ISACA CISM Training Boot Camp

  • 5 Days
  • $4,499

Overview

This CISM Boot Camp is designed for experienced information security managers and other professionals who manage, design, oversee or assess an enterprise’s information security.

The training prepares you for the CISM certification exam by testing your knowledge and your ability to apply it to real-world scenarios. You will gain in-depth knowledge of security governance, risk management, security program development and management, and security incident management.

The boot camp has been updated to align with the new CISM job practice areas and is designed to fully prepare you to pass the challenging CISM exam. You will receive an exam voucher for the ISACA CISM certification exam with your enrollment. 

Our Certification Success Program, paired with our provided prep materials, boot camp sessions, and post-work, is designed to ease any concerns you may have when taking the certification exam. If your first attempt is unsuccessful, this program provides peace of mind that you may be eligible to take the certification exam a second time (if needed) at no additional fee.  

*To qualify for a second certification exam voucher, students must:  

  • Attend at least 85% of each day of class  
  • Score a 90% or higher on their final practice exam  
  • Take the first exam within 90 days of class completion 
  • Upload your exam failure notice from your first exam attempt 

Objectives

What you will learn

  • Information security governance
  • Security metrics and measuring the effectiveness
  • Managing acquisitions, implementations, incidents, and more

How you will benefit

  • Prepare for the CISM examination 
  • Gain in-depth knowledge of industry concepts and best practices
  • Accelerate your career growth by getting an in-demand credential that employers desire 

Requirements

Requirements:

Hardware Requirements:

  • This course can be taken on either a PC, Mac, or Chromebook device.
  • Speakers and a microphone (Built-in or USB plug-in or wireless)
  • Webcam

Software Requirements:

  • PC: Windows 7 or later operating systems.
  • Mac: OS 10.7 or later.
  • Browser: The latest version of Google Chrome or Mozilla Firefox is preferred. Microsoft Edge and Safari are also compatible.
  • Microsoft Word Online
  • Adobe Acrobat Reader
  • Zoom Meetings
  • Software must be installed and fully operational before the course begins.
  • Other: Email capabilities and access to a personal email account.

Instructional Material Requirements:

The student materials required for this course are included in enrollment and available online.

Prerequisites

Prerequisites:

This course is intended for chief information security officers, security systems administrators, information assurance analysts, IT security engineers, senior IT security consultants, senior information security risk officers, or anyone who manages or oversees security strategies.

Certification Requirements:

To meet the CISM requirements, you will need the following:  

  • Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten years preceding the application date for certification or within five years from the date of initially passing the exam.

