July 29,30,31 & Aug. 1, 2019

4 days – Virtual/Online

Price: $2,645 for MISAC Members; $2,795 for Partners; $2,945 for Non-Members

CISMWhile information has become easily and readily available, its associated risks and security threats have increased in both number and complexity. Protecting an agency’s information has become all the more important. It is now vital that executives ensure their IT security managers are equipped to reduce risk and protect their agencies.

Designed specifically for information security professionals who are preparing to sit for the CISM exam, MuniTech Academy’s CISM Exam Prep Boot Camp focuses on the four content areas of the Certified Information Security Manager (CISM) job practice:

  1. Information Security Governance
  2. Risk Management and Compliance
  3. Information Security Program Development and Management
  4. Information Security Incident Management

Sample exam items will be used throughout the course to reinforce content and familiarize attendees with the CISM exam question format.



Course outline provided by ISACA


Domain 1: Information Security Governance 

  • Develop an information security strategy, aligned with business goals and directives
  • Establish and maintain an information security governance framework
  • Integrate information security governance into corporate governance
  • Develop and maintain information security policies
  • Develop business cases to support investments in information security
  • Identify internal and external influences to the organization
  • Gain ongoing commitment from senior leadership and other stakeholders
  • Define, communicate and monitor information security responsibilities
  • Establish internal and external reporting and communication channels

Domain 2: Information Risk Management

  • Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value
  • Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels
  • Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and at appropriate times, to identify and assess risk to the organization’s information
  • Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite
  • Determine whether information security controls are appropriate and effectively manage risk to an acceptable level
  • Facilitate the integration of information risk management into business and IT processes to enable a consistent and comprehensive information risk management program across the organization
  • Monitor for internal and external factors (e.g., threat landscape, cybersecurity, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately
  • Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
  • Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objective

Domain 3 – Information Security Program Development & Management

  • Develop a security program, aligned with information security strategy
  • Ensure alignment between the information security program and other business functions
  • Establish and maintain requirements for all resources to execute the IS program
  • Establish and maintain IS architectures to execute the IS program
  • Develop documentation that ensures compliance with policies
  • Develop a program for information security awareness and training
  • Integrate information security requirements into organizational processes
  • Integrate information security requirements into contracts and activities of third parties
  • Develop procedures (metrics) to evaluate the effectiveness and efficiency of the IS program
  • Compile reports to key stakeholders on overall effectiveness of the IS program and the underlying business processes in order to communicate security performance

Domain 4 – Information Security Incident Management

  • Define (types of) information security incidents
  • Establish an incident response plan.
  • Develop processes for timely identification of information security incidents
  • Develop incident escalation and communication processes
  • Test and review the incident response plan
  • Establish communication plans and processes
  • Determine the root cause of IS incidents
  • Align incident response plan with DRP and BCP

CISM Certification Information:

The management-focused CISM certification promotes international security practices and recognizes the individual who manages, designs, oversees and assesses an enterprise’s information security.

Around the world, demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area.  The uniquely management-focused CISM certification ensures holders understand business and know how to manage and adapt technology to their enterprise and industry.  Since its inception in 2002, more than 30,000 professionals worldwide have earned the CISM to affirm their high level of technical competence and qualification for top-caliber leadership and management roles.

  • CISM demonstrates a deep understanding of the relationship between information security programs and broader business goals and objectives.
  • Earning a CISM is considered a great way to pave the path from security technologist to security manager.
  • CISM holders are consistently recognized among the most-qualified professionals in the information security and risk management fields.
  • CISM-certified employees provide enterprises with an information security management certification recognized by organizations and clients around the globe.
  • The credibility CISM offers is strengthened by its real-world experience requirement.

This certification is a DoD Approved 8570 Baseline Certification 


Certified Information Security Manager (CISM)

Domain 1 – Information Security Governance (24%)
Domain 2 -Information Risk Management (30%)
Domain 3 – Information Security Program Development and Management (27%)
Domain 4 – Information Security Incident Management (19%)

  • All ISACA certification exams consist of 150 multiple choice questions that cover the respective job practice areas created from the most recent job practice analysis.
  • You have 4 hours to complete the exam.



Back to top

Click here for additional MuniTech Academy courses that might interest you.