This course is a complete, structured study program for the ISACA Certified Information Security Manager (CISM) exam. Built domain by domain against the official CISM exam blueprint, it covers every topic area you need to understand before sitting for the exam — from information security governance and risk management through security program development and incident management. If you are a security manager, IT risk professional, GRC analyst, compliance officer, or IT leader targeting the CISM certification, this course gives you a study path you can follow from start to finish.
Domain 1 — Information Security Governance (17% of the exam) — covers the structures and processes that define how an organization governs information security. Topics include organizational culture and its influence on security outcomes, legal and regulatory requirements (GDPR, HIPAA, PCI DSS, SOX, GLBA, FERPA), contractual obligations, information security strategy development, governance frameworks (COBIT, ISO 27001, NIST CSF), the CISO reporting structure and organizational placement,
security steering committees, roles and responsibilities across business units, and aligning security strategy with enterprise objectives. You will understand how security governance translates business risk appetite into actionable policy and how the security manager bridges technical risk and executive decision-making.