Curriculum

  1. Information Security Governance
    1. Information security concepts
    2. Relationship between information security and business operations
    3. Techniques used to secure senior management commitment and support of information security management
    4. Methods of integrating information security governance into the overall enterprise governance framework
    5. Practices associated with an overall policy directive that captures senior management
    6. Level direction and expectations for information security in laying the foundation for information security management within an organization
    7. An information security steering group function
    8. Information security management roles, responsibilities and organizational structure
    9. Areas of governance (e.g., risk management, data classification management, network security, system access)
    10. Centralized and decentralized approaches to coordinating information security
    11. Legal and regulatory issues associated with internet businesses, global transmissions and transborder data flows (e.g., privacy, tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security)
    12. Common insurance policies and imposed conditions (e.g., crime or fidelity insurance, business interruption)
    13. Requirements for the content and retention of business records and compliance
    14. Process for linking policies to enterprise business objectives
    15. Function and content of essential elements of CISM details
    16. Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures
    17. Information security process improvement and its relationship to traditional process management, security architecture development and modeling, and security infrastructure
    18. Generally accepted international standards for information security management and related process improvement models
    19. The key components of cost benefit analysis and enterprise transformation/ migration plans (e.g., architectural alignment, organizational positioning, change management, benchmarking, market/competitive analysis)
    20. Methodology for business case development and computing enterprise value propositions
  2. Risk Management
    1. Information resources used in support of business processes
    2. Information resource valuation methodologies
    3. Information classification
    4. The principles of development of baselines and their relationship to risk-based assessments of control requirements
    5. Life-cycle-based risk management principles and practices
    6. Threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources
    7. Quantitative and qualitative methods used to determine sensitivity and criticality of information resources and the impact of adverse events
    8. Use of gap analysis to assess generally accepted standards of good practice for information security management against current state
    9. Recovery time objectives (RTO) for information resources and how to determine RTO
    10. RTO and how it relates to business continuity and contingency planning objectives and processes
    11. Risk mitigation strategies used in defining security requirements for information resources supporting business applications
    12. Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
    13. Managing and reporting status of identified risks
  3. Information Security Program Development & Management
    1. Methods to develop an implementation plan that meets security requirements identified in risk analyses
    2. Project management methods and techniques
    3. The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise
    4. Security baselines and configuration management in the design and management of business applications and the infrastructure
    5. Information security architectures (e.g., single sign-on, rules-based as opposed to list-based system access control for systems, limited points of systems administration)
    6. Information security technologies (e.g., cryptographic techniques and digital signatures, enabling management to select appropriate controls)
    7. Security procedures and guidelines for business processes and infrastructure activities
    8. Systems development life cycle methodologies (e.g., traditional SDLC, prototyping)
    9. Planning, conducting, reporting and follow-up of security testing
    10. Assessing and authorizing the compliance of business applications and infrastructure to the enterprise’s information security governance framework
    11. Types, benefits and costs of physical, administrative and technical controls
    12. Planning, designing, developing, testing and implementing information security requirements into an enterprise’s business processes
    13. Security metrics design, development, and implementation
    14. Acquisition management methods and techniques (e.g., evaluation of vendor service level agreements, preparation of contracts)
    15. How to interpret information security policies into operational use
    16. Information security administration process and procedures
    17. Methods for managing the implementation of the enterprise’s information security program through third parties, including trading partners and security services providers
    18. Continuous monitoring of security activities in the enterprise’s infrastructure and business applications
    19. Methods used to manage success/failure in information security investments through data collection and periodic review of key performance indicators
    20. Change and configuration management activities
    21. Information security management due diligence activities and reviews of the infrastructure
    22. Liaison activities with internal/external assurance providers performing information security reviews
    23. Due diligence activities, reviews and related standards for managing and controlling access to information resources
    24. External vulnerability reporting sources, which provide information that may require changes to the information security in applications and infrastructure
    25. Events affecting security baselines that may require risk reassessments and changes to information security requirements in security plans, test plans and reperformance
    26. Information security problem management practices
    27. Information security manager facilitative roles as change agents, educators and consultants
    28. Ways in which cultural and socially acceptable differences affect the behavior of staff
    29. Activities that can change cultural and socially acceptable behavior of staff
    30. Methods and techniques for security awareness training and education
  4. Information Security Incident Management
    1. Components of an incident response capability
    2. Information security emergency management practices (e.g., production change control activities, development of computer emergency response team)
    3. Disaster recovery planning and business recovery processes
    4. Disaster recovery testing for infrastructure and critical business applications
    5. Escalation processes for effective security management
    6. Intrusion detection policies and processes
    7. Help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks
    8. Notification process in managing security incidents and recovery (e.g., automated notice and recovery mechanisms in response to virus alerts in a real-time fashion)
    9. Requirements for collecting and presenting evidence: rules for evidence, admissibility of evidence, quality and completeness of evidence
    10. Post-incident reviews and follow-up procedures

Instructor

Boot camps are led by instructors that have years of industry experience and are recognized as subject matter experts.

FAQs

What is CISM?

The Certified Information Security Manager (CISM) certification validates your expertise in information security governance, program development and management, incident management, and risk management. It is designed for professionals with technical expertise and experience in IS/IT security who want to move from an integral team player up to manager. The CISM certification will help you gain credibility and will add confidence to your interactions with stakeholders, regulators, and peers.

What is the salary of a CISM?

The average certified professional CISM salary ranges from $52,402 to $243,610. Entry-level positions will garner a salary at the lower end of the spectrum. In contrast, candidates who have successfully handled complex projects and are placed at a senior level can expect a significantly higher five or six-figure salary. According to PayScale, the average information systems security manager's salary is $126,525. However, your relevant work experience and the nature of the IT security projects you have worked on will also influence your compensation regardless of your job title.

