FREE GRC Workshop

LEARN MORE

Recommended Event: Convene: Boston | Cybersecurity & Human Risk Conference Aug 13 - 14, 2026

CISM (Certified Information Security Manager)

Type Training
Organization IMF Academy
Event Format Hybrid (both)
Size < 50 approximate delegates
Registration Not Free

Search for other Cybersecurity Conferences in the Netherlands in 2026-2027.

Training Description

Key Takeaways

  • Four-day training programme preparing candidates for the ISACA CISM examination
  • Covers all four CISM domains: Information Security Governance, Risk Management, Security Programme Development, and Incident Management
  • Designed for information security managers, CISOs, risk managers, IT auditors, and information architects
  • Emphasises strategic alignment between information security and business objectives
  • Available as classroom instruction, live online sessions, or in-company delivery

Introduction

The Certified Information Security Manager (CISM) training programme offers a structured four-day course designed to prepare information security professionals for the official CISM examination administered by ISACA. This certification addresses a critical need in the industry: bridging the gap between technical security implementation and strategic business leadership. As organisations face increasingly sophisticated cyber threats alongside mounting regulatory requirements, the demand for professionals who can govern security programmes at the enterprise level continues to grow.

CISM distinguishes itself from technically focused certifications by concentrating on management, governance, and the alignment of security initiatives with organisational strategy. Since ISACA introduced the credential in 2002, it has become one of the most sought-after qualifications in the information security field, with tens of thousands of professionals worldwide holding the designation.

About This Training Programme

The training spans four days and follows the CISM Body of Knowledge, the authoritative reference framework that underpins the certification examination. Participants can choose between classroom-based instruction, live online delivery, or in-company training tailored to organisational requirements. This flexibility accommodates different learning preferences and scheduling constraints while maintaining consistent curriculum coverage.

Beyond examination preparation, the programme incorporates practical case studies that help participants apply theoretical concepts to real-world scenarios. This approach recognises that effective information security management requires not only knowledge of frameworks and standards but also the judgement to implement them within specific organisational contexts.

The Four CISM Domains

The CISM examination and corresponding training material are organised around four interconnected domains that collectively define the competencies expected of an information security manager.

Information Security Governance

The first domain establishes the foundation for enterprise security leadership. It addresses how organisations should structure their security functions, define roles and responsibilities, and ensure that security objectives support broader business goals. Governance encompasses policy development, resource allocation, and the establishment of accountability frameworks. Participants learn to align security initiatives with corporate strategy while navigating applicable laws and regulations.

Information Security Risk Management

Risk management forms the analytical core of the CISM framework. This domain covers methodologies for identifying, assessing, and prioritising information security risks. Rather than treating security as a purely technical discipline, CISM emphasises risk-based decision making that balances protection costs against potential business impact. Professionals learn to communicate risk in terms that resonate with executive leadership and boards of directors.

Information Security Programme Development and Management

The third domain translates governance directives and risk assessments into operational security programmes. It covers the design, implementation, and ongoing management of security initiatives across the enterprise. Topics include security architecture, control selection, vendor management, and the integration of security requirements into business processes. This domain bridges strategic planning and day-to-day security operations.

Incident Management

The final domain addresses organisational readiness for security events. It covers incident response planning, detection capabilities, containment procedures, and recovery processes. Equally important is the post-incident review process that feeds lessons learned back into governance and risk management activities. Effective incident management requires coordination across technical teams, legal counsel, communications staff, and executive leadership.

Strategic Focus and Business Alignment

What distinguishes CISM from other information security certifications is its explicit focus on the relationship between security and business objectives. Technical certifications often concentrate on specific technologies, tools, or implementation techniques. CISM instead addresses the management layer where security decisions intersect with organisational strategy, resource constraints, and competing priorities.

This orientation reflects the evolving role of information security within enterprises. Security leaders increasingly participate in strategic planning, report to boards of directors, and influence major business decisions. The CISM framework prepares professionals for these responsibilities by developing competencies in governance, risk communication, and programme management alongside technical understanding.

Target Audience

The training programme serves professionals who operate at the intersection of information security and business management. Primary candidates include current and aspiring information security managers seeking formal recognition of their expertise. The curriculum also benefits Chief Information Security Officers, Chief Information Officers, and other executives with security oversight responsibilities.

Risk managers find value in the programme’s treatment of information security within broader enterprise risk frameworks. IT auditors gain perspective on the management controls and governance structures they evaluate. Information architects and security consultants benefit from understanding how their technical recommendations fit within organisational governance models.

The common thread among these roles is engagement with the strategic dimensions of information security rather than purely technical implementation. Professionals who wish to advance from technical positions into management or who need to communicate security matters to non-technical stakeholders will find the CISM framework particularly relevant.

Industry Recognition and Career Value

CISM has established itself as a benchmark credential for information security management roles. The certification’s emphasis on governance and business alignment addresses competencies that organisations increasingly require from their security leadership. As regulatory frameworks expand and boards of directors pay closer attention to cyber risk, professionals who can bridge technical and business perspectives become more valuable.

The credential’s international recognition facilitates career mobility across industries and geographies. ISACA’s global presence and the standardised examination process ensure that CISM holders demonstrate consistent competencies regardless of where they obtained certification.