ISACA CISM Exam Prep

Overview

This official ISACA Certified Information Security Manager (CISM) self-study e-learning course is designed to develop expertise in information security governance, risk management, program development, and incident management. Recognised globally, CISM certification demonstrates a deep understanding of security operations, compliance, and enterprise-wide security strategy.

Learners must book onto the QA ISACA CISM Exam Prep event to receive access to the e-learning materials. Within 48 hours of booking, they will receive 12 months of digital courseware, study resources, and an official ISACA CISM exam voucher. Attendance at the instructor-led event is not mandatory, but booking is required. Learners have the flexibility to reschedule their prep event if needed.

These monthly sessions, hosted by an ISACA-authorised instructor, provide guidance on study techniques, navigation of ISACA’s learning platform, and exam preparation strategies.

CISM is a DoD 8570 Baseline Certification and meets DoD 8140/8570 training requirements, making it highly valuable for professionals in cybersecurity and risk management roles.

Prerequisites

There are no formal prerequisites for taking this course. However, to obtain CISM certification, learners must:

• Pass the CISM examination
• Submit a certification application and pay a $50 ISACA application fee
• Adhere to ISACA’s Code of Professional Ethics
• Commit to Continuing Professional Education (CPE) requirements
• Comply with ISACA’s Information Security Standards

The CISM exam is open to anyone interested in information security, but certification requires at least five years of professional experience in information systems security, auditing, or risk management.

Target audience

This course is ideal for professionals looking to advance their careers in information security, governance, and risk management. Suitable roles include:

• Information security managers
• IT security professionals
• Security consultants and auditors
• Cybersecurity officers and risk managers
• Compliance and governance professionals

Objectives

By completing this course, learners will be able to:

• Understand the principles of information security governance and compliance
• Implement risk management frameworks and security controls
• Develop and manage enterprise security programs
• Establish effective incident management and response strategies
• Align security programs with organisational goals and business objectives

Outline

Introduction to Certified Information Security Manager (CISM)

• Course objectives and expectations
• Understanding information security fundamentals
• Goals and principles of information security

Domain 1: Information security governance (17%)

• Introduction to information security governance
• Developing an effective security governance framework
• Managing third-party security relationships
• Defining security strategy, metrics, and compliance requirements
• Aligning security governance with business objectives

Domain 2: Information risk management and compliance (20%)

• Risk management principles and frameworks
• Conducting risk assessments and impact analysis
• Asset classification and valuation
• Security control baselines and compliance requirements
• Implementing risk monitoring and mitigation strategies
• Security awareness training and documentation

Domain 3: Information security program development and management (33%)

• Developing a comprehensive security program
• Establishing security program objectives and frameworks
• Integrating security controls and enterprise architecture
• Managing security operations and compliance
• Measuring security performance and operational effectiveness
• Addressing common security program challenges

Domain 4: Information security incident management (30%)

• Incident response planning and execution
• Defining incident management procedures and objectives
• Business continuity and disaster recovery planning
• Investigating and reporting security incidents
• Legal and regulatory considerations
• Adhering to the ISACA Code of Professional Ethics

Exams and assessments

This course includes an online ISACA CISM exam voucher. Learners will complete the exam independently and must meet ISACA’s certification requirements for official accreditation.

Product Access Change

Important Update to ISACA Product Access Periods

Effective 16 April 2026, ISACA is changing product access times from 12-months to 6-months across Exams, QAE, Online Review Courses, non-sponsored Webinars, and Virtual Workshops.

Access periods will change from 12 months to 6 months, as outlined below.

How the New Access Windows Work

• 1. Assignment & Redemption Window: Products must be assigned and redeemed within 6 months of the purchase date.
• 2. Access & Completion Window: Once redeemed, learners will have 6 months of access to use the product. This includes – Accessing learning content, Scheduling exams, Sitting exams (where applicable).

What This Means for You as a Learner

• Review Manuals – Learners will continue to have long‑term access
• QAE Databases & Online Review Courses – Available for 6 months after redemption
• Exams – Must be scheduled and completed within 6 months of redemption
• We recommend redeeming products promptly and planning your study and exam schedule early to make the most of your access period.