Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

CISM® Certified Information Security Manager

The CISM® (Certified Information Security Manager) certification is the primary certification for information security professionals who oversee, manage, design and/or assess an enterprise's information security.

A One-of-a-Kind Credential

The management-focused CISM is a unique certification for individuals who design, build and manage enterprise information security programs. The CISM certification promotes international practices and individuals earning the CISM become part of an elite peer network, attaining a one-of-a-kind credential.

In comparison to other certifications, CISM covers a wide body of knowledge and is recommended by the sponsoring organization, ISACA, that those sitting for the CISM certification attend a CISM training session.

For those subject to DoD 8570.01-M "Information Assurance Workforce Improvement Program," ISACA's Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications are among those approved for DoD information assurance (IA) professionals.

Security University's offers an intensive5 day boot camp CISM reviewfor those wishing to prepare for the CISM exam.Our bootcamp is specifically designed to cover the new material that is on the 2010 exams. Each student progresses through a number of skill checks to ensure knowledge is retained. The CISM instructors are certified with the CISM designation, and serve on local ISACA boards.

Worldwide Recognition

Although certification may not be mandatory for you at this time, a growing number of organizations are recommending that employees become certified. To help ensure success in the global marketplace, it is vital to select a certification program based on universally accepted technical practices.

Exam Registration

The CISM exam is offered annually during the months of June and December. register online

How to Earn Your CISM

To learn more about obtaining your CISM, click on the steps below.

Exam Registration Fees

Member Non-Member
Early registration received on or before  17 August US $425 US $565
Final registrations received by  5 October US $475 US $615


*Register Online and save US $50 off the Mail/Fax rate! The online registration process will enable you to register for an exam, and purchase study aids and an ISACA membership, which will immediately provide significant exam-related discounts. The final step of the process will enable you to pay online using a credit card, or indicate that payment will follow by check or wire.

Note: Registration form and payment must be received on or before  17 August 2011 to qualify for the early registration rate.

Security University's CISM course...

Class Price: $1,995
Time: 9am - 5pm
Location: May 9-13 check schedule
Prerequisites: none
CPE Credits: 72 CPE's
Instructor: Mr. Ken Cutler

Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

This 5-day course is structured to follow the CISM review manual and examination flow. A full day is provided for each of the core competencies and associated task and knowledge statements, thereby ensuring a detailed and thorough coverage of all areas that will be tested The fundamental thrust of examination is on understanding the concepts and critical thinking, not on memorizing facts. As a result, the course will be presented in an interactive manner to ensure the underlying concepts are understood and examination questions can be analyzed properly to achieve the best answer.

1 Information Security Governance & Strategy

Information Security Governance Overview
Effective Information Security Governance
Information Security Concepts
Information Security Manager
Scope and Charter of IS Governance
Information Security Governance Metrics
Information Security Strategy Overview
Developing an Information Security Strategy
Information Security Strategy Objectives
Determining Current State of Security
Information Security Strategy
Strategy Resources
Strategy Constraints
Action Plan for Strategy
Implementing Security Governance
Action Plan Intermediate Goals

2 Risk Management

Risk Management Overview
Risk Management Strategy
Effective IS Risk Management
IS Risk Management Concepts
Implementing Risk Management
Risk Assessment and Analysis Methodologies
Risk Assessment
Controls and Countermeasures
Information Resource Valuation
Recovery Time Objectives
Integration With Life Cycle Processes
Security Control Baselines
Risk Monitoring and Communication
Training and Awareness

3 Information Security Program Development

IS Program Development Overview
Effective IS Program Development
IS Program Development Concepts
Information Security Manager
Scope and Charter of IS Program Development
IS Program Development Objectives
Defining an IS Program Development Road Map

IS Program Resources
Implementing an IS Program
Information Infrastructure and Architecture
Physical and Environmental Controls
IS Program Integration
IS Program Development Metric

4 Information Security Program Management

IS Management Overview
Organizational Roles and Responsibilities
The IS Management Framework
Measuring IS Management Performance
Common IS Management Challenges
Determining the State of IS Management
IS Management Resources
Other IS Management Considerations
Implementing IS Management

5 Incident Management and Response

Incident Management and Response Overview
Incident Management Concepts
Scope and Charter of Incident Management
Information Security Manager
Incident Management Objectives
Incident Management Metrics and Indicators
Defining Incident Management Procedures
Incident Management Resources
Current State of Incident Response Capability
Developing an Incident Response Plan
Developing Response and Recovery Plans
Testing Response and Recovery Plans
Executing Response and Recovery Plans
Post event Reviews

Review Questions, Review of Practice Questions,Reference Materials and Glossary.

Requirements to Become a Certified Information Security Manager
To become a Certified Information Security Manager (CISM), an applicant must:

  1. Score a passing grade on the CISM exam. A passing score on the CISM exam, without completing the required work experience as outlined below, will only be valid for five years. If the applicant does not meet the CISM certification requirements within the five year period, the passing score will be voided.
  2. Submit payment for the CISM application processing fee of US $50 onine at . (For applications submitted after 1 June 2012.)
  3. Submit verified evidence of five (5) years of work experience in the field of information security. Three (3) of the five (5) years of work experience must be gained performing the role of an information security manager. In addition, this work experience must be broad and gained in three of the four job practice areas (see Verification of Work Experience form). The management portion of this experience must be earned while in an information security management position with responsibility for information security management programs or processes, or while working as an information security management consultant (where the CISM candidate has been actively engaged in the development and/or management of information security programs or processes for the client organization(s). Please note that in most cases work performed while in an IT audit or similar assurance role outside of the information security function cannot be considered as security management experience. Work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of initially passing the exam.

    Substitutions for work performed in the role of an information security manager are not allowed. However, a maximum of two (2) years for general work experience in the field of information security may be substituted as follows:
    • Two years of general work experience may be substituted for currently holding one of the following broad security-related certifications or a post-graduate degree:
        – Certified Information Systems Auditor (CISA) in good standing or
         – Certified Information Systems Security Professional (CISSP) in good standing or
         – Post-graduate degree in information security or a related field (for example: business administration, information systems, information assurance)

    • A maximum of one year of general information security work experience may be substituted for one of the following:
        – One full year of information systems management experience or
        – One full year of general security management experience
        – Currently holding a skill-based or general security certification [(e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security+ CE , Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager].

    For example, an applicant holding either a CISA or CISSP will qualify for two years of general information security experience substitution. However, the applicant also must possess a minimum of three years information security management work experience in three of the four job practice areas.

        – Completion of an information security management program at an institution aligned with the Model Curriculum.
    Exception: Two years as a full-time university instructor teaching the management of information security can be substituted for every one year of information security management experience.
  4. Agree to abide by the ISACA Code of Professional Ethics.
  5. Agree to abide by the CISM Continuing Education Policy which can be viewed at

Instructions for Completing the Application

2. What is the date of the next CISM exam? .

3. When does registration begin for the next exam? You can register for the exam at .

4. What is the registration deadline of the next exam and what are the fees?

Please visit for more details, including fees. Candidates can save US $50 on the exam registration fee by registering online .

5. Can I take the CISA, CISM, CGEIT and CRISC exams on the same day?

The CISA, CISM, CGEIT and CRISC exams are given simultaneously in a 4 hour time frame. It is not possible to take multiple exams on the same day .

6. Can I change my exam site or language?

Yes, changes to the exam site, language, exam type or name changes are permitted u

For name, exam site, language or exam type changes, please send an email to . These changes do not include deferrals .

7. Can I defer my exam?

Candidates unable to take the exam can request a deferral of their registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit