Certified Information Systems Security Manager (CISSM)

Certification Overview

Certified Information Systems Security Manager (CISSM)

Exam Code: CISSM-001

Certified Information Systems Security Manager (CISSM)® is unique in the information security credential marketplace because it is designed specifically and exclusively for individuals who have experience managing an information security program. The certification has been renowned as the globally recognized achievement for those who have experience managing an information security program.

The certification is designed for professionals responsible for establishing, managing, and governing enterprise-wide information security programs. It focuses on aligning security initiatives with business objectives, ensuring effective risk management, and implementing robust governance frameworks. CISSM emphasizes a managerial and strategic perspective, enabling candidates to design security policies, oversee security operations, and ensure compliance with legal, regulatory, and industry standards.

The Certification is a unique credential in information security as it is designed specifically for individuals who have experience managing an information security program.

Benefits

  • There are many reasons to achieve this certification:
  • Worldwide recognition as an information security manager
  • Understand how to govern information security
  • Understand how to develop & manage an information security program
  • Understand how to manage incidents
  • Gain a better understanding of information risk management.
  • Provides the information security professional with an opportunity to build upon existing credentials and provides tangible evidence of career growth.
  • Recognition of attainment of advanced job skills as required for an information security professional.
  • Provides access to valuable resources, such as peer networking and idea exchange

Course Duration: 30 to 35 Hours

Exam Information

The exam comprises of 100 questions out of which the candidate needs to score a percentage of 70% (70 out of 100) to pass the exam.

The total duration of the exam is 1 hour 30 minutes (90 Minutes).

  • The exam is conducted in AI-proctored mode and can be taken anytime, anywhere within an eight-month validity period.
  • Upon purchasing the Premium Package or an Exam Voucher Code, a voucher code with two attempts will be assigned to your login profile under the "My Vouchers" tab. You can then take the exam through the "My Exam(s)" tab in your profile. To take the exam, simply apply the voucher code.
  • The Exam Voucher included in the Premium Package or purchased separately is valid for two (2) attempts. If you are unable to pass the exam within these two attempts, you can purchase a new voucher code, which will grant you an additional two attempts.
  • Kindly Note: The voucher will not be valid for a second attempt if you pass the exam on your first attempt.

The Certified Information Systems Security Manager (CISSM)® is valid for 5 years, the candidate needs to re-certify once in 5 years to maintain the certification credentials.

CISSM® is a Registered Trademark of GAQM.

Note: The Certified Information Security Professional (CISSM)® Certification has no pre-requisites (Completion of an E-Course is not mandatory from GAQMBok portal), but we highly recommended doing the E-Course as maximum number of questions are drawn from the E-Course in the actual exam.

Download Sample Exam

Course Outline

Module 1 - Information Security Governance

  • Principles of information security governance
  • Alignment of security strategy with business objectives
  • Roles and responsibilities of security management
  • Security policies, standards, and procedures
  • Legal, regulatory, and compliance requirements

Module 2 - Risk Management

  • Risk management frameworks and methodologies
  • Risk identification, assessment, and analysis
  • Qualitative vs quantitative risk analysis
  • Risk treatment options (mitigate, transfer, accept, avoid)
  • Risk appetite and tolerance

Module 3 - Information Security Program Development

  • Building an information security program
  • Security program lifecycle
  • Budgeting and resource planning
  • Metrics and key performance indicators (KPIs)
  • Continuous improvement of security programs

Module 4 - Asset Management and Data Classification

  • Information asset identification
  • Data classification models
  • Data ownership and custodianship
  • Information lifecycle management
  • Data handling and retention requirements

Module 5 - Security Architecture and Controls

  • Information asset identification
  • Data classification models
  • Data ownership and custodianship
  • Information lifecycle management
  • Data handling and retention requirements

Module 5 - Security Architecture and Controls

  • Security architecture concepts
  • Defense-in-depth strategy
  • Administrative, technical, and physical controls
  • Network, application, and endpoint security
  • Cloud and virtualization security fundamentals

Module 6 - Identity and Access Management (IAM)

  • Authentication and authorization models
  • Role-based and attribute-based access control
  • Privileged access management (PAM)
  • Identity lifecycle management
  • Single sign-on (SSO) and federation

Module 7 - Security Operations and Incident Management

  • Security monitoring and logging
  • Incident response lifecycle
  • Threat detection and analysis
  • Digital forensics fundamentals
  • Security operations center (SOC) function

Module 8 - Business Continuity and Disaster Recovery

  • Business impact analysis (BIA)
  • Business continuity planning (BCP)
  • Disaster recovery strategies
  • Backup and recovery mechanisms
  • Crisis management and communication

Module 9 - Vendor, Third-Party, and Cloud Risk Management

  • Third-party risk assessment
  • Contractual and SLA security requirements
  • Cloud shared responsibility model
  • Supply chain security risks
  • Ongoing vendor monitoring

Module 10 - Security Compliance, Audit, and Assurance

  • Security audits and assessments
  • Compliance frameworks 
  • Internal and external audit coordination
  • Security reporting to management
  • Continuous compliance monitoring

Download Brochure

Target Audience

  • CEO / CFO / CIO / CTO / CISO
  • IS / IT Specialist / Analyst / Manager
  • IS / IT Auditor / Consultant
  • IS / IT Head / Director
  • IT Operations Manager / Head / Director
  • IT Compliance Manager / Head / Director
  • Security Head / Director
  • Security Specialist / Analyst
  • Security Manager / Architect
  • Security Consultant / Professional
  • Security Officer / Engineer
  • Security Administrator
  • Security Auditor
  • Network Specialist / Analyst
  • Network Manager / Architect
  • Network Consultant / Professional
  • Network Administrator
  • Senior Systems Engineer
  • Systems Analyst
  • Systems Administrator

Registration Process for E-Course or E-Book and Exam

Premium Package
(E-Book Version)

  • E-Book Included
  • This package provides a voucher code granting eligibility for two (2) exam attempts.
  • Includes E-certificate and Digital Badge if you qualify in the exam.
  • E-Book Download Validity :
    40 Days
    ( Once the E-Book is downloaded, it remains valid for life. )
  • Price: 200 USD

Exam
Voucher

  • Validity: 240 Days
  • Price: 190 USD
  • Please Read Carefully:

    1) The Exam Voucher is valid for two (2) attempts.

    2) You will receive your voucher code within 24 business hours.

    3) Once you receive the voucher code, you can take the exam via the "My Exam(s)" tab in your login profile.

GAQM

Test-Takers

Policies & Disclosures

Follow Us

GAQM, All rights Reserved.
Copyright © 2026