CISM
Building the Foundation (Domain 1: Governance)
Saturday
Organizational Culture
Legal, Regulatory & Contractual Requirements
Organizational Structures, Roles & Responsibilities
Sunday
Information Security Strategy Development
Governance Frameworks & Standards
Strategic Planning (Budgets, Resources, Business Case)
Understanding Risk (Domain 2: Risk Management)
Saturday
Emerging Risk & Threat Landscape
Vulnerability & Control Deficiency Analysis
Risk Assessment & Analysis
Sunday
Risk Treatment / Response Options
Risk & Control Ownership
Risk Monitoring & Reporting
Program Development (Domain 3: Program – Part A)
Saturday
Program Resources (People, Tools, Technologies)
Information Asset Identification & Classification
Industry Standards & Frameworks
Sunday
Policies, Procedures & Guidelines
Program Metrics
Case Studies in Program Development
Program Management (Domain 3: Program – Part B)
Saturday
Control Design & Selection
Control Implementation & Integration
Control Testing & Evaluation
Sunday
Security Awareness & Training Programs
Managing External Services (Providers, Suppliers, Third Parties)
Program Communications & Reporting
Readiness for Incidents (Domain 4: Incident Management – Part A)
Saturday
Incident Response Plan
Business Impact Analysis (BIA)
Business Continuity Plan (BCP)
Sunday
Disaster Recovery Plan (DRP)
Incident Classification & Categorization
Incident Management Training, Testing & Evaluation
Incident Operations (Domain 4: Incident Management – Part B)
Saturday
Incident Management Tools & Techniques
Incident Investigation & Evaluation
Incident Containment Methods
Sunday
Incident Response Communications (Reporting, Notification, Escalation)
Incident Eradication & Recovery
Post‑Incident Review Practices
Integration & Exam Readiness
Saturday
Domain 1 & 2 Review (Governance + Risk)
Domain 3 Review (Program Development & Management)
Domain 4 Review (Incident Management)
Sunday
Full Mock Exam (Timed Practice)
Review of Weak Areas
Exam Strategy & Confidence Building