CISM® Boot Camp

  • Approved courseware
  • Industry expert trainers
  • 28 study hours
  • Quizzes & workshops
  • Practice exams


The Certified Information Security Manager (CISM®) by ISACA indicates a practitioner’s expertise in information security governance, program development and management, incident management, and risk management. This certification is designed to fulfil the need for trained and capable Information security professionals and endorses international security practices.

With the CISM Bootcamp, practitioners will gain the guidance they require to pass the certification examination. They will also gain knowledge and skill to effectively run, design, oversee, and assess an enterprise’s information security systems. That way, they can build their career by transitioning from team players to managers and benefit their employers with state-of-the-art information security programs.

Learning Objectives

In addition to preparing you for the CISM certification exam, this boot camp will help you achieve the following learning objectives as defined by ISACA:

  • Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives 
  • Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives 
  • Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture 
  • Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact 

Who Should Attend this Training

  • Chief information officers 
  • Chief information security officers
  • Security management professionals
  • Information security managers
  • Professionals preparing for the CISM® examination
  • Professionals with the CISA or CISSP qualification who wish to learn more about information security management
  • Mid-level practitioners who wish to make a career change


There are no prerequisites for attempting the CISM certification examination. However, you will need to meet certain requirements to be certified. Please check the FAQs for those.

Examination Format

  • 150 multiple choice questions
  • 4 hours duration
  • Passing criteria is 450 points from 800 (scaled results)
  • Closed book exam

What’s Next?

The CISM certification is a standalone certification. You can, however, expand your knowledge on information security with other certifications such as ISO/IEC 27001 Information Security Management System (ISMS) Lead Implementer and Certified Information Systems Security Professional (CISSP).

Connect With Us

Training Delivery Options

Instructor-Led Training

Features include

  • Train with the best instructors wherever you are
  • Gain access to quizzes, exams, and valuable resources
  • Interact with instructors in real-time for maximum learning
View Schedule
Coporate Training

Features include

  • Flexible pricing and schedule at your ease
  • Self-paced and instructor-led training options
  • Comprehensive learner assistance and support
Contact us


  • Methods to establish an information asset classification model consistent with business
  • Information asset valuation methodologies
  • Methods to assign the responsibilities for and ownership of information assets and risk
  • Risk assessment and analysis methodologies
  • Risk reporting and monitoring requirements
  • Risk treatment strategies and methods to apply them
  • Techniques for integrating risk management into business and IT processes
  • Compliance reporting processes and requirements

  • Methods to align information security program requirements with other business functions
  • Methods to identify, acquire, manage and define requirements for internal and external resources
  • Methods to design information security controls
  • Methods to develop information security standards, procedures and guidelines
  • Methods to establish and maintain effective information security awareness and training programs
  • Methods to integrate information security requirements into organizational processes

  • Incident management concepts and practices
  • Business continuity planning (BCP) and disaster recovery planning (DRP) and their relationship to the incident response plan
  • Incident classification, damage containment, and escalation processes
  • Forensic requirements and capabilities for collecting, preserving and presenting evidence
  • Post-incident review practices and investigative methods to identify root causes and determine corrective actions

Exam & Certification FAQs

Does ISACA have any substitutions or waivers for its certification requirements?

Yes, it does. The following substitutions and waivers may be obtained:

Two Years 

    • Candidate has earned the Certified Information Systems Auditor (CISA)® credential and is in good standing 
    • Candidate has earned the Certified Information Security Professional (CISP)® credential and is in good standing 
    • Candidate has a post-graduate degree in information security or a related field such as information assurance 

One Year

    • Candidate has skill-based security certifications such as CompTIA Security+ or Microsoft Certified Systems Engineer (MCSE)
    • Candidate has one year of experience in information systems management
    • Candidate has one year of experience in general security management experience 

Keep in mind that experience substitutions do not replace the three-year information security management work experience requirement. The only exception is for university instructors teaching information security management. Every two years of their experience working full-time is equal to one year of information security experience.


How does ISACA rate candidates in the CISM exam?

ISACA rates candidates on a regular scale from 200 to 800. To pass the CISM® certification exam, you need to achieve a score of 450 or above.


What does the CISM certification exam cover?

The certification exam covers the four domains below, which are shown with their weights:

    • Domain 1 – Information Security Governance (24%)
    • Domain 2 – Information Risk Management (30%)
    • Domain 3 – Information Security Program Development and Management (27%)
    • Domain 4 – Information Security Incident Management (19%)


What are the certification pre-requisites?

In addition to passing the exam, you will need to fulfil the requirements listed below to earn the CISM credential:

    • Demonstrate a minimum of five (5) years of professional information systems auditing, control, or security work experience; this experience should be within the 10-year period preceding the date you applied for the certification
    • Adhere to the Code of Professional Ethics
    • Adhere to ISACA’s Continuing Professional Education (CPE) Policy


How can I maintain my certification?

CISM® credential holders will need to do the following to maintain their certification:

    • Earn and report a minimum of 20 CPE hours every year, starting from the year after they were certified
    • Earn and report a minimum of 120 CPE hours over the span of three years
    • Pay the annual maintenance fee
    • Comply with the CPE audit if selected 
    • Comply with ISACA’s Code of Professional Ethics


When will I receive my exam results?

You will get your preliminary results immediately after submitting your exam. You will receive your official score via email within 10 working days. Alternatively, your score will be available online within 10 working days.


What other languages can I attempt the examination in?

In addition to English, you can choose to take the CISM examination in Simplified Chinese, Japanese, or Spanish.


What will happen to my CISM certification status if I no longer practice or decide to retire?

ISACA offers a Non-Practicing and a Retired status for professionals as long as they meet certain requirements.

The Non Practicing status is provided to active certification holders who have short- or long-term unemployment or disability, no longer work in the field but wish to retain their certification, or have extenuating circumstances which have been approved by the Certification Working Group. Non-practicing CRISC professionals will need to pay the annual maintenance fee even if they do not earn CPEs.

As for the Retired status, this is provided to professionals who are above 55 years of age and have retired from their profession, or those unable to perform specific job functions due to permanent disability. Unlike the Non-Practicing status, practitioners cannot return to Active once they retire. They will need to re-take and pass the certification exam before re-applying for the certification.

Connect With Us

Training Events

Coming Soon

Why Choose LearningCert As Your Training Partner?

Accredited course material

Our training materials received approval by relevant accreditation bodies to assure learners of high quality and consistency.

Accredited Training Organization

LearningCert has been approved by relevant accreditation bodies, and has been licensed to deliver each of the courses offered.

Excellent feedback

From high levels of engagement to quality materials, our courses have received an ‘Excellent’ rating from trainees.

At your premises

Get more from your training and achieve learning objectives faster at your preferred location, at your preferred time.


User Registration


Reset Password