ISACA Certified Information Security Manager® (CISM®)

One of the most sought-after courses we offer at Firebrand, our accelerated Certified Information Security Manager certification course teaches you to manage, design, oversee, and assess Enterprise Information Security, helping you become competent, confident, and certified in just 4 days.

Achieving CISM certification attests to your knowledge of information security programmes and their role in meeting business goals and objectives.

Through Firebrand's unique Lecture | Lab | Review method, you'll go through the four ISACA CISM Domains and retain information faster.

You will learn all about:

• Information Security Governance
• Information Risk Management and Compliance
• Certified Information Security Program Development and Management
• Information Security Incident Management

Achieve your CISM certification with an ISACA Accredited Training Organisation (ATO)

At Firebrand, we are proud to be an ISACA Accredited Training Organisation (ATO). While training with us, you'll get access to official ISACA courseware, be taught by certified ISACA instructors, and sit your CISM exam on the last day of your course, covered by our Certification Guarantee.

As a Premier ISACA Partner for EMEA and the US, we train more students in these regions than any other partner!

How can you take the CISM course?

We offer three study mode options with the same Firebrand quality.

You can take the accelerated CISM course at our distraction-free training facilities in the UK and Europe, online, through live instructor-led training, or in the centre of London and Manchester. 

Regardless of study mode, all our courses include:

• Official courseware, labs and practice exams
• The official CISM certification exam
• For residential courses, accommodations, meals, and snacks

Who should take this course?

ISACA CISM training is ideal for Network Architects, Information Security Managers, and anyone responsible for Information Security at their company.

This in-depth certification course helps you become an expert across the four CISM Domains:

• Domain 1 - Information Security Governance (24%)
• Domain 2 - Information Risk Management and Compliance (33%)
• Domain 3 - Information Security Program Development and Management (25%)
• Domain 4 - Information Security Incident Management (18%)

What is a CISM bootcamp?

Firebrand's CISM course (sometimes referred to as a CISM bootcamp) is an accelerated 4-day course that will prepare you for the CISM exam, which you'll sit during the training. This course is all-inclusive, a one-off fee covers all official course materials, accommodation and meals.

Accelerated training is fast, but this is not a crash course - you'll learn from a real-world security expert and study everything you need to know to pass the exam.

What is the CISM exam cost?

At Firebrand, the exam cost is included in the CISM course fees.

Where can I find CISM exam questions?

Claim your free CISM Foundation practice exam questions now. You'll also get access to official practice exam questions on your accelerated course.

What is the CISM certification cost?

To find out the cost of this accelerated CISM course, fill out the price inquiry form.

Should I take ISACA CISM or ISC2 CISSP?

Both ISACA CISM and the ISC2 Certified Information Systems Security Professional (CISSP) are vendor-neutral, advanced programmes in IT security for continuing professional education.

Despite many similarities, however, they are complementary instead of in direct competition to each other.

Here's what CISM and CISSP have in common:

• Vendor-neutral
• Require 5 years of experience in information security management
• Maintenance requires completion of continuing education

Perhaps the main difference is that CISM is more holistic and management-focused, where CISSP has a more technical approach.

Who should take ISACA CISM and ISC2 CISSP?

CISM and CISSP are designed for different audiences based on career goals, job roles, and areas of focus.

ISACA CISM is best suited for professionals in or aspiring to management roles in Information Security, where the focus is on Governance, Risk Management, and aligning security strategies with business goals. It’s ideal for those looking to advance into roles like Information Security Manager, IT Manager, or CISO.

Meanwhile, ISC2 CISSP is ideal for experienced security professionals, especially those in technical or strategic roles like Security Architect, Security Analyst, or CISO, who need a deep and broad understanding of security practices across various domains. It is particularly valuable for those with a technical background who wish to move into higher-level security roles.

Why should I attempt to take ISACA CISM? Is it worth it?

CISM is one of the best-known and most respected Information Security Management certifications in the world.

Pursuing it is well worth the effort, because:

Unlike ISC2 CISSP or EC-Council CEH, which dive into more hands-on, technical aspects, CISM focuses on Management, making it ideal for professionals responsible for aligning security strategies with business objectives, managing teams, and overseeing security governance.

