and digital signatures, enabling management to select appropriate controls)
            • Security procedures and guidelines for business processes and infrastructure activities
            • Systems development life cycle methodologies (e.g., traditional SDLC, prototyping)
            • Planning, conducting, reporting and follow-up of security testing
            • Assessing and authorizing the compliance of business applications and infrastructure to the enterprise’s information security governance framework
            • Types, benefits and costs of physical, administrative and technical controls
            • Planning, designing, developing, testing and implementing information security requirements into an enterprise’s business processes
            • Security metrics design, development and implementation
            • Acquisition management methods and techniques (e.g., evaluation of vendor service level agreements, preparation of contracts)

            Day 4: Information security program development and management (continued)

            • How to interpret information security policies into operational use
            • Information security administration process and procedures
            • Methods for managing the implementation of the enterprise’s information security program through third parties, including trading partners and security services providers
            • Continuous monitoring of security activities in the enterprise’s infrastructure and business applications
            • Methods used to manage success/failure in information security investments through data collection and periodic review of key performance indicators
            • Change and configuration management activities
              Information security management due diligence activities and reviews of the infrastructure
            • Liaison activities with internal/external assurance providers performing information security reviews
            • Due diligence activities, reviews and related standards for managing and controlling access to information resources
            • External vulnerability reporting sources, which provide information that may require changes to the information security in applications and infrastructure
            • Events affecting security baselines that may require risk reassessments and changes to information security requirements in security plans, test plans and reperformance
            • Information security problem management practices
            • Information security manager facilitative roles as change agents, educators and consultants
            • Ways in which cultural and socially acceptable differences affect the behavior of staff
            • Activities that can change cultural and socially acceptable behavior of staff
            • Methods and techniques for security awareness training and education

            Day 5: Information security incident management

            • Components of an incident response capability
            • Information security emergency management practices (e.g., production change control activities, development of computer emergency response team)
            • Disaster recovery planning and business recovery processes
            • Disaster recovery testing for infrastructure and critical business applications
            • Escalation processes for effective security management
            • Intrusion detection policies and processes
            • Help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks
            • Notification process in managing security incidents and recovery (e.g., automated notice and recovery mechanisms in response to virus alerts in a real-time fashion)
            • Requirements for collecting and presenting evidence: rules for evidence, admissibility of evidence, quality and completeness of evidence
            • Post-incident reviews and follow-up procedures
        • After your boot camp
          • Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

        Free CISM training resources

        CISM Resource Hub

        Explore our CISM resource hub to learn all about CISM, including exam information, study resources, salary data, job outlook and more.

        See Resources

        Level-Up Your Security Career With a CISM Certification

        Earning your CISM certification will unlock new career opportunities and help you earn more. With an average annual salary of $122,000, the CISM ranks as the second highest-paying IT certification available.

        Watch now

        The business impact of cyber risk

        KPMG reports 68% of CEOs believe a cyber-attack is a matter of when — not if. How is your organization preparing to mitigate cyber risk in the new year? Join David Kruse, technology risk consultant, Justin Webb, CIPP-certified attorney and Jeff McCollum, crisis response and public relations professional for strategies to help you discuss cybersecurity at the board level, assess and mitigate cyber risk at your organization, and reduce the business impact of cyber incidents through planning and response.

        Listen Now

        Find your boot camp

        Take the course online?
        Learn more about online
        866.471.0059
        • Today
        • Next week
        • Next month
        See additional dates

        Sign up

        Enroll in a boot camp

          See additional dates

          Frequently asked questions

          • Why is getting certified an important part of a career as an information security manager?
            • Earning a high-level certification like the CISM demonstrates a working knowledge not just of the security systems practitioner’s use, but the management of security professionals as well. Hard data also shows that Certified Information Security Managers earn a higher salary than their non-certified counterparts.

          • What's the job outlook for CISM professionals?
            • CISM holders are highly sought-after in the information security industry, and are more likely to land senior roles that require greater responsibility. Common job titles include: Information System Security Officer, Information Security Manager, Information/Privacy Risk Consultant, and many others. Click here for more information about the job outlook for CISM professionals.

          • What is the average CISM salary?
            • While salary depends on a number of factors — including job title, location, and relevant work experience — CISM holder salaries range from $52,402 to $243,610. Entry-level positions trend towards the lower end of the spectrum while senior level candidates can expect significantly higher salaries. Click here for more detailed CISM salary information.