Does this course prepare for a certification?

Yes, you will be prepared for the ISACA CISM – Certified Information Security Manager exam. To sit for the exam, you will need to meet the following requirements:

  • Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten years preceding the application date for certification or within five years from the date of initially passing the exam.  

When can I start this course?

You can register for the boot camp whenever you are ready. Our team will help you select the session that will best fit you.

Can I register for courses if I am an international student?

Yes, ed2go courses are completely online. However, keep in mind that not all certifying bodies or industry-specific certifications are recognized internationally. Please review your country’s regulations prior to enrolling in courses that prepare for certification.

How long does it take to complete this course?

The boot camp is 5 days in length. You will have 12 months from the completion of the boot camp to access all boot camp materials.

What kind of support will I receive?

The boot camp instructor will be available during the session to answer any questions. You will also have access to the Infosec Skills platform where you will be able to create support requests, as needed.

What happens when I complete the course?

Upon successful completion of your boot camp session, you will be awarded a certificate of completion from Infosec and the school or organization that you registered through.

Am I guaranteed a job?

ed2go courses will help you gain the skills and knowledge you need to take the next step in your career and stand out to potential employers. However, you should always research the job market in your area before enrolling. 

Can I get financial assistance?

ed2go courses are non-credit, so they do not qualify for federal aid, FAFSA, and Pell Grant. In some states, vocational rehab or workforce development boards may provide funding to take our courses. Additionally, you may qualify for financial assistance if you meet certain requirements. Learn more about financial assistance.

How can I get more information about this course?

If you have questions that are not answered on our website, representatives are available via LIVE chat. You can also call us at 1-877-221-5151 during regular business hours to have your questions promptly answered. If you are visiting us during non-business hours, please send us a question using the “Contact Us.”

Overview

This CISM Boot Camp is designed for experienced information security managers and other professionals who manage, design, oversee or assess an enterprise’s information security.

The training prepares you for the CISM certification exam by testing your knowledge and your ability to apply it to real-world scenarios. You will gain in-depth knowledge of security governance, risk management, security program development and management, and security incident management.

The boot camp has been updated to align with the new CISM job practice areas and is designed to fully prepare you to pass the challenging CISM exam. You will receive an exam voucher for the ISACA CISM certification exam with your enrollment. 

Our Certification Success Program, paired with our provided prep materials, boot camp sessions, and post-work, is designed to ease any concerns you may have when taking the certification exam. If your first attempt is unsuccessful, this program provides peace of mind that you may be eligible to take the certification exam a second time (if needed) at no additional fee.  

*To qualify for a second certification exam voucher, students must:  

  • Attend at least 85% of each day of class  
  • Score a 90% or higher on their final practice exam  
  • Take the first exam within 90 days of class completion 
  • Upload your exam failure notice from your first exam attempt 

Objectives

What you will learn

  • Information security governance
  • Security metrics and measuring the effectiveness
  • Managing acquisitions, implementations, incidents, and more

How you will benefit

  • Prepare for the CISM examination 
  • Gain in-depth knowledge of industry concepts and best practices
  • Accelerate your career growth by getting an in-demand credential that employers desire 

Requirements

Requirements:

Hardware Requirements:

  • This course can be taken on either a PC, Mac, or Chromebook device.
  • Speakers and a microphone (Built-in or USB plug-in or wireless)
  • Webcam

Software Requirements:

  • PC: Windows 7 or later operating systems.
  • Mac: OS 10.7 or later.
  • Browser: The latest version of Google Chrome or Mozilla Firefox is preferred. Microsoft Edge and Safari are also compatible.
  • Microsoft Word Online
  • Adobe Acrobat Reader
  • Zoom Meetings
  • Software must be installed and fully operational before the course begins.
  • Other: Email capabilities and access to a personal email account.

Instructional Material Requirements:

The student materials required for this course are included in enrollment and available online.

Prerequisites

Prerequisites:

This course is intended for chief information security officers, security systems administrators, information assurance analysts, IT security engineers, senior IT security consultants, senior information security risk officers, or anyone who manages or oversees security strategies.

