Start with 7 free days of training.

Gain instant access to our entire IT training library, free for your first week.
Train anytime on your desktop, tablet, or mobile devices.

Certified Information Security Manager

This course will be retired in 219 days. If you have questions, please contact us.

As a Certified Information Security Manager (CISM), you are responsible for ensuring that your organization is prepared to deal with all forms of attacks and malicious attempts to access the company’s information systems....
As a Certified Information Security Manager (CISM), you are responsible for ensuring that your organization is prepared to deal with all forms of attacks and malicious attempts to access the company’s information systems.

CISM means higher earning potential and career advancement. Recent independent studies consistently rank CISM as one of the highest paying and sought after IT certifications

Recommended Experience
  • Familiarity with IT operations
  • Familiarity with IT development lifecycles and project management
  • Awareness of information security processes
  • Middle-level management experience
Recommended Equipment
  • No special equipment or software needed
Related Certifications
  • Certified Information Security Manager (CISM)

Related Job Functions
  • Operations management
  • Development management
  • Security management
  • Project management
  • Auditor
Steve Caseley has been a CBT Nuggets trainer since 2004 and holds a variety of PMI certifications, including PMI-PMP, PMI-ACP, and PMI-SP.
 show less
1. CISM Overview (6 min)
2. Information Security Governance (9 min)
3. Security Strategy (6 min)
4. Alignment to Business Goals (4 min)
5. Governance Framework (6 min)
6. Information Security Governance (4 min)
7. Integrated Governance (6 min)
8. Industry Standards (9 min)
9. Develop Security Policies (8 min)
10. Business Case Development (4 min)
11. Security Budget (4 min)
12. Security Influencers (9 min)
13. Obtain Management Commitment (4 min)
14. Security Management Roles (6 min)
15. Organizational Structures (6 min)
16. Effective Communication (4 min)
17. Security Metrics (6 min)
18. Risk Management and Compliance (7 min)
19. Information Classification (7 min)
20. Responsibility Assignment (3 min)
21. Evaluate Risk Impacts (6 min)
22. Asset Validation Methods (7 min)
23. Legal and Regulatory Requirements (7 min)
24. Sources for Identifying Emerging Threats (6 min)
25. When is it time to Reassess (4 min)
26. Threat Knowledge (9 min)
27. Risk Assessment and Analysis Methodologies (11 min)
28. Risk Prioritization (10 min)
29. Risk Reporting (6 min)
30. Monitoring Risk (5 min)
31. Risk Treatment Strategies (5 min)
32. Risk Baselines (7 min)
33. Monitoring Security Controls (4 min)
34. Gap Analysis (7 min)
35. Risk Integration (5 min)
36. Compliance Reporting (3 min)
37. Cost Benefit Analysis (10 min)
38. Information Security Program Development and Management (6 min)
39. Alignment with the Business (5 min)
40. Acquire and Deploy Security Resources (6 min)
41. Security Technologies (5 min)
42. Security Control Design (13 min)
43. Security Architecture (5 min)
44. Standards and Procedures Development (9 min)
45. Security Implementation (7 min)
46. Awareness and Training (5 min)
47. Process Integration (5 min)
48. Contracts and Third Party Security (5 min)
49. Security Metrics (9 min)
50. Effectiveness and Applicability Testing (5 min)
51. Security Incident Management (8 min)
52. Incident Response Plan (5 min)
53. Incident Management Concepts and Practices (3 min)
54. Integration with DR and BCP (7 min)
55. Incident Classification Methods (4 min)
56. Damage Containment (5 min)
57. Notification and Escalation (4 min)
58. Roles and Responsibilities (6 min)
59. Incident Response Tools and Equipment (4 min)
60. Preserving Evidence (10 min)
61. Incident Response Reporting and Procedures (5 min)
62. Root Cause Analysis (4 min)
63. Business Impact Analysis (5 min)
64. Incident Management System (6 min)
65. Incident Resource Management (3 min)
66. Passing the Exam (5 min)

CISM Overview


Hi, I'm Steve Caseley from CBT Nuggets. And welcome to this exciting Nugget series on the CISM-- the certified information security manager for my ISACA. That all important certification that you want to get so you can tell the boss and put it on your resume so the world knows that you've proven yourself, and you have the credentials around being a bona fide information security manager.


And I expect you probably are already pretty strong in the knowledge of what the specific qualifications are for your CISM. Before you've signed up for this Nugget series, you probably have a pretty good understanding of whether or not you're going to be eligible to take this exam.


So I'm going to breeze through this at a fairly rapid pace. But if you haven't already done it, you do need to have five years of direct experience in information security management. This is not ground level, hands-on doing information security. This is actually in information security management.


Now, the good news is ISACA will let you wave up to two years. Now, they don't explicitly call out what the quals are for the two years of wavering. So I expect there's a couple of hoops you would have to pass through to get that. But I would say if you have some really good, solid years of the ground level experience doing information security-- at least three years of direct information security management.


And with that, you will need the basic qualifications as defined by ISACA. There's certainly knowledge components above and beyond that, so you need lots and lots of practical experience. But I'm guessing you probably have that because you've already got your five years.


