HomeCoursesCISM — Information Security Manager (Exam-Prep)

🛡️ CISM — Information Security Manager (Exam-Prep)

Independent exam-prep covering the public ISACA CISM four domains, with a management lens, original practice questions and a final exam.

Last updated: June 2026

An independent, free exam-preparation course that works through the publicly published ISACA CISM body of knowledge — its four management domains — with visual lessons, original self-check questions and a final exam. It teaches how to govern and manage information security, not how to hack. It is awareness/prep only and is not the official ISACA course or exam. It maps to ISACA CISM — 4 domains. The course is organized into 8 modules, ending with a final exam (pass mark 70%). It is independent, free exam-preparation training — not an official or accredited review course.

What you'll learn

  • Information Security Governance I — Strategy & Alignment
  • Information Security Governance II — Roles, Metrics & Compliance
  • Information Risk Management I — Assessment
  • Information Risk Management II — Treatment & Monitoring
  • Information Security Program I — Development & Architecture
  • Information Security Program II — Operations & Third Party
  • Incident Management I — Planning & Response
  • Incident Management II — Recovery & Improvement

Learning objectives

  • Understand that this is independent CISM exam-prep over the public body of knowledge, not the official ISACA course or exam
  • Name the four CISM domains and their approximate exam weighting, and the management responsibility each carries
  • Align an information security strategy and governance model to business goals, risk appetite and risk tolerance
  • Run information risk management — identify, assess, evaluate and treat risk, then report and monitor residual risk
  • Develop, resource and operate a security program — architecture, controls, metrics, awareness and third-party oversight
  • Lead incident management — prepare, detect, classify, contain, eradicate, recover and capture lessons learned
  • Apply key control frameworks (NIST CSF, ISO/IEC 27001), recovery objectives (RTO/RPO) and the ISACA Code of Professional Ethics
  • Sit a 10-question exam-style final (80% to pass) built from original questions spanning all four domains