Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.



Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

CISM Training

Online Instructor-led (4 days)

Classroom (4 days)

Online Self-paced (32 hours)

Certified Information Security Manager (CISM) Training Outline

Domain 1: Information Security Governance

Module 1: Introduction to Information Security Governance

  • About Information Security Governance
  • Reason for Security Governance
  • Security Governance Activities and Results
  • Risk Appetite
  • Organisation Culture

Module 2: Legal, Regulatory and Contractual Requirements

  • Introduction
  • Requirements for Content and Retention of Business Records

Module 3: Organisational Structures, Roles and Responsibilities

  • Roles and Responsibilities
  • Monitoring Responsibilities

Module 4: Information Security Strategy Development

  • Introduction
  • Business Goals and Objectives
  • Information Security Strategy Objectives
  • Ensuring Objective and Business Integration
  • Avoiding Common Pitfalls and Bias
  • Desired State
  • Elements of a Strategy

Module 5: Information Governance Frameworks and Standards

  • Security Balanced Scorecard
  • Architectural Approaches
  • Enterprise Risk Management Framework
  • Information Security Management Frameworks and Models

Module 6: Strategic Planning

  • Workforce Composition and Skills
  • Assurance Provisions
  • Risk Assessment and Management
  • Action Plan to Implement Strategy
  • Information Security Program Objectives

Domain 2: Information Security Risk Management

Module 7: Emerging Risk and Threat Landscape

  • Risk Identification
  • Threats
  • Defining a Risk Management Framework
  • Emerging Threats
  • Risk, Likelihood and Impact
  • Risk Register

Module 8: Vulnerability and Control Deficiency Analysis

  • Introduction
  • Security Control Baselines
  • Events Affecting Security Baselines

Module 9: Risk Assessment and Analysis

  • Introduction
  • Determining the Risk Management Context
  • Operational Risk Management
  • Risk Management Integration with IT Life Cycle Management Processes
  • Risk Scenarios
  • Risk Assessment Process
  • Risk Assessment and Analysis Methodologies
  • Other Risk Assessment Approaches
  • Risk Analysis
  • Risk Evaluation
  • Risk Ranking

Module 10: Risk Treatment or Risk Response Options

  • Risk Treatment/Risk Response Options
  • Determining Risk Capacity and Acceptable Risk
  • (Risk Appetite)
  • Risk Response Options
  • Risk Acceptance Framework
  • Inherent and Residual Risk
  • Impact
  • Controls
  • Legal and Regulatory Requirements
  • Costs and Benefits

Module 11: Risk and Control Ownership

  • Risk Ownership and Accountability
  • Risk Owner
  • Control Owner

Module 12: Risk Monitoring and Reporting

  • Risk Monitoring
  • Key Risk Indicators
  • Reporting Changes in Risk
  • Risk Communication, Awareness and Consulting
  • Documentation

Domain 3: Information Security Programme Development and Management

Module 13: Information Security Program Resources

  • Introduction
  • Information Security Program Objectives
  • Information Security Program Concepts
  • Common Information Security Program Challenges
  • Common Information Security Program Constraints

Module 14: Information Asset Identification and Classification

  • Information Asset Identification and Valuation
  • Information Asset Valuation Strategies
  • Information Asset Classification
  • Methods to Determine Criticality of Assets and Impact of Adverse Events

Module 15: Industry Standards and Frameworks for Information Security

  • Enterprise Information Security Architectures
  • Information Security Management Frameworks
  • Information Security Frameworks Components

Module 16: Information Security Policies, Procedures, and Guidelines

  • Policies
  • Standards
  • Procedures
  • Guidelines

Module 17: Information Security Program Metrics

  • Introduction
  • Effective Security Metrics
  • Security Program Metrics and Monitoring
  • Metrics Tailored to Enterprise Needs

Module 18: Information Security Control Design and Selection

  • Introduction
  • Managing Risk Through Controls
  • Controls and Countermeasures
  • Control Categories
  • Control Design Considerations
  • Control Methods

