Skip to content

Certified Information Security Manager (CISM)




£199 inc VAT
Or £66.33/mo. for 3 months...
Study method
Online, self-paced
15 hours
Access to content
1 year
Certified Information Security Manager (CISM)
Professional certification What's this?
Additional info
  • Exam(s) / assessment(s) not included in price, and must be purchased separately
  • Tutor is available to students

Add to basket or enquire


The Certified Information Security Manager (CISM) course helps the candidates to achieve the CISM certification. The certification is offered by the Information Systems Audit and Control Association (ISACA) to validate the expertise and knowledge of the candidates regarding the relationship between an information security program and the broader business targets. The certification also validates that the candidate has the hands-on knowledge of developing, managing and implementing an information security program for an organization.

CISM certification is a certification by ISACA for experienced Information security management professionals with work experience in developing and managing information security programs. The CISM course covers the four domains of the CISM certification exam. The course is an ideal preparatory course for the students seeking to gain CISM certification as well as the IT security and information security professionals looking to build on their practical experience.


  • As the case with the CISM certification exam, the candidates are required to have a minimum of five years of experience in information security management.

Student Materials:

Student Workbook
Student Prep Guide

Certification Exams:

Certified Information Security Manager

Who Should Attend?

  • Experienced information security managers and officers
  • IT consultants and managers
  • IT auditors
  • IT security policy makers
  • Privacy officers
  • Network administrators
  • Network security engineers
  • Candidates seeking CISM certificatio


Certified Information Security Manager (CISM)

Awarded by Mile2


Course Curriculum

Course Introduction

Introduction (0:10)

CourseI Introduction (1:02)

Instructor Introduction (1:20)

Information Security Governance

Lesson 1: Information Security Governance Overview (0:53)

Information Security Governance Overview Part1 (1:12)

Information Security Governance Overview Part2 (2:00)

Information Security Governance Overview Part3 (1:22)

Information Security Governance Overview Part4 (1:32)

Information Security Governance Overview Part5 (0:29)

Importance of Information Security Governance Part1 (1:18)

Importance of Information Security Governance Part2 (6:20)

Outcomes of Information Security Governance Part1 (0:33)

Outcomes of Information Security Governance Part2 (1:26)

Outcomes of Information Security Governance Part3 (2:45)

Outcomes of Information Security Governance Part4 (1:27)

Outcomes of Information Security Governance Part5 (1:54)

Outcomes of Information Security Governance Part6 (1:28)

Lesson 2: Effective Information Security Governance (0:31)

Business Goals and Objectives Part1 (1:31)

Business Goals and Objectives Part2 (2:00)

Roles and Responsibilities of Senior Management Part1 (1:02)

Roles and Responsibilities of Senior Management Part2 (0:43)

Domain Tasks Part1 (1:21)

Domain Tasks Part2 (3:16)

Business Model for Information Security Part1 (0:45)

Business Model for Information Security Part2 (1:09)

Business Model for Information Security Part3 (3:16)

Business Model for Information Security Part4 (1:37)

Dynamic Interconnections Part1 (0:34)

Dynamic Interconnections Part2 (2:55)

Dynamic Interconnections Part3 (1:55)

Dynamic Interconnections Part4 (0:51)

Lesson 3: Information Security Concepts and Technologies (3:26)

Information Security Concepts and Technologies Part1 (2:58)

Information Security Concepts and Technologies Part2 (3:25)

Information Security Concepts and Technologies Part3 (1:50)

Technologies Part1 (1:41)

Technologies Part2 (6:12)

Lesson 4: Information Security Manager (0:33)

Responsibilities (1:48)

Senior Management Commitment Part1 (0:48)

Senior Management Commitment Part2 (2:27)

Obtaining Senior Management Commitment Part1 (0:24)

Obtaining Senior Management Commitment Part2 (0:53)

Establishing Reporting and Communication Channels Part1 (1:13)

Establishing Reporting and Communication Channels Part2 (1:07)

Lesson 5: Scope and Charter of Information Security Governance (1:55)

Assurance Process Integration and Convergence (2:24)

Convergence (2:32)

Governance and Third-Party Relationships (2:38)

Lesson 6: Information Security Governance Metrics (0:56)

Metrics (1:38)

Effective Security Metrics Part1 (1:46)

Effective Security Metrics Part2 (1:01)

Effective Security Metrics Part3 (1:51)

Effective Security Metrics Part4 (0:39)

Security Implementation Metrics (1:17)

Strategic Alignment Part1 (2:56)

Strategic Alignment Part2 (1:10)

Risk Management (1:14)

Value Delivery (1:01)

Resource Management Part1 (0:47)

Resource Management Part2 (0:41)

Performance Measurement (3:06)

Assurance Process Integration/Convergence (2:54)

Lesson 7: Information Security Strategy Overview (0:53)

Another View of Strategy (0:41)

Lesson 8: Creating Information Security Strategy (0:16)

Information Security Strategy (1:22)

Common Pitfalls Part1 (4:38)

Common Pitfalls Part2 (2:19)

Objectives of the Information Security Strategy (1:33)

What is the Goal? (1:40)

Defining Objectives (1:22)

Business Linkages (1:48)

Business Case Development Part1 (1:43)

Business Case Development Part2 (2:36)

Business Case Development Part3 (0:45)

Business Case Objectives (0:57)

The Desired State (1:48)

COBIT (1:08)

COBIT Controls (1:09)

COBIT Framework (0:48)

Capability Maturity Model (1:38)

Balanced Scorecard (1:22)

Architectural Approaches (1:03)

ISO/IEC 27001 and 27002 (0:59)

