Certification ProgramsCISA & CISM CertifiicationsCISM SuperReview Exam Preparation

Online CISM exam preparation starting at only $49.95!
What is CISM^® certification, and what can it do for you?

Get your credential from ISACA as a Certified Information Security Manager (CISM)!

As organizations around the world tighten budgets and downsize workforces, it is now more important than ever to improve your résumé with a well-established and globally respected certification such as the Certified Information Security Manager (CISM) credential by Information Systems Audit and Controls Association (ISACA).

The Certified Information Security Manager (CISM) certification is a unique management focused certification that has been earned by over 10,000 professionals since its introduction in 2003. Unlike other security certifications, CISM is for the individual who manages, designs, oversees and assesses an enterprise's information security program. CISM defines the core competencies and international performance standards that those who have information security management responsibilities must master.

Let us help you pass your exam.

Click to take
the full tour!

We are so confident you will enjoy the value of this course, we want you to try it for free!

Certified Information Security's training has earned a world-wide reputation for providing everything you need to know for the exam, and delivering the passing score you strive for. The free on-line demonstration allows you to fully complete a real lesson and its corresponding practice exams. The full version available is available for immediate registration at our e-Learning Center.

The leading CISM exam preparation solution since 2006.

This is the absolute fastest and easiest method for preparing for the exam, and your success is guaranteed.

Get the same training over 750 CISM® candidates across the world have used to prepare for the rigorous CISM^®exam since 2007. With this web-based training, you will have 24x7 access to the most recognized and qualified CISM® preparation in the world. Personally prepared, constantly updated, and presented by #1 best-selling CISM® prep author Allen Keele, this course provides everything you need to be able to pass the CISM^® exam.

This training has earned a world-wide reputation for providing everything you need to know for the exam, and delivering the passing score you strive for.

You will learn everything you need to know with the knowledge gained from over 590 narrated screens, and 600 practice questions. Now with unlimited utilization available in your subscription, you can feel confident this training will give you what it takes to pass the CISM^® exam.

Click to take the full tour!

Updated again in February 2010! Now with 600 unique practice questions especially designed for the CISM^® exam!

What is in the course?

8 Modules of content thoroughly covering all 2010 CISM® exam objectives in all 5 CISM^® exam domains
- Information Security Governance (Supports exam objectives in ISACA's Information Security Governance exam domain)
- Risk Management (Supports exam objectives in ISACA's Information Risk Management exam domain)
  - IT Deployment Risks (Further supports exam objectives in ISACA's Information Risk Management exam domain)
  - IS Network and Telecommunications Risk (Further supports exam objectives in ISACA's Information Risk Management exam domain)
- Information Security Program Management (Supports exam objectives in ISACA's Information Security Program Development , and Information Security Program Management exam domains)
  - Managing the IT Function (Further supports exam objectives in ISACA's Information Security Program Development , and Information Security Program Management exam domains)
- Business Continuity, Disaster Recovery, and Incident Response (Supports exam objectives in ISACA's Incident Management & Response exam domain)
- Legal and Ethical Issues (Supports legislative, contractual, and other legal concerns as they apply throughout all exam domains)
52 Practice exams containing 600 unique non-redundant practice questions

How does the course work? What does it cost? Is it guaranteed? How do I purchase?

Enough reading already! We have fantastic web-based training, so why not just see it for yourself and let us teach you about it along the way? Try the tour now for free to see if it's the right solution for you.

Quick Facts

Last updated in February 2010. Updated twice yearly.
The only CISM^®Preparation that provides personal support from the globally published author of the training. Have questions? Talk to author Allen Keele now at our offices at +1 (904) 406-4311.
The only comprehensive on-line CISM^® training good enough to be backed by an exam-pass guarantee!
Subscriptions lasting 180 days are available now!

This training has been custom designed and published by the world's leading CISA and CISM examination certification preparation expert and author, Allen Keele. It is streamlined to focus ONLY on the exam-related information you need, so every minute you have to invest in preparation will be used efficiently. Its special structure and presentation have been proven to take the guesswork out of your preparation. There is simply no faster way to prepare for your CISM examination.

Why wait to start preparing for the exam? This is the #1 CISM exam preparation method used by CISM exam candidates around the globe since 2007. It's backed by an exam-pass guarantee, and you can start your training immediately. Right now.

Continuing Professional Education (CPE) Credit: Upon course completion, we will provide you with access to a certificate and transcript for 40 continuing professional education (CPE) credits. Once you have earned your CISM credential, you need to earn 40 CPE credits per year. This is a very flexible and affordable solution for maintaining your certification.

The United States Department of Defense (US DoD) Directive 8570.01-M is a set of guidelines and procedures for the training, certification, and management of the DoD Information Assurance (IA) workforce conducting Information Assurance (IA) functions. According to the DoD Directive 8570 IAT FAQ, the long-term goal of DoD 8570.01 is the creation of a sustained, professional Information Assurance workforce possessing the knowledge and skills to effectively prevent and respond to attacks against DoD information, information systems, and information infrastructures. All DoD organizations must comply the requirements of this directive in order to put the right people with the right skills in the right place. One way DoD 8570.01 prepares the IA workforce is by specifically requiring every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system–regardless of job series or occupational specialty–to obtain a commercial certification credential that has been accredited by the ISO/IEC.

So if you work for the DoD, or are looking for DoD work, what certifications should you have? And what does 8570.01 mean to people who are already certified? First of all, if you are already a member of the DoD IA workforce, or are employed by a DoD contractor, the actual steps you will follow to comply with 8570.01 can be found here. You will be provided guidance from your Information Assurance Manager (IAM) on the certification(s) you need for your current position and level. There should be no guesswork in this for you. If you are looking to make yourself a more attractive hiring prospects to a DoD entity, or you just like to collect highly-recognized certifications, you’ll need some additional information about the certification that the DoD has judged to be worthwhile and why. To start, DoD 8570.01 specifically defines certification as:

“Recognition given to individuals who have met predetermined qualifications set by an agency of government, industry, or profession. Certification provides verification of individuals’ knowledge and experience through evaluation and approval based on a set of standards for specific profession or occupations’ functional job levels. Each certification is designed to stand on its own, and represents a certified individual’s mastery of a particular set of knowledge and skills.” – DoD Directive 8570.01-M

So earning a certification is a way for an individual to prove that he or she has a certain mastery of a particular set of knowledge and skills. Sort of like passing one or two college classes in a particular subject. However, just any IT certification is not acceptable under DoD 8570.01. To be approved by the DoD, an IA workforce certification must be accredited under ISO/IEC Standard 17024:2003 or an equivalent accepted standard. ISO/IEC 17024 is an international standard that defines a criteria for organizations creating a certification program to certify individual people. Here are the accredited IT certifications currently recognized in DoD 8570.01-M:

Certification Provider	Certification Name
CMSEI	Computer Security Incident Handler (CSIH)
CompTIA	A+ Network+ Security+
EC-Council	Certified Ethical Hacker(CEH)
(ISC)²	Certification and Accreditation Professional (CAP) Certified Information Systems Security Professional (CISSP) (or CISSP Associate) Information Systems Security Architecture Professional (CISSP-ISSAP) Information Systems Security Engineering Professional (CISSP-ISSEP) Information Systems Security Management Professional (CISSP-ISSMP) System Security Certified Practitioner (SSCP)
ISACA	Certified Information Security Manager (CISM) Certified Information Security Auditor (CISA)
Microsoft Corporation	Microsoft Certified System Administrator: Security (MCSA Security)
SCP	Security Certified Network Professional (SCNP) Security Certified Network Architect (SCNA)
The SANS Institute	GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Security Expert (GSE) GIAC Security Essentials Certification (GSEC) GIAC Security Leadership Certificate (GSLC) GIAC Systems and Network Auditor (GSNA) GIAC Information Security Fundamentals (GISF)

Certified Information Security provides proven and guaranteed exam preparation training for ISACA's CISA and CISM certifications described in the table above.
But What Certification(s) Should I Get?

Now, after all this, if you still want or need certification compliant with DoD 8570.01, which certification(s) should you get? That depends on your functional role within the IA workforce.

The IA workforce is split into two major categories: IA Technical and IA Management, with each category being divided into three levels: I, II, and III. Each category and level has a specific set of job requirements that define the role that a DoD employee performs and the personnel requirements for a position at a specific level.

