Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.



Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

Course Information

Certified Information Security Manager (CISM) Training Outline

This CISM training course covers the following areas:

Domain 1: Information Security Governance

Module 1: Organisational Culture

  • About Information Security Governance
  • Reason for Security Governance
  • Security Governance Activities and Results
  • Risk Appetite

Module 2: Legal, Regulatory, and Contractual Requirements

  • Introduction
  • Requirements for Content and Retention of Business Records

Module 3: Organisational Structures, Roles and Responsibilities

  • Roles and Responsibilities
  • Monitoring Responsibilities

Module 4: Information Security Strategy Development

  • Introduction
  • Business Goals and Objectives
  • Information Security Strategy Objectives
  • Ensuring Objective and Business Integration
  • Avoiding Common Pitfalls and Bias
  • Desired State
  • Elements of a Strategy

Module 5: Information Governance Frameworks and Standards

  • Security Balanced Scorecard
  • Architectural Approaches
  • Enterprise Risk Management Framework
  • Information Security Management Frameworks and Models

Module 6: Strategic Planning

  • Workforce Composition and Skills
  • Assurance Provisions
  • Risk Assessment and Management
  • Action Plan to Implement Strategy
  • Information Security Program Objectives

Domain 2: Information Security Risk Management

Module 7: Emerging Risk and Threat Landscape

  • Risk Identification
  • Threats
  • Defining a Risk Management Framework
  • Emerging Threats
  • Risk, Likelihood and Impact
  • Risk Register

Module 8: Vulnerability and Control Deficiency Analysis

  • Introduction
  • Security Control Baselines
  • Events Affecting Security Baselines

Module 9: Risk Assessment and Analysis

  • Introduction to Risk Assessment and Analysis
  • Determining the Risk Management Context
  • Operational Risk Management
  • Risk Management Integration with IT Life Cycle Management Processes
  • Risk Scenarios
  • Risk Assessment Process
  • Risk Assessment and Analysis Methodologies
  • Other Risk Assessment Approaches
  • Risk Analysis
  • Risk Evaluation
  • Risk Ranking

Module 10: Risk Treatment / Risk Response Options

  • Introduction to Risk Treatment / Risk Response Options
  • Determining Risk Capacity and Acceptable Risk (Risk Appetite)
  • Risk Response Options
  • Risk Acceptance Framework
  • Inherent and Residual Risk
  • Impact
  • Controls
  • Legal and Regulatory Requirements
  • Costs and Benefits

Module 11: Risk and Control Ownership

  • Risk Ownership and Accountability
  • Risk Owner
  • Control Owner

Module 12: Risk Monitoring and Reporting

  • Risk Monitoring
  • Key Risk Indicators
  • Reporting Changes in Risk
  • Risk Communication, Awareness and Consulting
  • Documentation

Domain 3: Information Security Program Development and Management

Module 13: Information Security Program Resources

  • Introduction to Security Program Development and Management
  • Information Security Program Objectives
  • Information Security Program Concepts
  • Common Information Security Program Challenges
  • Common Information Security Program Constraints

Module 14: Information Asset Identification and Classification

  • Information Asset Identification and Valuation
  • Information Asset Valuation Strategies
  • Information Asset Classification
  • Methods to Determine Criticality of Assets and Impact of Adverse Events

Module 15: Industry Standards and Frameworks for Information Security

  • Enterprise Information Security Architectures
  • Information Security Management Frameworks
  • Information Security Frameworks Components

Module 16: Information Security Policies, Procedures, and Guidelines

  • Policies
  • Standards
  • Procedures
  • Guidelines

Module 17: Information Security Program Metrics

  • Introduction to Information Security program Metrics
  • Effective Security Metrics
  • Security Program Metrics and Monitoring
  • Metrics Tailored to Enterprise Needs

Module 18: Information Security Control Design and Selection

  • Introduction
  • Managing Risk Through Controls
  • Controls and Countermeasures
  • Control Categories
  • Control Design Considerations
  • Control Methods

Module 19: Information Security Control Implementation, Integration, Testing, and Evaluation

  • Introduction
  • Baseline Controls
  • Introduction
  • Control Strength
  • Control Recommendations

Module 20: Information Security Awareness and Training

  • Security Awareness Training and Education
  • Developing an Information Security Awareness Program
  • Role Based Training

Module 21: Management of External Services

  • Governance of Third-Party Relationships
  • Third Party Service Providers
  • Outsourcing Challenges
  • Third-Party Access

