In this 4 day CISM ® Preparation Course, you will be trained by a trainer of FORFA Academy with many years (20 +) of experience in the total field of information security.

The CISM ® Preparation Course will be given in the English language. On ask, we can deliver German or Dutch speaking trainers, though the course material and CISM certificate test is in English.

After completing the CISM ® Preparation Course, you will have:

  • a thorough knowledge and understanding of all CISM ® domains
  • you are fully prepared for the International CISM ® exam. (not included)

The CISSP ® preparation training consists of a 4 day classroom training.

Target audience

This course is designed for students who have to deal with information security aspects in their organization and need more thorough knowledge e.g.

  • Consultants information security
  • Security managers
  • Coordinators information security
  • IT auditors

Basic knowledge of information security is recommended, not needed.

In class, there is enough time to understand the goal of CISM®.

Good understanding of the English language is essential.

Day 1

Module 1 – Information Security Governance

Handles the organization of the organization and management of the information security function within the organization. This includes: determining information security goals (in measurable terms), determining roles and responsibilities, describing the current and desired situation, conducting a gap analysis that leads to a strategy to achieve the desired situation, as well as translation thereof to an action plan for information security; to work!


Module 2 – Information Risk Management and Compliance

Provides insight into the formulation of a risk management strategy, associated roles and responsibilities, determination of the risk management framework, risk gap analysis, risk assessment and treatment options, integration with life cycle processes, working with baseline measures, as well as risk monitoring and communication.

Day 3

Module 3 – Information Security Program Development and Management

Concerns the translation of the action plan made in module 1 into an information security program: determining program objectives, scope of the program, performing gap analysis of the current and desired situation with regard to the development and management of an IT program, attention to IT architectures, management tasks, operational aspects of the program – implementation, the interest of third parties, types of measures that can be implemented, as well as program metrics and monitoring to monitor the progress of program implementation.


Module 4 – Information Security Incident Management

And what if it unexpectedly goes wrong, if an incident turns into a disaster? Incident response goals and procedures must be developed, an incident response team that is competent and trained, also incident response plans, disaster recovery plans and procedures. These plans must be tested extensively. We have thought about fall-back sites (hot, hot, cold, etc.) and the desired recovery times have been determined, so that the business can be operational again on time. And after a disaster, various post-incident activities take place, such as securing evidence and tracing the root cause of the disaster.