Module 8: Security Programme Management

  • Risk Management
  • Risk Management Programme
  • Risk Treatment
  • Audit and Reviews
  • Third-Party Risk Management

Module 9: Security Programme Operations

  • Event Monitoring
  • Vulnerability Management
  • Security Engineering and Development
  • Network Protection
  • Endpoint Protection and Management
  • Identity and Access Management
  • Security Incident Management
  • Security Awareness Training
  • Managed Security Service Providers
  • Data Security
  • Cryptography
  • Symmetric Key Algorithms

Module 10: IT Service Management

  • Service Desk
  • Incident Management
  • Problem Management
  • Change Management
  • Configuration Management
  • Release Management
  • Service Levels Management
  • Financial Management
  • Capacity Management
  • Service Continuity Management
  • Availability Management
  • Asset Management

Module 11: Controls

  • Internal Control Objectives
  • Information Systems Control Objectives
  • General Computing Controls
  • Control Frameworks
  • Controls Development
  • Control Assessment

Module 12: Metrics and Monitoring

  • Types of Metrics
  • Audiences
  • Continuous Improvement

Domain 4: Information Security Incident Management

Module 13: Security Incident Response Overview

  • Phases of Incident Response

Module 14: Incident Response Plan Development

  • Objectives
  • Maturity
  • Resources
  • Roles and Responsibilities
  • Gap Analysis
  • Plan Development

Module 15: Responding to Security Incidents

  • Detection
  • Initiation
  • Evaluation
  • Recovery
  • Remediation
  • Closure
  • Post-Incident Review

Module 16: Business Continuity and Disaster Recovery Planning

  • Business Continuity Planning
  • Disaster
  • Disaster Recovery Planning
  • Testing BC and DR Planning

Show moredown

Who should attend this CISM Certified Information Security Manager Course?

The CISM Course is a globally recognised certification focusing on developing a professional’s expertise in managing Information Security Systems and Practices. This CISM Training Course can be beneficial for professionals, including:

  • Information Security Manager
  • Internal Auditors
  • Risk Management Specialists
  • Compliance Officers
  • Security Analysts
  • IT Consultants
  • Data Protection Officers

Prerequisites of the CISM Certified Information Security Manager Course

As a prerequisite for this CISM Certification Course, delegates must have an undergraduate degree or a high school diploma. Also, it is necessary to have at least three to five years of work experience in Information Security Management. The delegates must ensure that all their experience is independently verified by employers.

Certified Information Security Manager (CISM) Training Overview

Information Security Managers are IT experts who supervise other IT workers by performing various information and digital security activities. Information Security Managers are focused on ensuring that their team properly meets their organisation's Information Security demands. Ours is an extensive programme designed to equip Information Security Professionals with the knowledge and skills required to excel in Information Security management roles.

Our 4-day CISM Training Course covers all the essential topics with which delegates will become fully familiar with the Information Security system. They will also learn about the importance of risk management, strategy development, asset valuation, gap analysis, data security, financial management, and many more. Our world-class trainers with years of experience in teaching such CISM Courses will conduct this training and will help you get a complete understanding of the CISM Training Course.

Course Objectives

  • Gain an understanding of risk management principles and practices
  • CISM Course covers Information Security governance frameworks and best practices
  • To work with compliance monitoring and enforcement
  • To acquire skills in security program metrics and monitoring
  • To gain an understanding of incident management response teams
  • To attain knowledge about identifying causes and corrective actions

After attending our CISM Training Course, delegates will be able to implement a risk management programme in an organisation effectively. They will also be able to efficiently plan business continuity, disaster recovery, and risk management.

Show moredown

What’s included in this CISM Certified Information Security Manager Course?

  • World-Class Training Sessions from Experienced Instructors
  • Certificate of Completion for CISM
  • Digital Delegate Pack

Show moredown

Not sure which course to choose?

