Domain 3: Information Security Program Development and Management

Course 3 covers ISACA CISM Domain 3, including sections on information security programs, from design and implementation to risk monitoring and reporting.


  • Introduction to CISM Domain 3: Information security program development Video — 00:04:20
    • The instructor provides a brief introduction to the learning objectives and an outline of the materials covered by the videos for ISACA CISM Domain 3: Information security program management, which is weighted at 33% of the exam.

  • IS program development and resources Video — 00:42:19
    • This video focuses on the importance of using development objectives that support business functions and minimize operational disruptions when developing an IS program, as well as discussing steps to create a program; essential elements (such as a scope a

  • IS standards and frameworks Video — 00:25:38
    • This video describes the broad policies, standards, procedures and frameworks that provide common reference points and guidance for managing an information security program, such as enterprise information security architecture (EISA) and alternative archi

  • Defining an IS program road map Video — 00:18:23
    • This video defines what an effective IS program road map must include and how to build one that applies a controls process, uses applicable frameworks and architectures, focuses on defined objectives, and has a distinct lifecycle.

  • IS program metrics Video — 00:32:52
    • This video provides the learner with information about creating a monitoring system that provides metrics and measures so that management is informed and can make appropriate decisions about the enterprise’s safety.

  • IS program management Video — 00:57:03
    • This video focuses on building and managing an IS program with the use of various types of controls and countermeasures, which must be selected based on the objectives set out for the enterprise, including techniques such as control automation, SOAR (secu

  • IS awareness and training Video — 00:14:07
    • In this video, the role of the information security manager in creating, managing, and testing IS awareness and training for various intended audiences is described.

  • Integrating the security program with IT operations Video — 01:21:21
    • In this video, the instructor explains how the information security manager must partner with others in the organization to incorporate and integrate elements of enterprise information and technology governance and management to create an effective IS pro

  • Program communications, reporting and performance management Video — 00:47:52
    • This video discusses one of the most important elements in any information security program: effective communication and reporting regarding security and privacy objectives, ongoing risk status, program evaluation, compliance monitoring and enforcement, a

  • Domain 3: Information security program development course summary Video — 00:03:08
    • A short summary of Domain 3, reviewing the main areas covered in the preceding videos on Information security program development


Course description

CISM Domain 3 covers information security program development beginning with what resources are needed to develop an effective program and moving into current standards and frameworks; creating a road map; measuring effectiveness with metrics; awareness and training; effective program communications; program performance review; and more.

Meet the author

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certification and skills training. We also empower all employees with security awareness training to stay cybersecure at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library