Risk Objectives Part1 (1:38)

Risk Objectives Part2 (3:11)

Lesson 9: Determining Current State Of Security (0:45)

Current Risk Part1 (2:37)

Current Risk Part2 (1:11)

BIA (1:11)

Lesson 10: Information Security Strategy Development (1:52)

The Roadmap (1:01)

Elements of a Strategy (3:27)

Strategy Resources and Constraints (2:45)

Lesson 11: Strategy Resources (0:32)

Policies and Standards (1:00)

Definitions (5:48)

Enterprise Information Security Architectures (1:30)

Controls (3:00)

Countermeasures (0:55)

Technologies (1:50)

Personnel (1:54)

Organizational Structure (3:47)

Employee Roles and Responsibilities (0:28)

Skills (1:16)

Audits (1:41)

Compliance Enforcement (2:24)

Threat Assessment (1:41)

Vulnerability Assessment (2:21)

Risk Assessment (2:19)

Insurance (2:04)

Business Impact Assessment (2:32)

Outsourced Security Providers (2:57)

Lesson 12: Strategy Constraints (0:22)

Legal and Regulatory Requirements (1:42)

Physical Constraints (2:56)

The Security Strategy (1:35)

Lesson 13: Action Plan to Implement Strategy (1:13)

Gap Analysis Part1 (1:35)

Gap Analysis Part2 (0:52)

Gap Analysis Part3 (3:01)

Policy Development Part1 (1:41)

Policy Development Part2 (1:00)

Standards Development (2:44)

Training and Awareness (0:35)

Action Plan Metrics (1:23)

General Metric Considerations Part1 (0:23)

General Metric Considerations Part2 (0:35)

General Metric Considerations Part3 (0:42)

General Metric Considerations Part4 (0:23)

CMM4 Statements (2:00)

Objectives for CMM4 (0:47)

Section Review (0:44)

Review Questions

Information Risk Management

Lesson 1: Risk Management Overview (0:59)

Risk Management Overview (1:51)

Types of Risk Analysis (7:08)

The Importance of Risk Management (2:14)

Risk Management Outcomes (1:34)

Risk Management Strategy (1:49)

Lesson 2: Good Information Security Risk Management (4:14)

Context and Purpose (3:08)

Scope and Charter (0:38)

Assets (2:31)

Other Risk Management Goals (2:02)

Roles and Responsibilities (2:51)

Lesson 3: Information Security Risk Management Concepts (6:06)

Technologies (6:39)

Lesson 4: Implementing Risk Management (2:08)

The Risk Management Framework (2:00)

The External Environment (1:48)

The Internal Environment (2:06)

The Risk Management Context (0:47)

Gap Analysis (2:21)

Other Organizational Support (4:09)

Risk Analysis (1:22)

Lesson 5: Risk Assessment (1:19)

NIST Risk Assessment Methodology (3:49)

Aggregated or Cascading Risk (2:54)

Other Risk Assessment Approaches (1:18)

Identification of Risks (1:48)

Threats (1:08)

Vulnerabilities Part1 (2:11)

Vulnerabilities Part2 (4:10)

Risks (1:35)

Analysis of Relevant Risks (1:48)

Risk Analysis (2:29)

Semi -Quantitative Analysis (1:51)

Quantitative Analysis Example (4:14)

Evaluation of Risks (0:46)

Risk Treatment Options (4:39)

Impact (2:59)

Lesson 6: Controls Countermeasures (0:25)

Controls (4:43)

Residual Risk (3:38)

Information Resource Valuation (1:33)

Methods of Valuing Assets (1:36)

Information Asset Classification (3:32)

Determining Classification (2:05)

Impact Part1 (3:53)

Impact Part2 (1:03)

Lesson 7: Recovery Time Objectives (0:49)

Recovery Point Objectives (4:18)

Service Delivery Objectives (1:58)

Third-Party Service Providers (1:43)

Working with Lifecycle Processes (2:08)

IT System Development (2:11)

Project Management Part1 (0:46)

Project Management Part2 (2:10)

Lesson 8: Risk Monitoring and Communication (1:17)

Risk Monitoring and Communication (0:38)

Other Communications (1:25)

Section Review (1:01)

Review Questions

Information Security Program Development

Who is this course for?


Career path

Questions and answers

Currently there are no Q&As for this course. Be the first to ask a question.


Currently there are no reviews for this course. Be the first to leave a review.


What does study method mean?

Study method describes the format in which the course will be delivered. At courses are delivered in a number of ways, including online courses, where the course content can be accessed online remotely, and classroom courses, where courses are delivered in person at a classroom venue.

What are CPD hours/points?

CPD stands for Continuing Professional Development. If you work in certain professions or for certain companies, your employer may require you to complete a number of CPD hours or points, per year. You can find a range of CPD courses on, many of which can be completed online.

What is a ‘regulated qualification’?

A regulated qualification is delivered by a learning institution which is regulated by a government body. In England, the government body which regulates courses is Ofqual. Ofqual regulated qualifications sit on the Regulated Qualifications Framework (RQF), which can help students understand how different qualifications in different fields compare to each other. The framework also helps students to understand what qualifications they need to progress towards a higher learning goal, such as a university degree or equivalent higher education award.

What is an ‘endorsed’ course?

An endorsed course is a skills based course which has been checked over and approved by an independent awarding body. Endorsed courses are not regulated so do not result in a qualification - however, the student can usually purchase a certificate showing the awarding body’s logo if they wish. Certain awarding bodies - such as Quality Licence Scheme and TQUK - have developed endorsement schemes as a way to help students select the best skills based courses for them.