[SPECIAL OFFER] Save $500 on in-person training April 19th-23rd! View Pricing

Boot Camp

ISACA CISM Training Boot Camp

The Certified Information Security Manager (CISM) certification path is designed for individuals that oversee, design or assess an enterprise’s information security. You’ll learn about information security governance, risk management, program development and incident management.

4.5 (1,925 ratings) | 93% exam pass rate

Quick facts

  • Online, in-person, team onsite
  • 5-days of live training
  • 5+ years' experience
  • $129,000 average salary
  • Learn more
Request Information

Get certified, guaranteed

About our ISACA CISM Training Boot Camp

  • 90-day extended access to Boot Camp components, including class recordings
  • 12-Month subscription to the ISACA Official Question, Answer & Explanation (QAE) database
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path
  • Unlimited practice exam attempts

Award-winning training you can trust

Wistia video thumbnail

What you'll learn

Training overview

This CISM Boot Camp is designed for experienced information security managers and other professionals who manage, design, oversee or assess an enterprise’s information security.

The training prepares you for the CISM examination by testing your knowledge and your ability to apply it to real-world scenarios. You will gain in-depth knowledge of security governance, risk management, security program development and management, and security incident management. The boot camp has been updated to align with the new CISM job practice areas and is designed to fully prepare you to pass the challenging CISM exam.

ISACA Accredited Training Organization (ATO)

Infosec is one of a select number of ISACA accredited Elite+ Partners in the world. When you enroll in an Infosec CISM Boot Camp, you can rest assured you are receiving the most effective and up-to-date certification prep available, including official ISACA training materials and instruction that has been independently assessed to meet ISACA’s quality standards.

Before your boot camp


To become a CISM, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.


Training schedule

Day 1: Information security governance
  • Information security concepts
  • Relationship between information security and business operations
  • Techniques used to secure senior management commitment and support of information security management
  • Methods of integrating information security governance into the overall enterprise governance framework
  • And much more
Day 2: Risk management
  • Information resources used in support of business processes
  • Information resource valuation methodologies
  • Information classification
  • The principles of development of baselines and their relationship to risk-based assessments of control requirements
  • And much more
Day 3: Information security program development and management
  • Methods to develop an implementation plan that meets security requirements identified in risk analyses
  • Project management methods and techniques
  • The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise
  • And much more
Day 4: Information security program development and management (continued)
  • How to interpret information security policies into operational use
  • Information security administration process and procedures
  • Methods for managing the implementation of the enterprise’s information security program through third parties, including trading partners and security services providers
  • Continuous monitoring of security activities in the enterprise’s infrastructure and business applications
  • And much more
Day 5: Information security incident management
  • Components of an incident response capability
  • Information security emergency management practices (e.g., production change control activities, development of computer emergency response team)
  • Disaster recovery planning and business recovery processes
  • Disaster recovery testing for infrastructure and critical business applications
  • And much more

Meets 8570.1 requirements

Attention DoD Information Assurance workers! This boot camp helps meet U.S. Department of Defense Directive 8570.1 requirements for department employees or contractors engaged in work related to information security.

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.


Frequently asked questions

Why is getting certified an important part of a career as an information security manager?

Earning a high-level certification like the CISM demonstrates a working knowledge not just of the security systems practitioner’s use, but the management of security professionals as well. Hard data also shows that Certified Information Security Managers earn a higher salary than their non-certified counterparts.

What's the job outlook for CISM professionals?

CISM holders are highly sought-after in the information security industry, and are more likely to land senior roles that require greater responsibility. Common job titles include: Information System Security Officer, Information Security Manager, Information/Privacy Risk Consultant, and many others. Click here for more information about the job outlook for CISM professionals.

What is the average CISM salary?

While salary depends on a number of factors — including job title, location, and relevant work experience — CISM holder salaries range from $52,402 to $243,610. Entry-level positions trend towards the lower end of the spectrum while senior-level candidates can expect significantly higher salaries. Click here for more detailed CISM salary information.

