Course Description Schedule Course Outline

Who should attend

Information Security Managers intent on passing the challenging CISM certification provided by ISACA.


The ISACA® CISM exam is only available two days per year, and requires students to register well in advance. The exam is delivered at locations around the world, including more than 80 U.S. metropolitan areas. Contact your Account Manager for more details.

Class Prerequisites

To become a CISM, you must submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.

What You Will Learn

Upon the completion of Fast Lane’s CISM Boot Camp, you will learn:

  • Essential tips and tricks for passing the CISM Certification exam on the first attempt
  • What to specifically focus on in order to reduce the scope of preparing for the CISM
  • How to look at Security Management
  • Career-enhancing approaches to Information Security Governance
  • InfoSec Program Management
  • Risk Management
  • Response Management


What’s included?

Your instructor will guide you and explain the concepts relating to the ISACA CISM exam. Our methodology of teaching the domains of the CISM guides you on how to dissect the questions and concept areas of the CISM.

Only Fast Lane’s CISM Boot Camp offers you the following benefits:

  • Five full days of intense instruction with no outside distractions
  • Courseware:
    • Fast Lane's CISM Courseware
    • Official ISACA CISM Practice Question v10 Database
    • ISACA Official CISM Review Manual 2010
  • In-person access to the top security experts in the industry
  • Lunch, beverages and snacks provided on each day of class
  • Highly accomplished status as a distinguished information security professional; for CISSPs and others, the CISM is considered a real career distinguisher
  • Potential for a salary increase and/or promotion
  • Excellent certification preparation

Outline: CISM Boot Camp (CISMBC)

Day 1 - Information Security Governance

  • Developing information security strategy
  • Obtaining senior management commitment
  • Ensuring roles and responsibilities
  • Establishing reporting
  • Identifying regulatory issues affecting information security
  • Establishing information security policies that support business goals
  • Ensuring the development of guidelines that support security policies
  • Developing business case analysis that supports information security program investments

Day 2 - Risk Management

  • Developing a systematic, analytical and continuous risk management process
  • Ensuring that risk identification and mitigation activities are integrated
  • Applying risk identification and analysis methods
  • Defining strategies and prioritize options to mitigate risk to acceptable levels
  • Reporting significant changes in risk to appropriate levels of management

Day 3 - Information Security Program Management

  • Creating and maintaining plans to implement the information security governance framework
  • Developing information security baseline(s)
  • Developing procedures/guidelines to ensure business processes address InfoSec risk
  • Developing procedures/guidelines for IT activities to ensure compliance with policies
  • Integrating InfoSec program requirements into the organization's life cycle activities
  • Developing methods of meeting InfoSec policy requirements that recognize impact on end user
  • Promoting accountability by business process owners in managing information security risks
  • Establishing metrics to manage the information security governance framework

Day 4 - Information Security Management

  • Ensuring that the rules of use for information systems comply with the enterprise's information security policies
  • Ensuring that the administrative procedures for information systems comply with the enterprise's information security policies
  • Ensuring that services provided by other enterprises, including outsourced providers, are consistent with established information security policies
  • Using metrics to measure, monitor and report on the effectiveness and efficiency of information security controls and compliance with information security policies
  • Ensuring that information security is not compromised throughout the change management process
  • Ensuring that vulnerability assessments are performed to evaluate effectiveness of existing controls
  • Ensuring that noncompliance issues and other variances are resolved in a timely manner
  • Ensuring the development and delivery of the activities that can influence culture and behavior of staff, including information security education and awareness

Day 5 - Response Management

  • Developing and implementing processes for detecting, identifying and analyzing security related events
  • Developing response and recovery plans including organizing, training and equipping the teams
  • Ensuring periodic testing of the response and recovery plans where appropriate
  • Ensuring the execution of response and recovery plans as required
  • Establishing procedures for documenting an event as a basis for subsequent action, including forensics when necessary
  • Managing post-event reviews to identify causes and corrective actions
  • Practice Exam and Review
Classroom Training
Modality: C

Duration 5 days

  • United States: US$ 2,975
Enroll now
Online Training
Modality: L
Enroll now

Currently there are no training dates scheduled for this course.  Request a date