Cyber Security Category Banner Image

Certified Information Security Manager (CISM®)

  • Length 4 days
  • Price  $4015 inc GST
  • Version Updated in April 2022
Course overview
View dates &
book now

Why study this course

Gain knowledge and experience to demonstrate your understanding of the relationship between an information security program and broader business goals and objectives as you prepare for the Certified Information Security Manager (CISM) certification. 

It distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program. The uniquely management-focused CISM certification promotes international security practices and recognises the individual who manages, designs, oversees and assesses an enterprise’s information security. 

This course is an intensive, four-day review program designed to prepare professionals for the Certified Information Security Manager exam.

This course includes a digital courseware manual and access to the CISM Questions, Answers and Explanations (QAE) database for 12 months.

Please note: The exam is not included in the course fee but can be purchased separately. Please contact us for a quote.

Aligns to certification

Request Course Information

What you’ll learn

After completing this course, participants should be able to:

  • Explain the relationship between executive leadership, enterprise governance and information security governance

  • Outline the components used to build an information security strategy

  • Explain how the risk assessment process influences the information security strategy

  • Articulate the process and requirements used to develop an effective information risk response strategy

  • Describe the components of an effective information security program

  • Explain the process to build and maintain an enterprise information security program

  • Outline techniques used to assess the enterprise’s ability and readiness to manage an information security incident

  • Outline methods to measure and improve response and recovery capabilities

ISACA Accredited Elite Partner Logo

ISACA at Lumify Work

ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide.

Lumify Work is an Accredited Elite Partner of ISACA.

Who is the course for?

This course is designed for IT professionals with technical expertise and experience in IS/IT security and control looking to transition from team player to manager, including:

  • Senior Executives

  • IT Managers

  • Information Security Professionals

  • IT Software System and Application Developers

  • IT Auditors

Course subjects

Domain 1: Information Security Governance

  • Enterprise Governance Overview

  • Organisational Culture, Structures, Roles and Responsibilities

  • Legal, Regulatory and Contractual Requirements

  • Information Security Strategy

  • Information Governance Frameworks and Standards

  • Strategic Planning

Domain 2: Information Security Risk Management

  • Risk and Threat Landscape

  • Vulnerability and Control Deficiency Analysis

  • Risk Assessment, Evaluation and Analysis

  • Information Risk Response

  • Risk Monitoring, Reporting and Communication

Domain 3: Information Security Program Development and Management

  • IS Program Development and Resources

  • IS Standards and Frameworks

  • Defining an IS Program Road Map

  • IS Program Metrics

  • IS Program Management

  • IS Awareness and Training

  • Integrating the Security Program with IT Operations

  • Program Communications, Reporting and Performance Management

Domain 4: Information Security Incident Management

  • Incident Management and Incident Response Overview

  • Incident Management and Response Plans

  • Incident Classification/Categorisation

  • Incident Management Operations, Tools and Technologies

  • Incident Investigation, Evaluation, Containment and Communication

  • Incident Eradication, Recovery and Review

  • Business Impact and Continuity

  • Disaster Recovery Planning

  • Training, Testing and Evaluation


It is recommended that you have 3-5 years of information security experience.

To earn the CISM certification, students must pass the CISM Exam and also meet the additional criteria as determined by ISACA.

Industry Association Recognition

This course is eligible for Continuing Professional Education (CPE) hours/points to assist in maintaining your ISACA certification.

  • Contact hours: 28 hours

  • Continuing Professional Education: 28 CPEs

If you wish to claim CPEs, Lumify Work can verify your attendance. Please complete this ISACA form and email us at [email protected].

Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

Personalise your schedule with Lumify USchedule

Interested in a course that we have not yet scheduled? Get in touch, and ask for your preferred date and time. We can work together to make it happen.


  • Continue your learning experience online with Lumify Plus
    Lumify Plus (formerly DDLS Plus) is your online learning pathway to extend knowledge beyond courses. Get resources to help you practice what you learned and prepare for future courses, exams and certifications.
  • Cyber Security Executive Bundle
    Lumify Work offers cyber security training to cater for all levels of your organisation - from front-line staff to highly experienced senior cyber security professionals. We’ve partnered with the leading vendors to provide the most comprehensive cyber security training solutions in Australasia.
  • Cyber Risk and Governance Professional Bundle
    Are you interested in learning how to take a holistic approach addressing cyber threats and governing risk within organisations?