So I'm not overly concerned about that. There's a significant amount of theory required to pass this CISM exam. The good news is this Nugget series is full of that specific security theory. And I would also recommend that you do purchase the CISM manual.


It runs about $125 US, if I remember correctly. And it is, I would suggest, a good backup support to this Nugget series itself. But really, in and of itself, if you've got the five years, all of that practical experience, and you've been able to digest and understand everything in this Nugget series, I think you're probably in good shape.


If going through this Nugget series, you see there's little bits and pieces that-- oh, I'm not quite as strong in X as I feel I should be. The good news is there's tons and tons of awesome material out there from the other Nugget trainers. We have James Conrad with his ethical hacking.


We have Keith and Jeremy, who've got bags and bags of Nuggets out there in terms of network security. And lots and lots of other really qualified support out there to help you shore up the theory aspects, where you just want to touch up in a specific segment.


So I know your itching to get into all of that theory. So again, I'm going to go through this at a fairly high level. Lots of good material out there from ISACA if you want a little bit more material. But let's get you here in the center and focus on you.


And what will ISACA expect you to know in terms of the exam? The first area is in information security governance. And that is going to cover 24%-- just about one fourth of all of the questions are going to come from information security governance. And this is absolutely the foundational material around the exam.


This is truly the theory of what ISACA is expecting you to know for your CISM exam. Next is information risk management and compliance. And this is the meaty one. This is 33% of all of your exam questions are going to come from information risk management-- and I think rightly so.


Information security management is all about protecting your organization from all the evil, bad things i.e. the risks that are out there. So in this domain, we're going to have lots and lots of Nuggets to cover everything related to identifying risks, putting strategies in place to make sure you're dealing with the important risk, developing proactive plans to eliminate these risks before they happen.


And then finally when the risks actually do happen, and the evil, bad guys get into our organization, how we're going to deal with all of that. Our next domain is the information security program development and management. So we have the theory-- we understand where the evil, bad guys are going to come and get us.


Now, we're going to put it into play. And this is going to cover exactly 25%. So one fourth of your entire exam is going to come from this domain. And this is, I describe it as the rubber hitting the road. This is where we're going to implement all of this theory and we're going to make sure that we prevent the risks as much as possible.


There's no such thing as we're ever going to be 100% secure in today's information technology world, but it's going to make the organization as secure as possible. And then finally, our last domain is on information security incident management. And this is the lightest of all of the exam areas.


And this is only 18%. This is OK-- we did everything possible, the inevitable happened. And some evil, bad guy found a way to break into our system. So how are we going to deal with it? Are we going to scream and yell and shout, and say, oh, no? Or are we going to have a premeditated action plan in place?


We're going to be appropriate risk response teams in place with all of the tools that we need. And we're going to shut it down as quickly as we can and then repair the damage and get the business up and running. So that's it-- four knowledge areas, the distribution of the questions across.


Obviously if you've got to focus on one, it's going to be on the information risk management, because there's going to be more questions. But generally speaking, everything is pretty even so there is no one core area to focus on. Now, let's roll up our sleeves and let's get into this CISM exam.


I hope this Nugget has been informative for you. And I thank you very much for viewing.

Information Security Governance

Security Strategy

Alignment to Business Goals

Governance Framework

Information Security Governance

Integrated Governance

Industry Standards

Develop Security Policies

Business Case Development

Security Budget

Security Influencers

Obtain Management Commitment

Security Management Roles

Organizational Structures

Effective Communication

Security Metrics

Risk Management and Compliance

Information Classification

Responsibility Assignment

Evaluate Risk Impacts

Asset Validation Methods

Legal and Regulatory Requirements

Sources for Identifying Emerging Threats

When is it time to Reassess

Threat Knowledge

Risk Assessment and Analysis Methodologies

Risk Prioritization

Risk Reporting

Monitoring Risk

Risk Treatment Strategies

Risk Baselines

Monitoring Security Controls

Gap Analysis

Risk Integration

Compliance Reporting

Cost Benefit Analysis

Information Security Program Development and Management

Alignment with the Business

Acquire and Deploy Security Resources

Security Technologies

Security Control Design

Security Architecture

Standards and Procedures Development

Security Implementation

Awareness and Training

Process Integration

Contracts and Third Party Security

Security Metrics

Effectiveness and Applicability Testing

Security Incident Management

Incident Response Plan

Incident Management Concepts and Practices

Integration with DR and BCP

Incident Classification Methods

Damage Containment

Notification and Escalation

Roles and Responsibilities

Incident Response Tools and Equipment

Preserving Evidence

Incident Response Reporting and Procedures

Root Cause Analysis

Business Impact Analysis

Incident Management System

Incident Resource Management

Passing the Exam

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 7 hrs 66 videos


Training Features

Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Our iOS and Android mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Develop and maintain a study plan with one-to-one assistance from coaches.

Supplemental Files
Files/materials that supplement the video training.

Speed Control
Play videos at a faster or slower pace.

Included in this course
Pick up where you left off watching a video.

Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Follow what the trainers are saying with ease.
Steve Caseley
Nugget trainer since 2004