Also, CISM emphasizes the importance of aligning information security with business objectives. This is crucial as many organizations require security professionals who can speak both business and technical languages. With increasing cyber threats and regulatory requirements, there’s a high demand for such professionals and many businesses now require strategic security leaders who can not only implement technical solutions but also ensure that those solutions align with business goals.

Finally, last but not least, CISM is highly recognized and respected worldwide, particularly by employers seeking Senior Leadership in Cyber Security; CISM is an industry standard for positions like Information Security Manager, IT Security Consultant, Security Director, and Risk Manager.

So, if you’re looking to move into Cyber Security leadership and work at a strategic level, CISM is well worth your while.

You'll sit the official CISM exam at the Firebrand Training Centre, covered by your Certification Guarantee:

• Duration: 4 hours
• Number of questions: 150 multiple choice
• Languages: English, Chinese Simplified, Japanese, Korean and Spanish

The exam tests knowledge in the following domains:

• Domain 1 - Information Security Governance (24%)
• Domain 2 - Information Risk Management (30%)
• Domain 3 - Information Security Program Development and Management (27%)
• Domain 4 - Information Security Incident Management (19%)

There are no formal prerequisites for attending the CISM course and sitting the exam. In fact, this is a practice accepted and encouraged by ISACA.

Achieving CISM

In order to become CISM certified, you must meet the following requirements:

• Pass the CISM exam
• Adhere to ISACA's Code of Professional Ethics
• Agree to comply with the Continuing Education Policy
• Accumulate enough work experience in the field of information security.
• Submit an Application for CISM Certification within 5 years of passing the exam - see below

CISM prerequisites

The CISM certification is built for information security professionals, managers and other assurance providers. In order to be eligible, you must be able to submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practise analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.

CISM experience requirements

If you have any of the below, you can get 1 to 2 years waivered and will only need to prove 3-4 years of experience.

You can get 2 years waivered if you have:

• ISACA Certified Information Systems Auditor (CISA) in good standing
• ISC2 Certified Information Systems Security Professional (CISSP) in good standing
• Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

You can get 1 year waivered if you have:

• One full year of information systems management experience
• One full year of general security management experience
• Skill-based security certifications (e.g., SANS or GIAC, Microsoft Certified Solutions Expert (MCSE), CompTIA Security +, Disaster, Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
• Completion of an information security management program at an institution aligned with the Model Curriculum

The experience substitutions will not satisfy any portion of the 3-year information security management work experience requirement.

Experience Exceptions

Two years as a full-time university instructor teaching the management of information security can be substituted for every 1 year of information security experience.

Professional certification gives you and your organisation a competitive advantage in the marketplace. Although certification may not be mandatory for you at this time, a growing number of organisations are requiring or recommending that employees become certified. 

The benefits of achieving CISM include:

• Becoming recognised for attaining advanced Information Security job skills;
• A tangible evidence of career growth;
• The potential for a salary increase and/or promotion;
• Gaining the opportunity to build upon existing certifications/credentials already earned.

Seven reasons why you should sit your course with Firebrand Training

• Three training options. Choose between residential classroom-based, live online, or city-centre courses
• You'll be certified fast. With us, you’ll be trained in record time
• Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
• Pass the first time or train again for free. This is our guarantee. We’re confident you’ll pass your course the first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
• You’ll learn more. Our expert instructors cover exclusive additional materials not taught through the official curriculum
• You’ll learn faster. Chances are, you’ll have a different learning style compared to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
• You’ll be studying with the best. We’ve been named in the Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 135,000 professionals

*For residential training only. Doesn't apply to online courses
**Some exceptions apply. Please refer to the Exam Track or speak with our experts

Are you ready for the course? 

Get access to free practice tests here:  Free Practice Test

On this accelerated CISM course, you'll get official ISACA Student Kits which include:

• Certification Review Manual
• 12 month access to official ISACA Resources including ISACA Exam Practice Questions, Answers and Explanations
• Course materials