Module 22: Information Security Program Communications and Reporting

  • Program Management Evaluation
  • Plan-Do-Check-Act Cycle
  • Security Reviews and Audits
  • Compliance Monitoring and Enforcement
  • Monitoring Approaches
  • Measuring Information Security Management Performance
  • Ongoing Monitoring and Communication

Domain 4: Incident Management

Module 23: Incident Response Plan

  • Introduction to Incident Response Plan
  • Relationship Between Incident Management and Incident Response
  • Goals of Incident Management and Incident Response
  • Incident Handling and Management Life Cycle
  • Incident Management and Incident Response Plans
  • Importance of Incident Management
  • Outcomes of Incident Management
  • Incident Management Resources
  • Policies and Standards
  • Incident Management Objectives
  • Strategic Alignment
  • Response and Recovery Plan
  • Role of Information Security Manager in Incident Management
  • Risk Management
  • Assurance Process Integration
  • Value Delivery
  • Resource Management
  • Defining Incident Management Procedures
  • Detailed Plan of Action for Incident Management
  • Current State of Incident Response Capability
  • Developing and Incident Response Plan
  • Incident Management Response Teams
  • Organising, Training and Equipping the Resource Staff
  • Incident Notification Process
  • Challenges in Developing an Incident Management Plan

Module 24: Business Impact Analysis

  • Introduction to Business Impact Analysis
  • Elements of Business Impact Analysis
  • Benefits of Conducting a Business Impact Analysis

Module 25: Business Continuity Plan

  • Integrating Incident Response with Business Continuity
  • Methods for Providing Continuity of Network Services
  • High-Availability Considerations
  • Insurance

Module 26: Disaster Recovery Plan

  • Introduction to Disaster
  • Business Continuity and Disaster Recovery Procedures
  • Recovery Operations
  • Evaluating Recovery Strategies
  • Addressing Threats
  • Recovery Sites
  • Basis for Recovery Site Selection
  • Response and Recovery Strategy Implementation

Module 27: Incident Classification/Categorisation

  • Introduction to Incident Classification/Categorisation
  • Escalation Process for Effective Incident Management
  • Help/Service Desk Processes for Identifying Security Incidents

Module 28: Incident Management Training, Testing and Evaluation

  • Incident Management Roles and Responsibilities
  • Incident Management Metrics and Indicators
  • Performance Measurement
  • Updating Recovery Plans
  • Testing Incident Response and Business Continuity/Disaster Recovery Plans
  • Periodic Testing of the Response and Recovery Plans
  • Testing for Infrastructure and Critical Business Applications
  • Types of Tests
  • Test Results
  • Recovery Test Metrics

Module 29: Incident Management Tools and Technologies

  • Incident Management Systems
  • Incident Response Technology Foundations
  • Personnel
  • Skills
  • Awareness and Education
  • Audits
  • Outsourced Security Providers

Module 30: Incident Investigation, Evaluation, and Containment Methods

  • Introduction
  • Executing Response and Recovery Plans
  • Introduction to Incident Containment Methods

Module 31: Incident Response Communication, Eradication, and Recovery

  • Introduction to Incident Response Communication
  • Notification Requirements
  • Communication Networks
  • Eradication Activities
  • Recovery

Module 32: Post-Incident Review Practices

  • Introduction Post-Incident Review Practices
  • Identifying Causes and Corrective Actions
  • Documenting Events
  • Establishing Legal Procedures to Assist Post-Incident Activities
  • Requirements for Evidence
  • Legal Aspects of Forensic Evidence

Show moredowndown

Who Should Attend and Prerequisites 


There are no prerequisites for this CISM training course. However, candidates will thrive if they have some information security experience.


This training course is designed for experienced Information Security Managers and others involved in directing information security programmes. However, this training course will be much more beneficial for:

  • Information Security Managers
  • IT Consultants
  • Chief Information Officers

Certified Information Security Manager (CISM) Training Overview

Information security managers are IT experts that supervise other IT workers by performing various information and digital security activities. Information security managers are focused on ensuring that their team properly meets their organisation's information security demands. The CISM (Certified Information Security Manager) Training course will assist students in understanding information security system topics. It helps associations by recommending and implementing needed updates to the existing systems. This training will also indicate the expertise of individuals in information security governance, programme development and management, and risk management. Acquiring the necessary skills and knowledge of data security will undoubtedly assist individuals in pursuing various international jobs. 

This 4-day CISM (Certified Information Security Manager) training course covers all the essential topics by which delegates will become fully familiar with the information security system. During this training, delegates will get familiar with the information security programme development and management. They will also learn about the importance of risk management, strategy development, asset valuation, gap analysis, data security, financial management, and many more. Our highly professional trainer with years of experience in teaching such courses will conduct this training course and will help you get a complete understanding of this course.

