Domain 3: Information Security Program Development and Management Course

Course 3 covers ISACA CISM Domain 3, including sections on information security programs, from design and implementation to risk monitoring and reporting.

5 hours, 57 minutes

Course description

CISM Domain 3 covers information security program development beginning with what resources are needed to develop an effective program and moving into current standards and frameworks; creating a road map; measuring effectiveness with metrics; awareness and training; effective program communications; program performance review; and more.


Domain 3: Information security program development supplemental materials

File - 00:15:00

The supplemental materials for Domain 3 include documents with key terms, definitions, and other materials that will help students prepare for the ISACA CISM exam.
Domain 3: Information security program development participant guide

File - 00:15:00

This participant guide include the various slides that the instructor went over in the videos for Domain 3 so that participants can review the main ideas, as well as relevant charts, graphics, questions and activities.
Domain 3: Information security program development course summary

Video - 00:03:00

A short summary of Domain 3, reviewing the main areas covered in the preceding videos on Information security program development
Program communications, reporting and performance management

Video - 00:48:00

This video discusses one of the most important elements in any information security program: effective communication and reporting regarding security and privacy objectives, ongoing risk status, program evaluation, compliance monitoring and enforcement, and areas for improvement, as well as steps in the PDCA process.
Integrating the security program with IT operations

Video - 01:21:00

In this video, the instructor explains how the information security manager must partner with others in the organization to incorporate and integrate elements of enterprise information and technology governance and management to create an effective IS program that defines and assigns roles and responsibilities to various stakeholders, recognizes the skills of various stakeholders and more.
IS awareness and training

Video - 00:14:00

In this video, the role of the information security manager in creating, managing, and testing IS awareness and training for various intended audiences is described.
IS program management

Video - 00:57:00

This video focuses on building and managing an IS program with the use of various types of controls and countermeasures, which must be selected based on the objectives set out for the enterprise, including techniques such as control automation, SOAR (security orchestration, automation and response) solutions, and program testing and evaluation.
IS program metrics

Video - 00:33:00

This video provides the learner with information about creating a monitoring system that provides metrics and measures so that management is informed and can make appropriate decisions about the enterprise’s safety.
Defining an IS program road map

Video - 00:18:00

This video defines what an effective IS program road map must include and how to build one that applies a controls process, uses applicable frameworks and architectures, focuses on defined objectives, and has a distinct lifecycle.
IS standards and frameworks

Video - 00:26:00

This video describes the broad policies, standards, procedures and frameworks that provide common reference points and guidance for managing an information security program, such as enterprise information security architecture (EISA) and alternative architectures, as well as IS program outcomes and typical components.
IS program development and resources

Video - 00:42:00

This video focuses on the importance of using development objectives that support business functions and minimize operational disruptions when developing an IS program, as well as discussing steps to create a program; essential elements (such as a scope and charter); necessary resources and budgeting; and common challenges and constraints.
Introduction to CISM Domain 3: Information security program development

Video - 00:04:00

The instructor provides a brief introduction to the learning objectives and an outline of the materials covered by the videos for ISACA CISM Domain 3: Information security program management, which is weighted at 33% of the exam.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust