ISACA Certified Information Security Manager® (CISM®)

One of the most sought-after courses we offer at Firebrand, our accelerated CISM certification course teaches you to manage, design, oversee, and assess Enterprise Information Security, helping you become competent, confident, and certified in just 4 days.

Achieving the CISM certification attests to your knowledge of information security programmes and their role in meeting business goals and objectives.

Through Firebrand's unique Lecture | Lab | Review method, you'll go through the four ISACA CISM Domains and retain information faster. You will learn all about:

• Information Security Governance
• Information Risk Management and Compliance
• Certified Information Security Program Development and Management
• Information Security Incident Management

Achieve your CISM certification with an ISACA Accredited Training Organisation (ATO)

At Firebrand, we are proud to be an ISACA Accredited Training Organisation (ATO). While training with us, you'll get access to official ISACA courseware, be taught by certified ISACA instructors, and sit your exam on the last day of your course, included in your course fee.

As a Premier ISACA Partner for EMEA and the US, we train more students in these regions than any other partner!

How can you take the CISM course?

We offer three study mode options with the same Firebrand quality.

You can take the accelerated CISM course at our distraction-free training facilities in the UK and Europe, online, through live instructor-led training, or in the centre of major UK cities. 

Regardless of study mode, all our courses include:

• Official courseware, labs and practice exams
• The official CISM certification exam
• For residential courses, accommodations, meals, and snacks

Which study mode is right for you? Fill in the price inquiry form and our advisers will help you choose the best option to suit your needs.

Who should take this course?

ISACA CISM is ideal for Network Architects, Information Security Managers, and anyone responsible for Information Security at their company.

Professional certification gives you and your organisation a competitive advantage in the marketplace. Although certification may not be mandatory for you at this time, a growing number of organisations are requiring or recommending that employees become certified. 

The benefits of achieving CISM include:

• Becoming recognised for attaining advanced Information Security job skills;
• A tangible evidence of career growth;
• The potential for a salary increase and/or promotion;
• Gaining the opportunity to build upon existing certifications/credentials already earned.

This in-depth certification course helps you become an expert across the four CISM Domains:

• Domain 1 - Information Security Governance (24%)
• Domain 2 - Information Risk Management and Compliance (33%)
• Domain 3 - Information Security Program Development and Management (25%)
• Domain 4 - Information Security Incident Management (18%)

What is a CISM bootcamp?

Firebrand's CISM course (sometimes referred to as a CISM bootcamp) is an accelerated 4-day course that will prepare you for the CISM exam, which you'll sit during the training. This course is all-inclusive, a one-off fee covers all official course materials, accommodation and meals.

Accelerated training is fast, but this is not a crash course - you'll learn from a real-world security expert and study everything you need to know to pass the exam.

Where can I find CISM exam questions?

Claim your free CISM Foundation practice exam questions now. You'll also get access to official practice exam questions on your accelerated course.

What is the CISM certification cost?

To find out the cost of this accelerated CISM course, fill out the price inquiry form.

Should I take ISACA CISM or ISC2 CISSP?

Both ISACA CISM and the ISC2 Certified Information Systems Security Professional (CISSP) are vendor-neutral, advanced programmes in IT security for continuing professional education.

Despite many similarities, however, they are complementary instead of in direct competition to each other.

Here's what CISM and CISSP have in common:

• Vendor-neutral
• Require 5 years of experience in information security management
• Maintenance requires completion of continuing education

Perhaps the main difference is that CISM is more holistic and management-focused, where CISSP has a more technical approach.

Who should take ISACA CISM and ISC2 CISSP?

CISM and CISSP are designed for different audiences based on career goals, job roles, and areas of focus.

ISACA CISM is best suited for professionals in or aspiring to management roles in Information Security, where the focus is on Governance, Risk Management, and aligning security strategies with business goals. It’s ideal for those looking to advance into roles like Information Security Manager, IT Manager, or CISO.

Meanwhile, ISC2 CISSP is ideal for experienced security professionals, especially those in technical or strategic roles like Security Architect, Security Analyst, or CISO, who need a deep and broad understanding of security practices across various domains. It is particularly valuable for those with a technical background who wish to move into higher-level security roles.

Why should I attempt to take ISACA CISM? Is it worth it?

CISM is one of the best-known and most respected Information Security Management certifications in the world.

Pursuing it is well worth the effort, because:

Unlike ISC2 CISSP or EC-Council CEH, which dive into more hands-on, technical aspects, CISM focuses on Management, making it ideal for professionals responsible for aligning security strategies with business objectives, managing teams, and overseeing security governance.

Also, CISM emphasizes the importance of aligning information security with business objectives. This is crucial as many organizations require security professionals who can speak both business and technical languages. With increasing cyber threats and regulatory requirements, there’s a high demand for such professionals and many businesses now require strategic security leaders who can not only implement technical solutions but also ensure that those solutions align with business goals.

Finally, last but not least, CISM is highly recognized and respected worldwide, particularly by employers seeking Senior Leadership in Cyber Security; CISM is an industry standard for positions like Information Security Manager, IT Security Consultant, Security Director, and Risk Manager.

So, if you’re looking to move into Cyber Security leadership and work at a strategic level, CISM is well worth your while.

You'll sit the following exam at the Firebrand Training Centre, covered by your Certification Guarantee:

• CISM Exam
• Duration: 4 hours
• Number of questions: 150 multiple choice
• Languages: English, Chinese Simplified, Japanese, Korean and Spanish

The exam tests knowledge in the following domains:

• Domain 1 - Information Security Governance (24%)
• Domain 2 - Information Risk Management (30%)
• Domain 3 - Information Security Program Development and Management (27%)
• Domain 4 - Information Security Incident Management (19%)

On this accelerated CISM course, you'll get official ISACA Student Kits which include:

• Certification Review Manual
• 12 month access to official ISACA Resources including ISACA Exam Practice Questions, Answers and Explanations
• Course materials

CISM requirements

There are no formal prerequisites for attending the CISM course and sitting the exam. In fact, this is a practice accepted and encouraged by ISACA.

Achieving CISM

In order to become CISM certified, you must meet the following requirements:

1. Pass the CISM exam
2. Adhere to ISACA's Code of Professional Ethics
3. Agree to comply with the Continuing Education Policy
4. Accumulate enough work experience in the field of information security.
5. Submit an Application for CISM Certification within 5 years of passing the exam - see below

Applying for CISM certification

The CISM certification is built for information security professionals, managers and other assurance providers. In order to be eligible, you must be able to submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practise analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.

CISM experience requirements substitution

The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.

Two Years:

• Certified Information Systems Auditor (CISA) in good standing
• Certified Information Systems Security Professional (CISSP) in good standing
• Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

One Year:

• One full year of information systems management experience
• One full year of general security management experience
• Skill-based security certifications (e.g., SANS or GIAC, Microsoft Certified Solutions Expert (MCSE), CompTIA Security +, Disaster, Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
• Completion of an information security management program at an institution aligned with the Model Curriculum

The experience substitutions will not satisfy any portion of the 3-year information security management work experience requirement.

Experience Exceptions

Two years as a full-time university instructor teaching the management of information security can be substituted for every 1 year of information security experience.