Certification Requirements:

To meet the CISM requirements, you will need the following:  

  • Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten years preceding the application date for certification or within five years from the date of initially passing the exam.

Curriculum

  1. Information Security Governance
    1. Information security concepts
    2. Relationship between information security and business operations
    3. Techniques used to secure senior management commitment and support of information security management
    4. Methods of integrating information security governance into the overall enterprise governance framework
    5. Practices associated with an overall policy directive that captures senior management
    6. Level direction and expectations for information security in laying the foundation for information security management within an organization
    7. An information security steering group function
    8. Information security management roles, responsibilities and organizational structure
    9. Areas of governance (e.g., risk management, data classification management, network security, system access)
    10. Centralized and decentralized approaches to coordinating information security
    11. Legal and regulatory issues associated with internet businesses, global transmissions and transborder data flows (e.g., privacy, tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security)
    12. Common insurance policies and imposed conditions (e.g., crime or fidelity insurance, business interruption)
    13. Requirements for the content and retention of business records and compliance
    14. Process for linking policies to enterprise business objectives
    15. Function and content of essential elements of CISM details
    16. Techniques for developing an information security process improvement model for sustainable and repeatable information security policies and procedures
    17. Information security process improvement and its relationship to traditional process management, security architecture development and modeling, and security infrastructure
    18. Generally accepted international standards for information security management and related process improvement models
    19. The key components of cost benefit analysis and enterprise transformation/ migration plans (e.g., architectural alignment, organizational positioning, change management, benchmarking, market/competitive analysis)
    20. Methodology for business case development and computing enterprise value propositions
  2. Risk Management
    1. Information resources used in support of business processes
    2. Information resource valuation methodologies
    3. Information classification
    4. The principles of development of baselines and their relationship to risk-based assessments of control requirements
    5. Life-cycle-based risk management principles and practices
    6. Threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources
    7. Quantitative and qualitative methods used to determine sensitivity and criticality of information resources and the impact of adverse events
    8. Use of gap analysis to assess generally accepted standards of good practice for information security management against current state
    9. Recovery time objectives (RTO) for information resources and how to determine RTO
    10. RTO and how it relates to business continuity and contingency planning objectives and processes
    11. Risk mitigation strategies used in defining security requirements for information resources supporting business applications
    12. Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
    13. Managing and reporting status of identified risks
  3. Information Security Program Development & Management
    1. Methods to develop an implementation plan that meets security requirements identified in risk analyses
    2. Project management methods and techniques
    3. The components of an information security governance framework for integrating security principles, practices, management and awareness into all aspects and all levels of the enterprise
    4. Security baselines and configuration management in the design and management of business applications and the infrastructure
    5. Information security architectures (e.g., single sign-on, rules-based as opposed to list-based system access control for systems, limited points of systems administration)
    6. Information security technologies (e.g., cryptographic techniques and digital signatures, enabling management to select appropriate controls)
    7. Security procedures and guidelines for business processes and infrastructure activities
    8. Systems development life cycle methodologies (e.g., traditional SDLC, prototyping)
    9. Planning, conducting, reporting and follow-up of security testing
    10. Assessing and authorizing the compliance of business applications and infrastructure to the enterprise’s information security governance framework
    11. Types, benefits and costs of physical, administrative and technical controls
    12. Planning, designing, developing, testing and implementing information security requirements into an enterprise’s business processes
    13. Security metrics design, development, and implementation
    14. Acquisition management methods and techniques (e.g., evaluation of vendor service level agreements, preparation of contracts)
    15. How to interpret information security policies into operational use
    16. Information security administration process and procedures
    17. Methods for managing the implementation of the enterprise’s information security program through third parties, including trading partners and security services providers
    18. Continuous monitoring of security activities in the enterprise’s infrastructure and business applications
    19. Methods used to manage success/failure in information security investments through data collection and periodic review of key performance indicators
    20. Change and configuration management activities
    21. Information security management due diligence activities and reviews of the infrastructure
    22. Liaison activities with internal/external assurance providers performing information security reviews
    23. Due diligence activities, reviews and related standards for managing and controlling access to information resources
    24. External vulnerability reporting sources, which provide information that may require changes to the information security in applications and infrastructure
    25. Events affecting security baselines that may require risk reassessments and changes to information security requirements in security plans, test plans and reperformance
    26. Information security problem management practices
    27. Information security manager facilitative roles as change agents, educators and consultants
    28. Ways in which cultural and socially acceptable differences affect the behavior of staff
    29. Activities that can change cultural and socially acceptable behavior of staff
    30. Methods and techniques for security awareness training and education
  4. Information Security Incident Management
    1. Components of an incident response capability
    2. Information security emergency management practices (e.g., production change control activities, development of computer emergency response team)
    3. Disaster recovery planning and business recovery processes
    4. Disaster recovery testing for infrastructure and critical business applications
    5. Escalation processes for effective security management
    6. Intrusion detection policies and processes
    7. Help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks
    8. Notification process in managing security incidents and recovery (e.g., automated notice and recovery mechanisms in response to virus alerts in a real-time fashion)
    9. Requirements for collecting and presenting evidence: rules for evidence, admissibility of evidence, quality and completeness of evidence
    10. Post-incident reviews and follow-up procedures

