Course description

CISM training provides delegates with the knowledge and skillset required to design, plan, implement and maintain an information security program to continually mitigate risks associated with information and information systems in an organisation. Upon completion of the training, delegates will be able to:
  • Build on their basic understanding of information security;
  • Acquire necessary knowledge, skills and tools to set up and manage an information security program;
  • Establish and maintain an information security governance framework and supporting processes to ensure information security strategy is aligned to the organisation’s context;
  • Manage information risk to acceptable level based on risk appetite to meet the organisation’s goals and objectives;
  • Develop and maintain an information security program that proactively identifies and manages risks to protects the organisation’s assets while aligning to information security strategy and business
  • goals hence supporting an effective security posture;
  • Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimise business impact.

Course content

CISM course content consists of the program’s four domains as outlined below: Domain 1 – Information Security Governance
  • Explain the need for and the desired outcome of an effective information security strategy;
  • Create an information security strategy that is aligned to the organisation’s goals and objectives;
  • Gain stakeholder support using business cases;
  • Identify key roles and responsibilities needed to execute an action plan;
  • Establish metrics to measure and monitor the performance of security governance.
Domain 2 – Information Risk Management
  • Explain the importance of risk management as a tool to meet business needs and develop a security management program to support those needs;
  • Identify, rank and respond to risks in a way that is appropriate as defined by organisational directives;
  • Assess the appropriateness and effectiveness of information security controls;
  • Report information security risk effectively.
Domain 3 – Information Security Development and Management
  • Align information security program requirements with those of other business functions;
  • Manage the information security program resources;
  • Design and implement information security controls;
  • Incorporate information security requirements into contracts, agreements and third-party management processes.
Domain 4 – Information Security Incident Management
  • Understand the concepts and practices of Incident Management;
  • Identify the components of Incident Response Plan and evaluate its effectiveness;
  • Understand the concepts Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP);
  • Familiarise with the techniques used to test incident response capabilities.

Course Objectives

This CISM course will give you the requisite skillsets to design, deploy and manage security architecture for your organisation. The course is aligned with ISACA best practices and is designed to help you pass the CISM exam on your first attempt. Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification, and it is considered essential to ongoing education and career development. This course will see that you are well-equipped to manage the ongoing security, compliance and governance of your IT organisation.

Target audience

  • Information Security Officers
  • IT Security Auditor
  • System Auditor

Location / Delivery

  • Classroom

Start date

  • November 25, 2019


  • 5 days


  • £1,000.00 £1,200.00