CISM Preparation Made Simple


Stop drowning in study materials. Our upcoming MasterClass guides you through exactly what you need to know—from the creators of the highly successful CISSP and CCSP MasterClasses.

  • Clear, focused preparation - know exactly what to study and when
  • Learn from instructors with over 45 years of combined security experience
  • Interactive system that adapts to identify and fill your knowledge gaps
  • Proven teaching approach that has helped thousands pass their security certification exams

Let us know if you’d like to be notified when our CISM MasterClass launches


Be the first to know when our CISM MasterClass launches and get exclusive early-bird pricing.

Getting CISM certified can feel overwhelming. Most study materials dump endless technical details on you, missing the crucial management perspective the exam actually tests. You end up studying too much of the wrong things, and not enough of what matters.

This is why we created the CISM MasterClass. Here's what you'll get when you enroll:

Focused video lessons that align with exam objectives


Clear, concise lessons that break down complex management concepts into understandable segments. Each video focuses on specific CISM topics, helping you grasp the management perspective the exam requires.

Image of CISM practice questions - Destination Certification

Interactive practice questions that mirror the actual exam style


Practice with questions that feel like the real thing. CISM questions often have multiple technically correct answers, but require you to choose the best management-level response. Our questions help you develop this critical thinking approach.

Mobile flashcard app for on-the-go learning


Master essential security management terms and concepts wherever you are. Our flashcard app connects to your MasterClass account, focusing on areas where you need the most practice.

Image of CISM flashcard app - Destination Certification
Image of CISM live Q & A - destination Certification

Live Q&A sessions with experienced instructors


Get your questions answered by security managers who've been there. Our weekly sessions help you understand how to apply concepts in real-world scenarios—exactly what the CISM exam tests.

Intelligent study system that adapts to your progress


Our system learns what you know and what you don't, creating a personalized study path that evolves with you. Focus your time on areas that need the most attention across all four CISM domains.

image of intelligent study system for CISM class - Destination Certification

Strategic Learning, Precisely Aligned

The MasterClass follows the exact CISM exam outline. We don't just cover the four domains—we emphasize the management-level concepts that the exam actually tests. This means you'll learn exactly what you need to succeed, from governance to incident management, with no time wasted on irrelevant details.

Domain 1: Information Security Governance (17%)

Learn to align security strategy with organizational goals and establish
effective governance frameworks.

A–ENTERPRISE GOVERNANCE

1

Organizational Culture

2

Legal, Regulatory and Contractual Requirements

3

Organizational Structures, Roles and Responsibilities

B–INFORMATION SECURITY STRATEGY

Information Security Strategy Development

1

Information Governance Frameworks and Standards

Legal and regulatory issues that pertain to information security in a holistic context

2

Strategic Planning (e.g., Budgets, Resources, Business Case)

Requirements for investigation types

Domain 2: Information Risk Management (20%)

Master the skills to identify, analyze, and manage enterprise information security risks.

A–INFORMATION SECURITY RISK ASSESSMENT

1

Emerging Risk and Threat Landscape

2

Vulnerability and Control Deficiency Analysis

3

Risk Assessment and Analysis

B–INFORMATION SECURITY RISK RESPONSE

1

Risk Treatment / Risk Response Options

Legal and regulatory issues that pertain to information security in a holistic context

2

Risk and Control Ownership

Requirements for investigation types

3

Risk Monitoring and Reporting

Requirements for investigation types

Domain 3: Information Security Program Development (33%)

Develop and maintain a comprehensive security program that protects your organization's assets

A–INFORMATION SECURITY PROGRAM DEVELOPMENT

1

Information Security Program Resources (e.g., People, Tools, Technologies)

2

Information Asset Identification and Classification

3

Industry Standards and Frameworks for Information Security

4

Information Security Policies, Procedures and Guidelines

5

Information Security Program Metrics

B–INFORMATION SECURITY PROGRAM MANAGEMENT

1

Information Security Control Design and Selection

Legal and regulatory issues that pertain to information security in a holistic context

2

Information Security Control Implementation and Integrations

Requirements for investigation types

3

Information Security Control Testing and Evaluation

Requirements for investigation types

4

Information Security Awareness and Training

Requirements for investigation types

5

Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)

Requirements for investigation types

6

Information Security Program Communications and Reporting

Requirements for investigation types

Domain 4: Information Security Incident Management (30%)

Build and lead effective incident response strategies from preparation to recovery

A–INCIDENT MANAGEMENT READINESS

1

Incident Response Plan

2

Business Impact Analysis (BIA)

3

Business Continuity Plan (BCP)

4

Disaster Recovery Plan (DRP)

5

Incident Classification/Categorization

6

Incident Management Training, Testing and Evaluation

B–INCIDENT MANAGEMENT OPERATIONS

1

Incident Management Tools and Techniques

Legal and regulatory issues that pertain to information security in a holistic context

2

Incident Investigation and Evaluation

Requirements for investigation types

3

Incident Containment Methods

Requirements for investigation types

4

Incident Response Communications (e.g., Reporting, Notification, Escalation)

Requirements for investigation types

5

Incident Eradication and Recovery

Requirements for investigation types

6

Post-Incident Review Practices

Requirements for investigation types

Be the First in Line

Join our waitlist today to secure exclusive early access pricing when we launch. We'll keep you updated on our progress and make sure you're ready when the MasterClass opens.

>