Course Objectives

  • To learn about security governance activities and results
  • To work with Compliance Monitoring and Enforcement
  • To acquire skills about security program metrics and monitoring
  • To gain an understanding of incident management response teams
  • To become familiar with risk communication, awareness and consulting
  • To attain knowledge about identifying causes and corrective actions

After attending this CISM (Certified Information Security Manager) training course, delegates will be able to implement a risk management programme in an organisation effectively. They will also be able to efficiently plan business continuity, disaster recovery, and risk management

Show moredowndown

What’s Included in this CISM Training Course?

  • Exam Pass Guarantee
  • Experienced CISM Instructor
  • Certificate on Completion
  • Refreshments

Show moredowndown

Why choose us

Ways to take this course

Our easy to use Virtual platform allows you to sit the course from home with a live instructor. You will follow the same schedule as the classroom course, and will be able to interact with the trainer and other delegates.

Our fully interactive online training platform is compatible across all devices and can be accessed from anywhere, at any time. All our online courses come with a standard 90 days access that can be extended upon request. Our expert trainers are constantly on hand to help you with any questions which may arise.

This is our most popular style of learning. We run courses in 1200 locations, across 200 countries in one of our hand-picked training venues, providing the all important ‘human touch’ which may be missed in other learning styles.


Highly experienced trainers

All our trainers are highly qualified, have 10+ years of real-world experience and will provide you with an engaging learning experience.


State of the art training venues

We only use the highest standard of learning facilities to make sure your experience is as comfortable and distraction-free as possible


Small class sizes

We limit our class sizes to promote better discussion and ensuring everyone has a personalized experience


Great value for money

Get more bang for your buck! If you find your chosen course cheaper elsewhere, we’ll match it!

This is the same great training as our classroom learning but carried out at your own business premises. This is the perfect option for larger scale training requirements and means less time away from the office.


Tailored learning experience

Our courses can be adapted to meet your individual project or business requirements regardless of scope.


Maximise your training budget

Cut unnecessary costs and focus your entire budget on what really matters, the training.


Team building opportunity

This gives your team a great opportunity to come together, bond, and discuss, which you may not get in a standard classroom setting.


Monitor employees progress

Keep track of your employees’ progression and performance in your own workspace.

What our customers are saying

CISM Certified Information Security Manager FAQs


No, the exam is not included. Delegates need to book their exam through ISACA website
We provide CISM delegates with an exam pass guarantee, so if they enrol on CISM we are confident that they will pass the ISACA examination. All we require is that delegates attend all training days, complete any extra work they may be given, and carry out revision.
No, you do not need any prior qualifications to attend this CISM training course.
We run CISM Certified Information Security Manager in locations all over the UK and across the globe, so you will be able to find a course near you.
The information security manager is in charge of securing a company's computers, networks, and data from computer viruses, security breaches, and harmful hacker assaults.
Monitor all operations and infrastructure, maintain all security tools and technology, monitor internal and external policy compliance, monitor regulation compliance, ensure cybersecurity stays on the organisational radar, etc., are the main roles and responsibilities of the information security manager.
Preparation, identification, containment, eradication, recovery, and lessons learned are the phases of incident response.
External benchmarking, profit percentage analysis, process improvement, understanding key performance indicators, identifying gaps in the market, launching a new product, etc., are the benefits of gap analysis.
During the CISM (Certified Information Security Manager) Training course, you will learn various essential topics such as disaster recovery planning, risk assessment and analysis, plan development, maturity, types of metrics, incident management tools and technologies configuration management, capacity management, business alignment, and many more.
The price for CISM Certified Information Security Manager certification in the United Kingdom starts from £1995
The Knowledge Academy is the Leading global training provider for CISM Certified Information Security Manager.
Please see our CISM Training courses available in the United Kingdom

Why choose us


Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.


Many delivery methods

Flexible delivery methods are available depending on your learning style.


High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo
backBack to course information

Security Certification

Save upto 25%
4 courses
Included courses:

ISO 27001 Lead Auditor£1995

CISA Certified Information Systems Auditor£1995

CISM Certified Information Security Manager£1995

CISSP Certification Course£1995

Total without package:  £7980

Package price:  £5995 (Save £1985)

Purchase now

Information Security Bundle

Save upto 40%
3 courses
Included courses:

ISO 27001 Lead Auditor£1995

CISM Certified Information Security Manager£1995

CISSP Certification Course£1995

Total without package:  £5985

Package price:  £3595 (Save £2390)

Purchase now