🛡️ CISM — Information Security Manager (Exam-Prep)
Independent exam-prep covering the public ISACA CISM four domains, with a management lens, original practice questions and a final exam.
Last updated: June 2026
An independent, free exam-preparation course that works through the publicly published ISACA CISM body of knowledge — its four management domains — with visual lessons, original self-check questions and a final exam. It teaches how to govern and manage information security, not how to hack. It is awareness/prep only and is not the official ISACA course or exam. It maps to ISACA CISM — 4 domains. The course is organized into 8 modules, ending with a final exam (pass mark 70%). It is independent, free exam-preparation training — not an official or accredited review course.
What you'll learn
- Information Security Governance I — Strategy & Alignment
- Information Security Governance II — Roles, Metrics & Compliance
- Information Risk Management I — Assessment
- Information Risk Management II — Treatment & Monitoring
- Information Security Program I — Development & Architecture
- Information Security Program II — Operations & Third Party
- Incident Management I — Planning & Response
- Incident Management II — Recovery & Improvement
Learning objectives
- Understand that this is independent CISM exam-prep over the public body of knowledge, not the official ISACA course or exam
- Name the four CISM domains and their approximate exam weighting, and the management responsibility each carries
- Align an information security strategy and governance model to business goals, risk appetite and risk tolerance
- Run information risk management — identify, assess, evaluate and treat risk, then report and monitor residual risk
- Develop, resource and operate a security program — architecture, controls, metrics, awareness and third-party oversight
- Lead incident management — prepare, detect, classify, contain, eradicate, recover and capture lessons learned
- Apply key control frameworks (NIST CSF, ISO/IEC 27001), recovery objectives (RTO/RPO) and the ISACA Code of Professional Ethics
- Sit a 10-question exam-style final (80% to pass) built from original questions spanning all four domains