The following chart shows which commercial, ISO-approved IT certifications may be used to meet baseline IA workforce requirements for certified personnel performing IA functions. Only one certification listed at each level and category need be attained to meet the certification requirement for that level:

IAT Level I	IAT Level II	IAT Level III
A+ Network+ SSCP	GSEC Security+ SCNP SSCP	CISA GCIH CISSP (or Associate) GSE SCNA
IAM Level I	IAM Level II	IAM Level III
CAP GISF GSLC Security+	CAP GSLC CISM CISSP (or Associate)	GSLC CISM CISSP (or Associate)

CND Analyst	CND Infrastructure Support	CND Incident Responder	CND Auditor	CND-SP Manager
GCIA CEH	SSCP CEH	GCIH CSIH CEH	CISA GSNA CEH	CISSP-ISSMP CISM

IASAE I	IASAE II	IASAE III
CISSP (or Associate)	CISSP (or Associate)	CISSP-ISSEP CISSP-ISSAP

So pick your category and level and there are your cert choices. If you are looking to get the fewest number of certs that will cover the most bases on this chart, it looks like having the Security+, SSCP, and CISSP will do just that. And, as someone who has all of these certs, I can tell you they aren’t bad ones to have, regardless if you have a DoD job or not. But will already having several of these certifications help you get a job with the U.S. DoD or with a U.S. defense contractor? Probably so. Most hiring managers prefer to hire people who already have the necessary certifications rather than spend the money in my departmental training budget to get new people certified. Job candidates who already have certifications also likely come with more InfoSec work experience than non-certified candidates. But getting a few certifications isn’t all there is to it. To maintain certification status, a regular schedule of continuous learning by IA workforce personnel is also mandated of by 8570.01. Even if you plan on retaking your certification exam(s) every three years, on-going education is still required. And when it comes to protecting DoD information systems, there’s nothing bad about that. Most of the courses offered at Certified Information Security provide CPE credit and associated certificates of achievement that can be used to fulfill ongoing continuing education requirements.

How can Certified Information Security help me?

Certified Information Security provides proven and guaranteed exam preparation training for ISACA's CISA and CISM certifications described in the table above.

References

International Accreditation Forum, Inc. (2004). IAF Guidance on the Application of ISO/IEC 17024:2003. Retrieved from http://www.compad.com.au/cms/iaf/workstation/upFiles/228543.IAF-GD24-2004_Guidance_on_ISO_17024_Pub.pdf
Information Assurance Support Environment. (June 17, 2009). DoD Directive 8570 Information Assurance Training, Certification and Workforce Management, Frequently Asked Questions. Retrieved from http://iase.disa.mil/policy-guidance/8570_faq_6_12_09.doc
United Stated Department of Defense. (May 15, 2008). DoD 8570.01-M Information Assurance Workforce Improvement Program. Retrieved from http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf

Allen Keele, CEO of Certified Information Security

My guarantee to you.

Preparing for ISACA's CISM exam is serious business. Getting the certification will work miracles for your career, but the certification exam is expensive, quite difficult to prepare for, and is only offered twice per year. Failing the exam only once means you waste at least $500 in exam registration fees, not to mention the opportunity cost of not having the certification on your resumé for another six months. This is an exam you want to pass the first time.

This is where I can help you. If you are willing to do the work, and follow my mentoring and instruction, I can guarantee you will pass your exam on the very next exam proctoring after your purchase of my CISM^® SuperReview web-based training. If you purchase our complete all-inclusive CISM certification package including all CISA SuperReview course modules and exams, Certified Information Security guarantees that if you do not pass the ISACA exam for the Certified Information Security Manager (CISM^®) within 6 months after purchasing our CISM^® SuperReview web-based training, Certified Information Security will provide the registered student access to a normal subscription of the same training within 6 months of your original purchase at no extra charge. This guarantee only applies to purchases of the complete CISM SuperReview training package including all course modules and practice exams. After all, it is impossible to guarantee your success if you only purchase part of the complete training solution.

To take advantage of this guarantee, simply forward your ISACA notification of failure within 75 days of sitting the exam to guarantee@certifiedinfosec.com. Customer service will contact you within 5 business days to arrange for your complimentary training.

Click here to shop online now.

Begin by accessing our e-Learning Center and selecting the web-based training product you wish to purchase.

If you have not purchased before, you will need to register with our campus before proceeding to purchase.
Complete your purchase for your account.
Once you complete the transaction, your subscription is available for immediate access when purchasing by credit card, or upon receipt of payment when purchasing with electronic funds transfer.
You will immediately receive your purchase invoice receipt via e-mail from our e-commerce system.

Step 2: Even if the on-line tour worked for you with no problems, please be sure to update your computer's browser and Adobe Flash prior to attempting to access your course. Check your Adobe Flash Player installation, and update if necessary by clicking here: http://www.adobe.com/software/flash/about/.

content