top of page
Training Course Page.webp

Certified Information Security Manager

CISM

Prepare for the globally recognized ISACA CISM certification. This course covers security governance, risk, program management, and incident response — all from a leadership lens.

Fees:

RM 9,000.00

Course duration:

4 days

HRDC Claimable Course.webp

Certified Information Security Manager (CISM) is an intensive, instructor-led certification program designed for IT and security professionals who are ready to transition from technical roles into information security management. The course focuses on aligning security strategy with business objectives, governance structures, and risk management frameworks at the enterprise level.


As organizations face increasing regulatory scrutiny and evolving cyber threats, information security leadership is no longer purely technical. Security managers are expected to communicate with executives, regulators, and business stakeholders while designing program that balance risk, compliance, and operational needs. This CISM course addresses that requirement by developing both strategic and managerial competencies.


Over four days, participants gain a deep understanding of the four CISM domains, supported by case studies, structured learning modules, and exam-focused preparation. The program goes beyond theory by explaining how governance decisions, risk assessments, and incident response plans translate into real-world business impact.


What learners will gain from this course:

  • A clear understanding of information security governance within enterprise structures

  • The ability to design and manage an information security programme

  • Practical skills to identify, assess, and manage information security risk

  • Knowledge to plan, respond to, and recover from security incidents

  • Improved confidence in engaging senior management and regulators

  • Preparation aligned with the CISM certification exam domains

Key learning areas include:

  • Information Security Governance

    • Aligning security strategy with enterprise governance

    • Understanding legal, regulatory, and contractual requirements

    • Applying governance frameworks, standards, and metrics

    • Integrating security strategy into enterprise risk management

  • Information Security Risk Management

    • Analyzing emerging threats and vulnerabilities

    • Conducting risk assessments and evaluating control deficiencies

    • Developing and monitoring risk treatment strategies

    • Communicating risk effectively to stakeholders

  • Information Security Program Development and Management

    • Building and maintaining an enterprise security program

    • Selecting and applying appropriate security frameworks and standards

    • Defining program roadmaps, metrics, and performance indicators

    • Integrating security with IT operations and third-party services

    • Driving security awareness and training initiatives

  • Information Security Incident Management

    • Designing incident response and management plans

    • Classifying, investigating, and containing incidents

    • Coordinating response, recovery, and post-incident reviews

    • Linking incident management to business continuity and disaster recovery

    • Measuring and improving response readiness through testing and metrics


This course is ideal for information security managers, mid-career professionals, and technical practitioners seeking leadership roles. It is also suitable for CISA or CISSP holders looking to broaden their managerial and governance-focused skill sets.


By the end of the program, participants will be equipped to lead information security initiatives, manage organizational risk effectively, and demonstrate the competencies required of a CISM-certified professional.

Training Course Modules

Module 1: Information Security Governance

Session Topics:

  • Enterprise Governance Overview

  • Organizational Culture, Structures, Roles and Responsibilities

  • Legal, Regulatory and Contractual Requirements

  • Information Security Strategy

  • Information Governance Frameworks and Standards

  • Strategic Planning

Learning Objectives:

  • Describe the role of governance in creating value for the enterprise.

  • Explain the importance of information security governance in the context of overall enterprise governance.

  • Describe the influence of enterprise leadership, structure, and culture on the effectiveness of an information security strategy.

  • Identify the relevant legal, regulatory, and contractual requirements that impact the enterprise.

  • Describe the effects of the information security strategy on enterprise risk management.

  • Evaluate the common frameworks and standards used to govern an information security strategy.

  • Explain why metrics are critical in developing and evaluating the information security strategy.

Resources:

  • Information Security Program Governance Objectives and Outcomes

  • Common Roles in the Enterprise

  • Example RACI Chart

Module 2: Information Security Risk Management

Session Topics:

  • Emerging Risk and Threat Landscape

  • Vulnerability and Control Deficiency Analysis

  • Risk Assessment, Evaluation and Analysis

  • Information Risk Response

  • Risk Monitoring, Reporting and Communication

Learning Objectives:

  • Apply risk assessment strategies to reduce the impact of information security risk.

  • Assess the types of threats faced by the enterprise.

  • Explain how security control baselines affect vulnerability and control deficiency analysis.

  • Differentiate between application of risk treatment types from an information security perspective.

  • Describe the influence of risk and control ownership on the information security program.

  • Outline the process of monitoring and reporting information security risk.

Resources:

  • Vulnerabilities and Threats

  • Operational Risk Categories

  • Risk Register Example

  • Risk Report Example

  • Risk Scenario Technique Main Issues

  • Typical Risk Management Documentation

  • Risk Communication Plan


Module 3: Information Security Program Development and Management

Session Topics:

  • IS Program Development and Resources

  • IS Standards and Frameworks

  • Defining an IS Program Road Map

  • IS Program Metrics

  • IS Program Management

  • IS Awareness and Training

  • Integrating the Security Program with IT Operations

  • Program Communications, Reporting and Performance Management

Learning Objectives:

  • Outline the components and resources used to build an information security program.

  • Distinguish between common IS standards and frameworks available to build an information security program.

  • Explain how to align IS policies, procedures, and guidelines with the needs of the enterprise.

  • Describe the process of defining an IS program road map.

  • Outline key IS program metrics used to track and report progress to senior management.

  • Explain how to manage the IS program using controls.

  • Create a strategy to enhance awareness and knowledge of the information security program.

  • Describe the process of integrating the security program with IT operations and third-party providers.

  • Communicate key IS program information to relevant stakeholders.

