CISM

Certified Information Security Manager

ISACA | 4 domains · 35 modules | Ready

This track is built to help you think like a security manager — the way ISACA expects on the CISM exam. Not memorization. Not checklists. Decision-driven reasoning across governance, risk, program management, and incident response.

0 of 35 modules completed (0%)

What You’ll Learn

  • Understand information security governance from a management perspective
  • Build decision frameworks for risk management scenarios under uncertainty
  • Learn what ISACA expects when evaluating security programs and incident response
  • Develop structured readiness self-assessments to know when you’re exam-ready
Domain 1 — Information Security Governance

Enterprise governance, organizational culture, legal and regulatory requirements, and information security strategy development.

Section A — Enterprise Governance

  1. 1 Organizational Culture Available
  2. 2 Legal, Regulatory, and Contractual Requirements Available
  3. 3 Organizational Structures, Roles, and Responsibilities Available
  4. Section A Review: Enterprise Governance Available

Section B — Information Security Strategy

  1. 4 Information Security Strategy Development Available
  2. 5 Information Governance Frameworks and Standards Available
  3. 6 Strategic Planning Available
  4. Section B Review: Information Security Strategy Available

Domain 1 Review

  1. Capstone Review: INFORMATION SECURITY GOVERNANCE Available
Domain 2 — Information Security Risk Management

Risk identification, assessment, response, and monitoring aligned to organizational objectives and risk appetite.

Section A — Information Security Risk Assessment

  1. 7 Emerging Risk and Threat Landscape Available
  2. 8 Vulnerability and Control Deficiency Analysis Available
  3. 9 Risk Assessment and Analysis Available
  4. Section A Review: Information Security Risk Assessment Available

Section B — Information Security Risk Response

  1. 10 Risk Treatment / Risk Response Options Available
  2. 11 Risk and Control Ownership Available
  3. 12 Risk Monitoring and Reporting Available
  4. Section B Review: Information Security Risk Response Available

Domain 2 Review

  1. Capstone Review: INFORMATION SECURITY RISK MANAGEMENT Available
Domain 3 — Information Security Program

Program development, resource management, control design and implementation, awareness training, and external service management.

Section A — Information Security Program Development

  1. 13 Information Security Program Resources Available
  2. 14 Information Asset Identification and Classification Available
  3. 15 Industry Standards and Frameworks for Information Security Available
  4. 16 Information Security Policies, Procedures, and Guidelines Available
  5. 17 Information Security Program Metrics Available
  6. Section A Review: Information Security Program Development Available

Section B — Information Security Program Management

  1. 18 Information Security Control Design and Selection Available
  2. 19 Information Security Control Implementation and Integrations Available
  3. 20 Information Security Control Testing and Evaluation Available
  4. 21 Information Security Awareness and Training Available
  5. 22 Management of External Services Available
  6. 23 Information Security Program Communications and Reporting Available
  7. Section B Review: Information Security Program Management Available

Domain 3 Review

  1. Capstone Review: INFORMATION SECURITY PROGRAM Available
Domain 4 — Incident Management

Incident management readiness, response planning, business continuity, disaster recovery, and post-incident review.

Section A — Incident Management Readiness

  1. 24 Incident Response Plan Available
  2. 25 Business Impact Analysis (BIA) Available
  3. 26 Business Continuity Plan (BCP) Available
  4. 27 Disaster Recovery Plan (DRP) Available
  5. 28 Incident Classification/Categorization Available
  6. 29 Incident Management Training, Testing, and Evaluation Available
  7. Section A Review: Incident Management Readiness Available

Section B — Incident Management Operations

  1. 30 Incident Management Tools and Techniques Available
  2. 31 Incident Investigation and Evaluation Available
  3. 32 Incident Containment Methods Available
  4. 33 Incident Response Communications Available
  5. 34 Incident Eradication and Recovery Available
  6. 35 Post-Incident Review Practices Available
  7. Section B Review: Incident Management Operations Available

Domain 4 Review

  1. Capstone Review: INCIDENT MANAGEMENT Available