What does this CISM training course provide that other offerings do not?

Infosec’s CISM boot camp has the highest pass rate in the industry — 93%! Our award-winning training utilizes a five-day model of rigorous coursework with a knowledgeable instructor so that you can rest assured you’re receiving the best training in the industry. And with our Exam Pass Guarantee, you can focus all your attention on the learning process instead of stressing out about pass rates!

What are the pre-requirements for taking the CISM?

In order to receive the CISM certification, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work. This work experience must be gained within a ten-year time period before the application date for certification — or within five years of originally passing the exam. Click here for more information about the pre-requirements of the CISM.

What qualifies as information security management experience?

The information security management field is broad and, out of necessity, often encompasses many duties within the security profession. Due to this, ISACA has defined four categories within their Job Task Analysis in order to narrow down their definition of what constitutes as information security management work. CISM candidates must perform the designated tasks within at least 3 of these 4 categories. Click here to see ISACA’s breakdown of their Job Task Analysis domains.

How does the CISM examination process work?

As of 2017, the CISM is administered digitally. The format is multiple-choice, with questions delivered one-at-a-time, giving you the option to flag more difficult ones to return to later. While it is multiple-choice, some questions may have more than one correct answer. In these instances, the test-taker must select the answer that they believe is most correct. The exam lasts around 4 hours and includes 150 questions.

Is the online CISM boot camp as effective and informative as an in-person training session?

The short answer: Yes! Participants of the live online boot camp also get an Exam Pass Guarantee and other training features in addition to a live instructor.

How is the CISM related to the DoD 8570?

The Department of Defense (DoD) Directive 8570 requires anyone seeking a government job to hold certain certifications before they can be hired in a position related to information security. The CISM fulfills the DoD 8570’s requirements.

What material is covered on the CISM exam?

The CISM exam covers four domains that are weighted as follows: Information Security Governance (24%), Information Risk Management and Compliance (30%), Information Security Program Development and Management (27%), and Information Security Incident Management (19%). Click here for a detailed breakdown of what each domain covers.

How is the CISM certification different from the other comparable security certifications?

The CISM is unique in its focus on management and meeting experience requirements. While other certifications are focused on tech skills or platform/product-specific knowledge, the CISM targets professionals who have progressed beyond the role of the practitioner.

How does the CISM experience waiver work?

Certain experience substitutions can be used to satisfy the information security work experience requirement. However, none of these waivers satisfy any portion of the 3-year information security management requirement. For a detailed breakdown of what fulfills the experience substitution criteria, click here.

How long is the CISM certification valid after you pass the test, and what are the renewal requirements?

The CISM certification remains valid if holders comply with the continuing education policy of completing and reporting 20 CPE (Continuing Professional Education) hours annually and paying the CISM maintenance fee. Click here for more information on maintaining your CISM.

Is an exam voucher included with the purchase of this course?

Yes, an exam voucher is included.

What are some tips for preparing for the CISM?

Enrolling in an exam prep course like Infosec’s is a fantastic step towards earning your CISM. And with our exam pass rate of 94%, no one in the industry can compare! Other things you can do to get ready for the exam include making use of ISACA’s official prep guide, taking practice exams online, and figuring out which methods of self-study work best for you. Click here to read more tips for CISM exam success.

Enroll in a boot camp

  • October 30, 2023 - November 3, 2023

    Dulles, Virginia | Available online

    Exam Pass Guarantee
  • November 27, 2023 - December 1, 2023

    Online only

    Exam Pass Guarantee
  • January 22, 2024 - January 26, 2024

    Online only

    Exam Pass Guarantee
  • February 12, 2024 - February 16, 2024

    Dulles, Virginia | Available online

    Exam Pass Guarantee
  • February 26, 2024 - March 1, 2024

    San Diego, California | Available online

    Exam Pass Guarantee
  • March 18, 2024 - March 22, 2024

    Orlando, Florida | Available online

    Exam Pass Guarantee
1 2