The ISACA  Certified Information Security Manager® (CISM) is one of the most important and prestigious InfoSec qualifications in the world today.

CISM defines the core competencies and international standards of performance that information security managers are expected to master. It provides executive management with the assurance that those who have earned their CISM have the experience and knowledge to offer effective security management and advice.

This 5-day course provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information security manager. In the process the course provides outstanding preparation for the CISM exam.

FORMAT: Classroom, Instructor-led, 5 days.

Learning outcomes

This course has been independently commissioned with two objectives:

  • To provide an environment in which security professionals can acquire, thoroughly and properly, the skills and knowledge expected of a world class information security manager. Whether or not you intend to sit for the CISM exam, this course is a powerful way to equip yourself with the knowledge of the five core competencies that define the successful information security manager.
  • To maximise your prospects at the CISM exam if you choose to sit it.

Who should attend

The CISM designation is for Information Security professionals who have 3-5 years of front-line experience with the security of information. This credential is geared towards Information Security managers and those who have information security management responsibilities.

Course contents

This 5-day course is structured to follow the four Job Practice Areas as set out in the current CISM Review Manual. The course comprehensively covers each of the core competencies and associated task and knowledge statements, thereby ensuring thorough preparation for the CISM exam. The fundamental thrust of the examination is on understanding the concepts, not on memorising facts.  As a result, the course will be presented in an interactive manner to ensure the underlying concepts are understood and examination questions can be analysed properly to achieve the correct answer.

1. Information Security Governance and Strategy
  • Effective Information Security Governance
  • Key Information Security Concepts and Issues
  • The IS Manager
  • Scope and Charter of Information Security Governance
  • IS Governance Metrics
  • Developing an IS Strategy – Common Pitfalls
  • IS Strategy Objectives
  • Determining Current State of Security
  • Strategy Resources
  • Strategy Constraints
  • Action Plan Immediate Goals
  • Action Plan Intermediate Goals

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary

2. Information Security Risk Management and Compliance
  • Effective Information Security Risk Management
  • Integration into Life Cycle Processes
  • Implementing Risk Management
  • Risk Identification and Analysis Methods
  • Mitigation Strategies and Prioritisation
  • Reporting Changes to Management

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary

3. Information Security Program Development and Management
  • Planning
  • Security Baselines
  • Business Processes
  • Infrastructure
  • Malicious Code (Malware)
  • Life Cycles
  • Impact on End Users
  • Accountability
  • Security Metrics
  • Managing Internal and External Resources

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary

4. Information Security Incident Management
  • Implementing Effective Information Security Management
  • Security Controls and Policies
  • Standards and Procedures
  • Trading Partners and Service Providers
  • Security Metrics and Monitoring
  • The Change Management Process
  • Vulnerability Assessments
  • Due Diligence
  • Resolution of Non-Compliance Issues
  • Culture, Behavior and Security Awareness

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary

Course fees

CISM 5 day course

CISM 5-day course alone$3,450 + gst
CISM exam (optional, see below)$1,050 + gst
CISM course + exam$4,500 + gst

Course fees include:
  • 5 days course presentation in quality CBD hotel
  • ALC comprehensive course workbook
  • Official ISACA CISM Review Manual
  • Official ISACA CISM Review Questions, Answers and Explanations Manual
  • Full catering including sit-down lunch each day

CISM Exam

The CISM exam is set, conducted and marked by ISACA.  It used to be held on the 2nd Saturday in June, September and December. From 2017 onwards there will be no more paper exams.  Instead, all exams will be conduced online via computer-based testing centers around the world.

The good news is that this gives candidates a much greater choice as to timing.  ISACA has advised that: Certification exams will be offered during eight-week testing windows scheduled for 1 May – 30 June, 1 August – 30 September and 1 November – 31 December. 

For more information and to register for an ISACA exam, please refer to the exams page on the ISACA web site: https://www.isaca.org/certification/pages/exam-registration.aspx.

Exam Registration

Normally, those wishing to sit the exam would register directly with ISACA for their exam session of choice and would make payment of the exam fee direct to ISACA.  As a service to our customers, ALC is able to combine the exam fee with the course fee and provide both on the one invoice.

If you wish to take this option please indicate “CISM Course + Exam” in the COMMENTS field when making your online registration. We will contact you with full details of what is involved.

Prerequisites:

Qualifying for CISM requires a combination of four “e’s”: experience, ethics, education and examination. Specifically, the requirements are:

  • Successful completion of the CISM exam
  • Adherence to a code of professional conduct
  • Commitment to continuing professional education
  • Submission of verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice areas. Waivers for general information security work experience are available, if certain education or certification requirements are met

The CISM certification program recognises the achievement of the CISSP credential as a baseline representation that an individual has gained general information security skill and knowledge, just as it does with individuals who have earned a CISA. As such, CISSPs receive a two-year general information security experience waiver. However, CISSPs will not be eligible to earn a CISM unless they have the required experience and can demonstrate proficiency and practical knowledge in the role of an information security manager.

Holders of other, more specialised credentials, such as the SANS Global Information Assurance Certification (GIAC), Microsoft Security Systems Engineer (MCSE), CompTIA Security + Credential and the Disaster Recovery Institute Certified Business Continuity Professional (CBCP) also can receive a one-year general information security experience waiver.

