Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
CISM Certification Boot Camp
Infosec's Certified Information Security Manager (CISM) Boot Camp is a five-day training focused on preparing you for the ISACA CISM exam. You'll leave with the knowledge and domain expertise needed to pass the CISM exam the first time you take it.
This CISM Boot Camp is designed for experienced information security managers and other professionals who manage, design, oversee or assess an enterprise's information security. The training prepares you for the CISM examination by testing your knowledge and your ability to apply it to real-world scenarios. You will gain in-depth knowledge of security governance, risk management, security program development and management, and security incident management. The boot camp has been updated to align with the new CISM job practice areas and is designed to fully prepare you to pass the challenging CISM exam.
Course Overview
To become a CISM, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.
Learning Objectives
The CISM certification promotes international practices and validates your knowledge and experience around effective security management and consulting. The four CISM domains include:
- Security governance: To effectively address the challenges of protecting an organization's assets, senior management must define the desired outcomes of the information security program.
- Risk management: Asset classification and valuation is an essential part of an effective risk management program, the greater the value, the greater the impact, the greater the risk.
- Information security program development and management: The purpose of this area is to implement management's governance strategy, the due diligence, and due care of protecting the corporation's assets.
- Information security incident management: This area focuses on effectively managing unexpected (and expected) events, which may or may not be disruptive, and can be summed up in five words: identify, protect, detect, respond and recover.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Work Roles
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.