          • What does this CISM training course provide that other offerings do not?
            • Infosec’s CISM boot camp has the highest pass rate in the industry — 93%! Our award-winning training utilizes a five-day model of rigorous coursework with a knowledgeable instructor so that you can rest assured you’re receiving the best training in the industry. And with our Exam Pass Guarantee, you can focus all your attention on the learning process instead of stressing out about pass rates!

          • What are the pre-requirements for taking the CISM?
            • In order to receive the CISM certification, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work. This work experience must be gained within a ten-year time period before the application date for certification — or within five years of originally passing the exam. Click here for more information about the pre-requirements of the CISM.

          • What qualifies as information security management experience?
            • The information security management field is broad and, out of necessity, often encompasses many duties within the security profession. Due to this, ISACA has defined four categories within their Job Task Analysis in order to narrow down their definition of what constitutes as information security management work. CISM candidates must perform the designated tasks within at least 3 of these 4 categories. Click here to see ISACA’s breakdown of their Job Task Analysis domains.

          • How does the CISM examination process work?
            • As of 2017, the CISM is administered digitally. The format is multiple-choice, with questions delivered one-at-a-time, giving you the option to flag more difficult ones to return to later. While it is multiple-choice, some questions may have more than one correct answer. In these instances, the test-taker must select the answer that they believe is most correct. The exam lasts around 4 hours and includes 150 questions.

          • Is the online CISM boot camp as effective and informative as an in-person training session?
            • The short answer: Yes! Participants of the live online boot camp also get an Exam Pass Guarantee and other training features in addition to a live instructor.

          • How is the CISM related to the DoD 8570?
            • The Department of Defense (DoD) Directive 8570 requires anyone seeking a government job to hold certain certifications before they can be hired in a position related to information security. The CISM fulfills the DoD 8570’s requirements.

          • What material is covered on the CISM exam?
            • The CISM exam covers four domains that are weighted as follows: Information Security Governance (24%), Information Risk Management and Compliance (30%), Information Security Program Development and Management (27%), and Information Security Incident Management (19%). Click here for a detailed breakdown of what each domain covers.

          • How is the CISM certification different from the other comparable security certifications?
            • The CISM is unique in its focus on management and meeting experience requirements. While other certifications are focused on tech skills or platform/product-specific knowledge, the CISM targets professionals who have progressed beyond the role of the practitioner.

          • How does the CISM experience waiver work?
            • Certain experience substitutions can be used to satisfy the information security work experience requirement. However, none of these waivers satisfy any portion of the 3-year information security management requirement. For a detailed breakdown of what fulfills the experience substitution criteria, click here.

          • How long is the CISM certification valid after you pass the test, and what are the renewal requirements?
            • The CISM certification remains valid if holders comply with the continuing education policy of completing and reporting 20 CPE (Continuing Professional Education) hours annually and paying the CISM maintenance fee. Click here for more information on maintaining your CISM.

          • Is an exam voucher included with the purchase of this course?
            • Yes, an exam voucher is included.

          • What are some tips for preparing for the CISM?
            • Enrolling in an exam prep course like Infosec’s is a fantastic step towards earning your CISM. And with our exam pass rate of 94%, no one in the industry can compare! Other things you can do to get ready for the exam include making use of ISACA’s official prep guide, taking practice exams online, and figuring out which methods of self-study work best for you. Click here to read more tips for CISM exam success.

          Infosec logo

          Products

          Infosec IQ Security awareness, culture & phishing simulator Infosec Skills Hands-on skill development & boot camps

          Resources

          Cyber Work Blog Infosec Inspire Events & webcasts

          Company

          Contact us About Infosec Careers Newsroom Partners
          • ©2022 Infosec Institute, Inc.
            • Trademarks
            • Privacy Policy

          Infosec, part of Cengage Group

          We use cookies to personalize your experience and optimize site functionality. Accept Cookie settings
          Privacy & Cookies Policy

          Infosec cookie notice

          We use cookies to help understand your needs, optimize website functionality and give you the best experience possible. Use this policy to understand how, when and where cookies are stored on your device. 

          Want to know more? Contact [email protected].
          Necessary
          Always Enabled
          This type of cookie helps keep our website functioning. They provide access to account-based features and other secure areas of our site, and do not store information about you that could be used for marketing. This category of cookies cannot be disabled.
          Analytics
          Google Analytics cookies help us understand how visitors use our site. All data collected from Google Analytics is anonymized (including your IP address) and stored by Google on U.S. servers.
          Marketing
          We use this type of cookie to optimize our marketing campaigns. Marketing cookies are delivered by our database when you visit our site, complete a form or open email from us. Information stored in this cookie includes personal information like your name and what pages you view on our site.
          Save & Accept