Information Security Manager (CISM preparation course)

Information Security Manager (CISM preparation course), CISM training, CISM course, CISM exam, CISM certification

Global recognition in information security management CISM® certification preparation course


The Information Security Manager (CISM® preparation course) prepares you for one of the essential certifications for information security professionals who manage, implement, monitor and evaluate information security in an organization. The course prepares Information Security managers for the performance of the function.

This course addresses the themes of Information Security Governance, Information Risk Management, Information Security Program Development and Management, Information Security Incident Management, allowing you to acquire knowledge also through discussion, exercises by domain, simulation exam, ensuring your preparation for the CISM® certification exam.

Resources, themes, discussion, exercise by domain, simulation exam.
All to continue to maintain the 98% pass rate in exams!

Program and training material updated on October 2021.

Next GUARANTEED DATES       27-Jun-2022, Live Training   Register now       17-Aug-2022, Live Training   Register now       

course evaluation     4.7 in 5

Information Security Manager (CISM preparation course), CISM training, CISM course, CISM exam, CISM certification


This course is available to be delivered in a classroom and Live-Training model.
Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.

Click to learn how > Live Online Training works <


This course is designed for managers and senior professionals in information security who intend to take the CISM® examination. The curriculum covers all of the key domains addressed in the exam: Information Security Governance, Information Risk Management, Information Security Program Development and Management, Information Security Incident Management

Training Methodology
In this preparation course the participants will revise the main concepts of information security management in accordance with the best practices of the certification domains, consolidate their knowledge through questions of exam preparation and in the end, perform a test simulation in order to assess the level of knowledge and the amount of effort needed to be aligned and to successfully pass the CISM® certification exam.

Candidates and prospective candidates for the CISM® examination and those wishing to expand their knowledge in the field of Information Security Management.

In order to attend to course it is recommended that:
  • Participants possess a basic knowledge about the different domains that will be addressed in the CISM® exam. The course is an intensive review in preparation for the examination, not basic training;
  • Participants must understand English since the provided documentation is written in that language.

Duration (days)
3 days

Learning Objectives
At the end of the course students should be able to:
  • Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations
  • Identify and manage information security risks to achieve business objectives
  • Design, develop and manage an information security program to implement the information security governance framework
  • Oversee and direct information security activities to execute the information security program
  • Develop and manage a capability to respond to and recover from disruptive and destructive information security events

  1. Introduction and course plan
  2. Information Security Governance
    • Basic Concepts of Information Security Governance
    • Effective Information Security Governance
    • Information Security Concepts and Technologies
    • Scope and Charter of Information Security Governance
    • Information Security Governance Metrics
    • Information Security Strategy
    • Action Plan Intermediate Goals
    • Information Security Program Objectives

  3. Information Risk Management
    • Risk management Overview
    • Risk management Strategy
    • Effective Information Security Risk Management
    • Information Security Risk Management Concepts
    • Implementing Risk Management
    • Risk Assessment and Analysis Methods
    • Risk Assessment
    • Information Resource Valuation
    • Recovery Time Objectives
    • Third Party Service Providers
    • Integration With Life Cycle Processes
    • Security Control Baselines
    • Risk Monitoring and Communication
    • Training and Awareness
    • Documentation

  4. Information Security Program Development and Management
    • Information Security Program Management Overview
    • Information Security Program Objectives
    • Information Security Program Concepts
    • Scope and Charter of an Information Security Program
    • The Information Security Management Framework
    • Information Security Framework Components
    • Defining an Information Security Program Road Map
    • Information Security Infrastructure and Architecture
    • Architecture Implementation
    • Security program Management and Administrative Activities
    • Security Program Services and Operational Activities
    • Controls and Countermeasures
    • Security Program Metrics and Monitoring
    • Common Information Security Program Challenges

  5. Information Security Incident Management
    • Incident management overview
    • Incident response procedures
    • Incident management organization
    • Incident management resources
    • Incident management objectives
    • Incident management metrics and indicators
    • Defining incident management procedures
    • Current state of incident response capability
    • Developing na incident response plan
    • Business continuity and Disater recovery procedures
    • Testing incident response and BC / DR Plans
    • Executing response and recovery plans
    • Post incident activities and investigation

  6. Exam Preparation: CISM Practice Exam

  • CISM® exam is not included in the course price. Schedule your exam directly with ISACA. After passing the exam successfully, you must submit your application on the ISACA website (;
  • CISM® certification is based on a multiple-choice exam consisting of 150 multiple choice questions with four choices each, about the 4 domains – Length: 4 hours. The passing mark is 450 in a scale from 200 to 800;

This course prepares for the Certified Information Security Manager (CISM®).

Our specialists are consultants and auditors, with several years of experience in the areas of implementation, auditing and training in best practices, methodologies, standards in the most recognized frameworks.
Some of our experts work directly in the improvement of these frameworks, methodologies and standards through its participation in the technical committees, as members or taking distinct roles in the major organizations worldwide, working and supporting the best practices communities. Our team of instructors are certified in the CISA, CISM, CGEIT, CRISC and COBIT certifications, and others from the most recognized worldwide, as CISSP, PMP, ISO 27001, among others.

General Information
  • Training in English language.
  • Training material in English, containing information and exercises per domain.
  • Exam simulation on the last day of the course.
  • Behaviour Participation Certificate with 21 CPD/CPE credits.
  • Coffee break in the morning and afternoon (Applies to all training that take place in Behaviour facilities).

  • Training in English language.
  • Online training material in English, with online access, containing information and practical exercises per domain.
  • Exam simulation on the last day of the course.
  • Digital Behaviour Participation Certificate with 21 CPD/CPE credits.

  • Information Security Manager (CISM® preparation course) is oriented towards the acquisition of knowledge of the key domains addressed in the exam: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, Information Security Incident Management

  • Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation and appreciation of experiences, we contribute to meaningful learning, certification and international recognition but, above all to the development of critical thinking and autonomy.

  • Behaviour is an organization accredited by DGERT (Portuguese Government Entity) and has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Dates and Price

Click on “Price and Registration” to access more information and also the price:

Guaranteed Dates Program
(*) All dates of this course are guaranteed only for the events that take place in Lisbon. In other locations the events are subject to a minimum number of participants.
On Behaviour all courses at Lisbon occur regardless of the number of trainees in room. The concept of setting up classes does not exist in our educational model, which is why all public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week and your trip, as long as you ensure your registration in the course.

Volume Discounts
For companies, Behaviour offer discounts, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to or contact us via chat.

Hotels and Useful Information
Know where you can stay in Lisbon, near Behaviour. For more information please see >> Booking <<