CISM Exam Boot Camp | CISM Training Course | Cprime Learning








CISM Exam Boot Camp

Prepare for the CISM exam with an intensive boot camp, gaining the knowledge and skills needed for certification success.


Designed to be the clearest-cut path to obtaining the prestigious CISM certification; this three-day CISM Exam Preparation course offers a comprehensive review of the ISACA CISM topic areas without a lot of "off-topic" discussions.

The course specifically covers the task statements and knowledge statements contained within the four major content areas of CISM including:

  • Information Security Governance (24%)
  • Information Risk Management and Compliance (33%)
  • Information Security Program Development and Management (25%)
  • Information Security Incident Management (18%)

After completion of this preparation course, you will be ready to take the internationally-acclaimed CISM certification exam. When it comes to information security, a single differentiator can be all that stands between a multimillion-dollar contract or a promotion. ISACA's Certified Information Security Manager (CISM) certification is that differentiator. CISM is recognized around the world as the leading certification for enterprise security management. CISM certified individuals are part of an elite group of professionals who have demonstrated a mastery of the concepts and skills of information security, have the experience to back up the knowledge and are dedicated to continually learning and staying current within the information security field.

This is a preparation course designed to supply the necessary skills to successfully obtain your CISM certification. The exam and ISACA membership are not included in the price of this course. Please follow this link to register and schedule your exam.

Code of Professional Ethics,Exam,Experience

*Relevant certifications may reduce experience requirement

*Relevant education may reduce experience requirement

Minimum 5 years of information security experience, with at least three years in three or more of the job practice analysis areas (

ISACA may allow substitutions for experience to candidates with relevant certifications or education

Agree to Code of Professional Ethics (

Reserve Your Seat
$1595 (USD)
3 days/24 hours of instruction
Group (3+): $1495 USD
GSA: $1485 USD
Education Credits:
21 PDUs
2 Strategy PDUs
19 Technical PDUs
21 PDUs

Next Upcoming Course

Live Online

Jul 22nd - 23rd, 2024
9:00 AM - 5:00 PM ET
form pictures
private group

Train up your teams with private group training

Have a group of 5 or more students? Cprime also provides specialist private training with exclusive discounts for tailored, high-impact learning.

Contact Us

CISM Exam Boot Camp Schedule

Reserve your seat

Live Online

Jul 22nd - 23rd, 2024
9:00 AM - 5:00 PM ET

Live Online

Nov 7th - 8th, 2024
10:00 AM - 6:00 PM ET

Full Course Details

Part 1: About CISM

  1. Requirements for certification
    • Experience
    • Passing the exam
    • The ISACA Code of Ethics
    • Maintaining certification

Part 2: Information Security Governance

  1. Overview
    • Information is a valuable resource in all of its formats
    • Not just IT related
    • We need to converge information security into the business
  2. Effective information security governance
    • Business drivers
    • Business support
    • Provide assurance to management
  3. Risk objectives
    • Operational risk management
    • We must be able to meet our desired state
  4. Build an information security strategy
    • Business model for information security (BMIS)
    • Strategy
  5. Controls
    • Types of controls
    • IT controls
    • Non-IT controls
    • Countermeasures
    • Example defense in depth
  6. Provide assurance to management
    • ISO 27001
    • Security Metrics
  7. Extend security knowledge to everyone
    • Awareness
    • Training
    • Education
  8. Action plan to implement strategy
    • Projects
    • Gap analysis
    • Critical success factors

Part 3: Information Risk Management & Compliance

  1. Overview
  2. Information classification
    • Why should information be classified
    • Developing the program
    • Ownership
    • Responsibilities
  3. Methods to evaluate impact of adverse events
    • Business impact analysis
  4. Legal and regulatory requirements
  5. Emerging threats and vulnerabilities
    • Sources of information
  6. Risk management
    • Elements of risk
    • Risk assessment
    • Prioritizing risk
    • Reporting risk
    • Monitoring Risk
    • Risk handling
    • Control baseline modeling
    • Controls
    • Gap analysis
    • Integrate risk management into business and IT processes
    • Compliance
  7. Re-assessing risk and changing security program elements
    • Risk management is a cyclic process
    • Triggers to re-assess

Part 4: Information Security Program Development & Management

  1. Overview
  2. Align information security program to business function
  3. Resource requirements definition
    • Internal
    • External
    • Identify, acquire and manage
  4. Emerging trends in information security
    • Cloud computing
    • Mobile computing
  5. Security control design
  6. Security architectures
    • BSIM
  7. Methods to develop
    • Standards
    • Procedures
    • Guidelines
  8. Methods to implement and communicate
    • Policies
    • Standards
    • Procedures
    • Guidelines
  9. Security awareness and training
    • Methods to establish
    • Methods to maintain
  10. Methods to integrate security requirements into organizational processes
  11. Methods to incorporate security requirements
    • Contracts
    • 3rd party management processes
  12. Security metrics
    • Design
    • Implement
    • Report
  13. Testing security controls
    • Effectiveness
    • Applicability

Part 5: Information Security Incident Management

  1. Overview
  2. Definition
    • Distinction between IR, BCP and DRP
    • Senior management commitment
    • Policy
    • Personnel
  3. Objectives
    • Intended outcomes
    • Incident management
    • Incident handling
    • Incident response
    • Incident systems and tools
  4. What technologies must an IRT know?
    • Vulnerabilities/Weaknesses
    • Networking
    • Operating systems
    • Malicious software
    • Programming languages
  5. Defining incident management procedures
    • Plan for management
  6. Current state of incident response plan
    • Gap analysis
  7. Develop a plan
    • Plan elements
    • Notification process
    • Escalation process
    • Helpdesk process for identifying incidents
    • Response teams
  8. Challenges in developing a plan
  9. BCP/DRP
    • Recovery operations
    • Recovery strategies
    • Recovery sites
    • Basis for recovery site selection
    • Notification requirements
    • Supplies
    • Communication structure
    • Testing the plan
    • Recovery test metrics
    • Test results
    • Post-incident activities and investigations

The following professionals should attend this CISM training course: 

  • Information security managers
  • Information security practitioners
  • Security auditors
  • Security consultants
  • Chief Information Security Officers (CISOs)
  • Chief Security Officers (CSOs)
  • Privacy officers
  • Security administrators
  • IT managers
  • Individuals pursuing CISM® Certification

  • Master the CISM exam content areas
  • Get CISM test-taking skills from our experts
  • Learn to align security to your business processes
  • Gain In-depth coverage on Information Security Governance, Information Risk Management & Compliance, Information Security Program Development & Management, and Information Security Incident Management

150 multiple-choice questions over 4 hours proctored at PSI testing facility

Request Private Group Training