Online Training Course


CyberVista’s CISM Training Course enables experienced practitioners to participate, learn, and partner with other professionals as they prepare to earn the highly in-demand CISM certification.


Who should earn the CISM

The CISM is an advanced certification designed for experienced practitioners, managers, and executives. It covers a wide range of cybersecurity topics from a governance perspective.  The CISM also meets the U.S. Department of Defense Directive 8570/8140.

Chief Information Security Officer
Security Manager
Director of Security
Security Auditor
IS/IT Consultant
Information Security Manager
Security Systems Engineer
Security Consultant

Course Overview

ISACA’s CISM (Certified Information Security Manager) certification is a management-focused certification designed for professionals who design, build and manage enterprise information security programs. Achieving this leading information security credential will help you join a growing and elite network.

As an official training provider for ISACA, we offer CISM as a Video On-Demand Course that allows participating practitioners to move at their own pace.

Readiness guarantee – CyberVista offers a course readiness or retake guarantee on all Certify courses. If any individual taking this training course does not pass the exam on the first try or does not feel prepared following the completion of the course can retake the course at no additional charge for up to one full year.
This course includes:
  • 16+ hours of 5-15 minute on-demand training videos
  • Supplementary videos
  • 100 question diagnostic exam
  • 950+ practice question bank
  • 400+ digital flashcards
  • 100 question mid-term practice exam
  • 150 question final exam
  • Performance Tracker
  • Summary Notes
  • Summary Videos
  • CISM Review Manual (15th Ed.) by ISACA

Course Outline

    • 1 Introduction
    • 1.1 Information Security Governance Overview
    • 1.2 Effective Information Security Governance
    • 1.3 Roles and Responsibilities
    • 1.4 Risk Management Roles and Responsibilities
    • 1.5 Governance of Third-Party Relationships
    • 1.6 Information Security Governance Metrics
    • 1.7 Information Security Strategy Overview
    • 1.8 Information Security Strategy Objectives
    • 1.9 Determining the Current State of Security
    • 1.1 Information Security Strategy Development
    • 1.11 Strategy Resources
    • 1.12 Strategy Constraints
    • 1.13 Action Plan to Implement Strategy
    • 1.14 Information Security Program Objectives
    • 2 Introduction
    • 2.1 Risk Management Overview
    • 2.2 Risk Management Strategy
    • 2.3 Effective Information Risk Management
    • 2.4 Information Risk Management Concepts
    • 2.5 Implementing Risk Management
    • 2.6 Risk Assessment and Analysis Methodologies
    • 2.7 Risk Assessment
    • 2.8 Information Asset Classification
    • 2.9 Operational Risk Management
    • 2.1 Third-Party Providers
    • 2.11 Risk Management Integration with Life Cycle Process
    • 2.12 Security Control Baselines
    • 2.13 Risk Monitoring and Communication
    • 2.14 Training and Awareness
    • 2.15 Documentation
    • 3 Introduction
    • 3.1 Information Security Program Management Overview
    • 3.2 Information Security Program Objectives
    • 3.3 Information Security Program Concepts
    • 3.4 Scope and Charter of an Information Security Program
    • 3.5 The Information Security Management Framework
    • 3.6 Information Security Framework Components
    • 3.7 Defining and Information Security Program Road Map
    • 3.8 Information Security Infrastructure and Architecture
    • 3.9 Architecture Implementation
    • 3.1 Security Program Management and Administrative Activities
    • 3.11 Security Program Services and Operational Activities
    • 3.12 Controls and Countermeasures
    • 3.13 Security Program Metrics and Monitoring
    • 3.14 Common Information Security Program Challenges
    • 4 Introduction
    • 4.1 Incident Management Overview
    • 4.2 Incident Response Procedures
    • 4.3 Incident Management Organization
    • 4.4 Incident Management Resources
    • 4.5 Incident Management Objectives
    • 4.6 Incident Management Metrics and Indicators
    • 4.7 Defining Incident Management Procedures
    • 4.8 Current State of Incident Response Capability
    • 4.9 Developing an Incident Response Plan
    • 4.1 Business Continuity and Disaster Recovery Procedures
    • 4.11 Testing Incident Response and Business Continuity/ Disaster Recovery Plans
    • 4.12 Executing Response and Recovery Plans
    • 4.13 Post Incident Activities and Investigation

Why CyberVista?

When it comes to certification training, we know that you and your organization have several options to choose from. This is what separates CyberVista from the pack. 

Data Driven

Live reporting provides an objective view of performance and progress.


Total costs average 50% less per person compared to traditional providers.


Drive real results with high-quality training and practical applications.


Designed to adapt to the organization and the individual employee.