Instructor

Boot camps are led by instructors that have years of industry experience and are recognized as subject matter experts.

FAQs

What is CISM?

The Certified Information Security Manager (CISM) certification validates your expertise in information security governance, program development and management, incident management, and risk management. It is designed for professionals with technical expertise and experience in IS/IT security who want to move from an integral team player up to manager. The CISM certification will help you gain credibility and will add confidence to your interactions with stakeholders, regulators, and peers.

What is the salary of a CISM?

The average certified professional CISM salary ranges from $52,402 to $243,610. Entry-level positions will garner a salary at the lower end of the spectrum. In contrast, candidates who have successfully handled complex projects and are placed at a senior level can expect a significantly higher five or six-figure salary. According to PayScale, the average information systems security manager's salary is $126,525. However, your relevant work experience and the nature of the IT security projects you have worked on will also influence your compensation regardless of your job title.

Does this course prepare for a certification?

Yes, you will be prepared for the ISACA CISM – Certified Information Security Manager exam. To sit for the exam, you will need to meet the following requirements:

  • Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten years preceding the application date for certification or within five years from the date of initially passing the exam.  

When can I start this course?

You can register for the boot camp whenever you are ready. Our team will help you select the session that will best fit you.

Can I register for courses if I am an international student?

Yes, ed2go courses are completely online. However, keep in mind that not all certifying bodies or industry-specific certifications are recognized internationally. Please review your country’s regulations prior to enrolling in courses that prepare for certification.

How long does it take to complete this course?

The boot camp is 5 days in length. You will have 12 months from the completion of the boot camp to access all boot camp materials.

What kind of support will I receive?

The boot camp instructor will be available during the session to answer any questions. You will also have access to the Infosec Skills platform where you will be able to create support requests, as needed.

What happens when I complete the course?

Upon successful completion of your boot camp session, you will be awarded a certificate of completion from Infosec and the school or organization that you registered through.

Am I guaranteed a job?

ed2go courses will help you gain the skills and knowledge you need to take the next step in your career and stand out to potential employers. However, you should always research the job market in your area before enrolling. 

Can I get financial assistance?

ed2go courses are non-credit, so they do not qualify for federal aid, FAFSA, and Pell Grant. In some states, vocational rehab or workforce development boards may provide funding to take our courses. Additionally, you may qualify for financial assistance if you meet certain requirements. Learn more about financial assistance.

How can I get more information about this course?

If you have questions that are not answered on our website, representatives are available via LIVE chat. You can also call us at 1-877-221-5151 during regular business hours to have your questions promptly answered. If you are visiting us during non-business hours, please send us a question using the “Contact Us.”

Registration Information

In partnership with Ed2Go, MSU Center for Continuing Education offers a wide range of advanced career training programs where students can interact and learn with their peers while connecting with expert instructors who will answer their questions and provide valuable, timely feedback. Students who complete advanced training programs will receive a certificate of completion from MSU Center for Continuing Education. Click the button below to be redirected to our Ed2Go partner webpage, and complete your registration today!