Learning Objectives

The first step to becoming CISM certified is to take and pass the CISM certification exam, consisting of 150 questions covering 4 job practice domains:

• Information Security Governance – Affirms the expertise to establish and/or maintain an information security governance framework (and supporting processes) to ensure that the information security strategy is aligned with organizational goals and objectives. Domain 1 confirms your ability to develop and oversee an information security governance framework to guide activities that support the information security strategy.
• Managing Information Risk – proficiency in this key realm denotes advanced ability to manage information risk to an acceptable level, in accordance with organizational risk appetite, while facilitating the attainment of organizational goals and objectives. Domain 2 demonstrates expertise in classifying information assets to ensure measures taken to protect those assets are proportional to their business value
• Developing and Managing an Information Security Program – establishes ability to develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning with business goals. Domain 3 attests to ability to ensure the information security program adds value while supporting operational objectives of other business functions (human resources, accounting, procurement, IT, etc.)

Information Security Incident Management – validates capacity to plan, establish and manage detection, investigation, response and recovery from information security incidents in order to minimize business impact. Domain 4 establishes your skills in accurately classifying and categorizing information security incidents and developing plans to ensure timely and effective response.