Resources:

  • Information Security Program Governance Objectives and Outcomes

  • Alternate Enterprise Architecture Frameworks

  • Policies, Standards, Procedures and Guidelines

  • Security Program Components Checklist

  • Information Security Framework Components

  • Technical Control Components and Architecture

  • Contract Points

  • Information Security Liaison Responsibilities

  • Types of Security Issues

  • Measuring Information Security Program Performance

  • Information Security Program Management Evaluation Questions

Module 4: Information Security Incident Management

Session Topics:

  • Incident Management and Incident Response Overview

  • Incident Management and Response Plans

  • Incident Classification/Categorization

  • Incident Management Operations, Tools, and Technologies

  • Incident Investigation, Evaluation, Containment and Communication

  • Incident Eradication, Recovery and Review

  • Business Impact and Continuity

  • Disaster Recovery Planning

  • Training, Testing and Evaluation

Learning Objectives:

  • Distinguish between incident management and incident response.

  • Outline the requirements and procedures necessary to develop an incident response plan.

  • Identify techniques used to classify or categorize incidents.

  • Outline the types of roles and responsibilities required for an effective incident management and response team.

  • Distinguish between the types of incident management tools and technologies available to an enterprise.

  • Describe the processes and methods used to investigate, evaluate and contain an incident.

  • Identify the types of communications and notifications used to inform key stakeholders of incidents and tests.

  • Outline the processes and procedures used to eradicate and recover from incidents.

  • Describe the requirements and benefits of documenting events. • Explain the relationship between business impact, continuity and incident response.

  • Describe the processes and outcomes related to disaster recovery.

  • Explain the impact of metrics and testing when evaluating the incident response plan.

Resources:

  • Incident Management Action Plan Phases

  • Developing an Incident Response Plan

  • SEU-CMU Action Plan Phases

  • Types of Insurance and Coverage

  • Types of Recovery Sites

  • Legal Aspects of Forensic Evidence


Step up from security technician to strategic security leader.

Learn how to govern, build, and manage enterprise-grade security programs.

Become the trusted CISM-certified professional who speaks the language of business and security.

Course Overview

Information security management is more than just firewalls — it’s about aligning IT risk with business strategy, building effective security programs, and managing incidents across the enterprise.


This 4-day instructor-led course is designed for IT professionals preparing for the ISACA CISM (Certified Information Security Manager) exam. Covering security governance, risk management, program design, and incident response, the course blends strategy with compliance, real-world case studies, and hands-on decision-making.


You’ll gain the leadership mindset required to manage complex security operations while preparing for one of the most respected credentials in the cybersecurity industry.

Learning Objectives

  • Aligning security strategy with enterprise governance

  • Building and managing security programs

  • Performing risk assessments and treatment

  • Creating and executing incident response plans

  • Managing compliance, audit, and regulatory frameworks

  • Measuring security performance using metrics

  • Leading security teams and reporting to senior leadership

Who Should Attend

  • IT professionals moving into leadership or management roles

  • Security managers, architects, and engineers seeking certification

  • CISSP, CISA holders expanding into security program governance

  • Mid-career professionals pursuing ISACA’s CISM credential

Prerequisites

  • Minimum 5 years in information security, with at least 3 years in a management role

  • Experience waivers may apply for up to 2 years based on qualifications (per ISACA guidelines)

Course Modules

Module 1: Information Security Governance

  • Governance structures, roles, compliance, strategic planning, frameworks, and legal obligations.


Module 2: Information Security Risk Management

  • Threat landscape, vulnerability analysis, risk assessments, treatment options, and reporting.

Module 3: Security Program Development and Management

  • Program roadmaps, frameworks, integration with IT ops, stakeholder comms, and performance tracking.


Module 4: Incident Management

  • Response plans, classification, containment, forensics, disaster recovery, and continuity planning.

Public Class Details

Professional Outcomes

This certification supports roles such as Information Security Manager, IT Risk Leader, Cybersecurity Program Director, or GRC Consultant — high-impact positions trusted with securing the enterprise.

Certification Details

Overview

As a candidate for this certification, you:

  • Align security practices with organizational strategy and compliance

  • Evaluate, design, and manage security programs and controls

  • Perform risk assessments and implement risk treatment plans

  • Lead incident response efforts including recovery and stakeholder communication

  • Operate within global standards and governance frameworks


You are expected to be proficient in:

  • Security governance, policy development, and leadership

  • Risk analysis, audit alignment, and metrics

  • Regulatory requirements and enterprise security architecture

  • Crisis communication and incident forensics


Skills Measured

  • Information Security Governance

  • Information Security Risk Management

  • Information Security Program Development & Management

  • Incident Management & Response


Certification Logistics

  • Certification Body: ISACA

  • Exam Code: CISM

  • Format: 150 multiple-choice questions

  • Duration: 4 hours

  • Passing Grade: 70%

  • Delivery: Online proctored or at PSI testing centers

Frequently Asked Questions

Is this course aligned with the latest ISACA CISM exam?

Yes. The content covers all four CISM domains as defined in the current ISACA exam outline.

Do I need security technical experience?

Management-level experience is more relevant than hands-on technical work for CISM.

Is this more strategic or hands-on?

Strategic. The course focuses on governance, risk, and leadership — not technical configurations.

Can I claim CPEs for this course?

Yes. You can apply the training hours as CPEs toward ISACA or other certifications.

Is this course HRDC claimable?

Yes. Fully HRD Corp claimable for Malaysian employers.

Can I organize this for my IT/security team?

Yes. GemRain offers private and virtual sessions for corporate training.

Do I get a certificate of attendance?

Yes.


Contact Us

Enquiring as:

Successfully submitted. We will contact you soon.

bottom of page