Speak to a training expert for advice if you are unsure of what course is right for you. Give us a call on 01344203999 or Enquire.

Package deals

Our training experts have compiled a range of course packages to compliment a variety of categories in order to help fast track your career. The packages consist of the best possible qualifications in each industry and allows you to purchase multiple courses at a discounted rate.

Swipe for more. Don’t miss out!

CISM Training FAQs


CISM Certification is a globally recognised certification for Information Security Management. It validates an individual's expertise in developing and managing an enterprise's Information Security programme.
CISM Training Courses are designed for anyone interested/involved in Information Systems Management. However, CISM targets a specific audience, including Information Security Managers, Information Security Officers, Risk Management Professionals, IT Governance Professionals, Information Security Consultants, Security Architects and Engineers, Compliance Officers, and Security Analysts.
The Knowledge Academy’s CISM Training Course includes world-class training from experienced instructors, a completion certificate, and a digital delegate pack.
The CISM Course is generally not recommended for beginners. It is designed for management-level professionals who have substantial experience in overseeing an organisation's Information Security programme. The CISM Certification Course is more suited for those who are already in a managerial role or are aspiring to move to a higher level of responsibility within Information Security Management.
As a prerequisite of this CISM Certification Course, delegates must have an undergraduate degree or a high school diploma. Also, it is necessary to have at least three to five years of work experience in the field of Information Security Management. The delegates must ensure that all their experience is independently verified by employers.
The online instructor-led and classroom sessions last four days, while the online self-paced session lasts 32 hours.
The CISM Certification is globally recognised and highly respected in the field of Information Security Management. Registering for the CISM Certification Training Course serves as a testament to your knowledge, skills, and expertise in developing and managing an organisation's Information Security programme. It equips you with a comprehensive understanding of Information Security governance, program development, risk management, and incident management. Furthermore, CISM professionals often command higher salaries and greater job prospects.
The CISSP (Certified Information Systems Security Professional) and CISM (Certified Information Security Manager) Certifications are both highly respected credentials in the field of information security, but they target different aspects and are suited for different career paths. The CISSP is more inclined towards technical aspects of Information Security, while the CISM is more focused on the management and governance side of Information Security. CISSP can be valuable for roles like Security Consultant, Security Analyst, and Security Manager. On the other hand, CISM is particularly beneficial for roles like Information Security Manager, Risk Manager, and IT Auditor.
The Knowledge Academy is a leading training provider due to its comprehensive course offerings, world-class training from experienced instructors, global presence, and reputation for delivering high-quality training and certifications. Our CISM Certification Training Course is designed to equip you with the skills and knowledge to become a proficient professional in the field of Information Security management.
You should contact the course administrator or The Knowledge Academy’s customer support team for assistance accessing your courses, including the CISM Certification Training Course.
After completing our CISM Course, you will receive a “Certificate of Completion for CISM” from The Knowledge Academy.
Yes, the CISM Certificatione is worth it. The CISM Training Course is globally recognised and highly respected in the field of Information Security Management. Completing a CISM Course validates your expertise in developing and managing an organisation's Information Security programme, enhancing your professional credibility and career prospects.
The difficulty level of the CISM exam can vary depending on an individual's preparation and experience. While the exam can be challenging, with the right dedication, study, and experience, it is possible to crack and obtain the CISM Certification.
A Knowledge Pass is a pre-paid voucher for training that grants you the flexibility to register for an unlimited number of courses over a period of 12 months. This option lets you manage your budget effectively while choosing courses that can be conducted in any location or online, virtually, or onsite. Moreover, the amount you spend and the types of courses you select will qualify you for various discounts.
Please see our CISM Training courses available in the United Kingdom
The Knowledge Academy is the Leading global training provider for CISM Training.
The price for CISM Training certification in the United Kingdom starts from £1995.

Why we're the go to training provider for you


Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.


Trusted & Approved

We are accredited by PeopleCert on behalf of AXELOS


Many delivery methods

Flexible delivery methods are available depending on your learning style.


High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo