CISM Preparation Course

CISM Preparation Course prepares professionals for the CISM® certification exam through a structured review of the domains of information security governance and management. The training consolidates strategic and operational concepts, supporting consistent preparation aligned with the exam requirements.

Register
Companies: request a proposal

Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and models· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration

Upcoming dates

Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.

7 April 2026
Live Online • next edition
29 June 2026
Live Online • base price
Duration: 4 days / 35h
Language: available in Portuguese or English
Training: Review + practical exercises by domain
Exam: 4h (150 questions) • not included
PROFESSIONAL LEVEL — practical application of methods in a professional context

Why this course exists

To equip Information Security managers with method, common language and execution capability, while also preparing them for the CISM exam.

Many organisations depend on critical digital services, but fail to ensure consistent governance, effective risk management, a sustainable security programme and an incident response capability supported by evidence and continuous improvement.

The CISM® exists to standardise the professional practice of security management, and this course prepares participants to lead the function while maintaining a focus on the 4 exam domains.

What this course enables you to do

Govern

Define and maintain a security governance structure aligned with strategy, objectives and applicable requirements.

Manage risk

Apply principles and practices of risk management to the security programme and support risk-based decisions.

Build the programme

Develop and manage a security programme with priorities, metrics and control over execution.

Respond to incidents

Establish and direct incident management, response and recovery, reducing impact and improving maturity.

Frameworks, models and structures addressed throughout the course

CISM domains and professional practice
Information Security Governance
Information Security Risk Management
Security Programme (design, execution, metrics)
Incident Management (response and recovery)
Integration with modern environments (cloud and digital operations)

Value for the organisation

  • Greater consistency and credibility in Information Security management (recognised method and language).
  • Stronger governance and better alignment of security with business objectives and applicable requirements.
  • Improved capability to assess and manage risk, prioritise controls and justify investment.
  • More effective incident response, with continuous improvement and reduced operational and reputational impact.

Introduction

The CISM Preparation Course is a professional training course in Information Security management and governance, intended for managers and professionals who wish to take the Certified Information Security Manager (CISM) exam.

Prepare for a reference certification in information security management, aimed at roles involving leadership, planning, implementation, monitoring and evaluation. The CISM Preparation Course prepares participants to assess risks, implement an effective governance model and respond to security incidents in a structured and proactive manner, aligned with organisational objectives.

The curriculum covers the four key exam domains: Information Security Governance, Information Security Risk Management, Information Security Programme and Incident Management. Consolidation is carried out through discussion, practical exercises by domain and a simulation exam, aimed at turning knowledge into performance in the CISM® exam.

Resources, topics, discussion, exercises by domain and a final simulation exam.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.

General Objectives

At the end of the course, participants should be able to:

  • Develop an information security governance structure aligned with organisational objectives.
  • Establish and maintain a structure that ensures alignment between security strategy, business goals and applicable requirements.
  • Apply principles and practices of risk management to the information security programme.
  • Identify and manage information security risks in order to achieve business objectives.
  • Develop and manage an information security programme aligned with business strategy and objectives.
  • Supervise and direct security activities to execute the programme.
  • Establish an effective incident management programme to respond to and manage incidents.
  • Develop and manage response and recovery capability in the face of disruptive security-related events.
  • Approach the CISM exam prepared for the updated domains.

Target Audience

  • Information Security Managers / Professionals
  • Security Directors
  • Security Officers
  • Security Consultants / Professionals
  • Cybersecurity Managers / Professionals
  • Executive and Operational Managers
  • IS / IT Consultants
  • Candidates for the CISM® exam

Prerequisites

To attend the CISM course, it is recommended that participants:

  • Have fundamental knowledge of the CISM domains and an understanding of English (exam materials and terminology).
  • Other specific requirements may apply, where relevant, depending on the quotation / proposal presented (please consult the proposal).

Programme

Review by domains (CISM)
  1. Introduction and Course Plan
  2. Information Security Governance
  3. Information Security Risk Management
  4. Information Security Programme
  5. Incident Management
Exam Preparation (simulation)
  • Exam Preparation: Simulation Exam
  • Exam-style questions, with correction and explanation of the reasoning

Exam(s) and Certification

Exam “CISM®”

The CISM certification exam is not included in the course price. Schedule the exam directly on the ISACA® website.

Format: Multiple choice.
Number of questions: 150 questions.
Duration: 4 hours.
Pass mark: 450 points (scale from 200 to 800).

Certification (requirements)
To achieve certification, candidates must successfully complete the CISM® exam and fulfil the remaining requirements defined by ISACA, including the formal certification application process.

Other Information

General Information
  • Training available in Portuguese or English.
  • Online training materials with online access, in English, with exercises by domain, and in accordance with the awarded conditions.
  • Simulation exam on the last day of training.
  • Behaviour digital Training Attendance Certificate with 35 CPD/CPE credits.
Trainer(s)
Learn from senior consultants and auditors with practical experience in implementation, auditing and training, and certifications such as CISA, CISM, CRISC, CGEIT, COBIT, CISSP, ISO 27001/27005/22301, among others.

Benefits

View benefits
  • Standardisation of language, criteria and practices in Information Security management, reducing ambiguity and increasing consistency.
  • Stronger professional and organisational credibility with clients, suppliers, external audits and governance functions.
  • Practical capability to direct governance, risk, programme and incidents, with immediate applicability.
  • Solid preparation for the CISM exam, with review by domains and simulation.
  • Pedagogical model oriented towards the effective acquisition of competencies, active participation and meaningful learning.

Logistics

Useful information
  • Live Online (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks.
  • Classroom (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks.
  • 28 hours of synchronous training, distributed across 4 consecutive days
  • Estimated 7 hours of guided autonomous work, intended for content consolidation, carried out flexibly outside synchronous sessions
  • Requirements: computer with stable internet, browser, PDF reader, audio/video.
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to additional questions about the CISM Preparation Course.

Is this course useful for professionals who already work in information security but have not yet held formal management roles?
Yes. The course can be particularly useful for professionals with technical or operational experience who want to move into roles with greater responsibility for governance, coordination, decision-making and supervision in information security.
Does the course only help with exam preparation, or does it also consolidate a management perspective applicable in real organisational contexts?
The course is not limited to exam preparation. The approach also seeks to consolidate a structured view of information security management, useful for framing priorities, making risk-based decisions and aligning security with organisational objectives.
Can professionals who already hold other information security certifications still benefit from this course?
Yes. Even for professionals who already hold other certifications, this course can add value by reinforcing the perspective of management, governance, risk and incident response within a framework oriented towards the typical responsibilities of information security leadership.
Can this course be relevant for organisations that want to strengthen the maturity of security management, even without an immediate objective of individual certification?
Yes. The course can also be useful in an organisational context where there is an interest in strengthening common language, decision criteria, understanding of the security management domains and greater consistency between functions with coordination or supervisory responsibilities.
Is this course suitable for those who want to better structure the relationship between security, risk and business objectives?
Yes. One of the course’s contributions is precisely to help participants understand how information security management should be articulated with risk, governance, organisational priorities and real protection and continuity needs.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to request your registration for the preferred edition. Check the upcoming dates.

Contact name
=

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable pathway.

Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.

Request Proposal