 

Instructor-led classroom training
 
  • Staff have been extremely positive and supportive.
    Principal consultant | OMNI EXECUTIVE
  • Our trainer was excellent. He made it fun and interesting. Plus we all passed. Fantastic. I feel comfortable that my future projects will be very successful. Pace - Spot on.
    IT Professional | Information Technology
  • "The course was excellent. The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "Excellent service provided by ALC customer service. Trainer has exceptionally good training skills and brilliant style of communication. Excellent coach."
    Trainer: Michael Fong Principal  |  Fujitsu Australia Ltd
  • Laurence has incredible subject matter expertise and his person anecdotes added a lot to the learning.
  • Would highly recommend ALC and Laurence for training and obtaining one's certification in Agile PM
    Demi Anderson, Programme Manager
  • Leigh was fantastic. Without doubt the most accurate and interesting presenter by leaps and bounds. Very inspirational.
    System Analyst | Department of Corporate and Information Services
  • "The course was excellent.   The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "In regards to the course, the stakeholder and participants were wrapped. The trainer was attentive and engaged and the material was relevant and professional."
    Kathleen O’Riley Learning and Development Advisor  |  SA Water Corporation Course: Business Relationship Management Professional (BRMP®) Trainer: Darren Dove
  • "Excellent course and while content was quite laborious and intense, Peter's delivery was excellent; particularly the 'war stories' and examples provided."
    Russell Close | Head of IT  |  Bennelong Funds Management
  • Well presented and great depth of knowledge by the trainer. A very professional delivery!
  • Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.
  • Very quick response from Customer service upon enquiry.
  • I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.
    Service Assurance Release Manager | Westpac Banking Corporation
  • Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as atop level training services provider.
    Operations Transition Manager |  Motorola Solutions Australia Pty Ltd
  • The trainer was a great facilitator - lots of real life examples and I felt very prepared for the exam.
    Help Desk Team Leader | Bank SA
  • "Very good training session.  Trainer used multiple examples of non-IT situations to cover various aspects of what was being taught which made it not only easier to understand but also interesting."
    Senior Applications Specialist | Fairfax Media
  • The instructor was clearly knowledgeable, good-humoured and enthusiastic. I did not see anyone fall asleep. Given the notoriety of this course, I sincerely feel that that was a major "achievement".I do feel that I have greatly expanded my knowledge and that I will be more productive at work - The Hallmark of a successful course in my opinion. I would recommend ALC to others. Thank you and well done!
  • Peter’s real world samples went a long was in understanding the content.Waleed Al-Atm – Dept. Justice & Regulation
  • Excellent course that was very well presented and benefited immensely from Darren's practical experience in Service

    Management. Thanks Darren!

    National IT Manager | Information Technology

  • Excellent course and while content was quite laborious and intense, Peter’s delivery was excellent; particularly the ‘war stories’ and examples provided.
  • Michelle Zgalin displays an extremely thorough knowledge of the course content. Pace of the course tailored to suit participants. Presentation of content very good. Ability to deliver large amounts of content was impressive. :)
    PRINCE2 Melbourne Senior Business Analyst | VMIA | Risk Management & Insurance
  • A brilliant trainer, she really knows her stuff and manages to get the most out of us, it was almost like a continuation from Foundation.  I felt like I hadn't left.
    Executive Assistant | Guild Group Holdings Limited
  • Very worthwhile course - learned a lot! Intense, but very well structured. Great Trainer:)."
    Business Analyst | VMIA | Risk Management & Insurance
  • The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with  me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity
    Service Delivery Manager | NEC Australia Pty Ltd
  • Great Job, one of the best trainers I have had.  Could not have asked for more.
    ISG | University of New England
  • Really well structured course, very qualified presenter, engaging presentation style, high quality course materials.  Relevant and useful information discussed with a good balance of theory vs "Real World" examples. I thoroughly enjoyed this course, would highly recommend to others.
    Samantha, Program Coordinator, Transport NSW
  • "Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge."
    Manager, IT Risk & Assurance | Ernst & Young
  • "David's vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses."
    Information Security Consultant  | Westpac
  • "Thanks David for making this course enjoyable and knowledgeable.  Your experience and insights have been very valuable."
    Security Solutions Designer | Westpac
  • We’ve been training and presentation since 1994. See what just some of our successful delegates have to say about getting certified with ALC Training.“David’s vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses.”
    Information Security Consultant | Westpac
  • “Neil was very good in sharing his knowledge using relevant examples.”
    IT Support Officer | Cricket Australia
  • “Good understanding of ITIL Foundations. Neil is a great presenter with excellent people skills & real world experiences.”
    State ICT Manager | Hassell
  • “Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as a top level training services provider.”
    Operations Transitions Manager Motorola Solutions Australlia Pty Ltd
  • “I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.”
    Service Assurance Release Manager | Westpac Banking Corporation
  • “Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge.”
    Manager, IT Risk & Assurance | Ernst & Young
  • “Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.”
    Manager | ANZ Banking Group
  • “Extremely good – presenter’s experience and depth of knowledge very visible. The trainer was excellent! Good examples, good discussions.”
    Project Manager | Shell Company of Australia Limited Melbourne
  • “The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity.”
    Service Delivery Manager | NEC Australia Pty Ltd
  • “I would be happy to recommend Axel to all those looking at a TOGAF training course. His subject matter expertise in TOGAF and his ability to relate to real world examples and experience was fundamental in helping me passing my exam.”
    Daniel Garcia, IT Architect, Strategy and PMO Manager | ANSTO