All Episodes
Displaying 1 - 30 of 71 in total
Episode 1: Welcome to the CISM Certification – Overview and Benefits
Thinking about becoming a Certified Information Security Manager? This episode is your official onboarding to the CISM journey. We explain what CISM measures, who it’s...
Episode 2: Understanding the Exam – Domains, Structure, and Study Strategies
To pass the CISM exam, you need more than flashcards—you need a strategy. In this episode, we explain how the exam is structured, how domain weight affects your study ...
Episode 3: CISM vs. CISSP vs. CRISC – Choosing Your Certification Path
Confused about which certification is right for your career goals? In this episode, we compare the CISM with CISSP and CRISC to help you decide. You’ll learn how each ...
Episode 4: Essential Skills and Experience for CISM Candidates
Before you apply for the exam, make sure you qualify. This episode explains ISACA’s professional experience requirements, including the five-year minimum, domain cover...
Episode 5: Building a Personalized CISM Study Plan
A solid study plan can make all the difference. In this episode, we help you build a realistic, customized CISM prep schedule that aligns with your experience, goals, ...
Episode 6: Test-Taking Strategies and Exam-Day Tips for Success
Even well-prepared candidates can trip up on exam day. This episode walks you through proven test-taking strategies including time management, scenario analysis, answe...
Episode 7: Organizational Culture and Its Impact on Security
Domain 1 begins here. In this episode, we explore how organizational culture influences security behavior, policy adoption, and governance success. You’ll learn how to...
Episode 8: Legal and Regulatory Compliance Essentials
Compliance is a core topic in Domain 1 and a frequent source of exam questions. This episode breaks down the distinctions between laws, regulations, and contractual ob...
Episode 9: Contractual Requirements and Security Agreements
Security responsibilities often extend to third-party contracts. In this episode, we explain how SLAs, NDAs, MOUs, and security addendums play a role in governance and...
Episode 10: Organizational Structures, Roles, and Responsibilities in Security Governance
CISM candidates must know how security fits into the broader enterprise structure. This episode covers how roles, responsibilities, and reporting lines are assigned, d...
Episode 11: Developing an Effective Information Security Strategy
CISM Domain 1 emphasizes the creation of business-aligned security strategies. In this episode, we walk through the core elements of an effective security strategy—fro...
Episode 12: Overview of Major Governance Frameworks (COBIT, ISO, NIST)
Expect questions about governance frameworks on the CISM exam. This episode introduces COBIT, ISO 27001/27002, and the NIST Cybersecurity Framework. We explain how eac...
Episode 13: Deep Dive into COBIT Framework
COBIT is more than just a buzzword—it’s a cornerstone of enterprise governance. In this episode, we explore COBIT’s structure, goals cascade, governance vs. management...
Episode 14: Deep Dive into ISO 27001 and ISO 27002
ISO 27001 and ISO 27002 show up frequently on the CISM exam. This episode covers their purpose, structure, and use in implementing and managing an Information Security...
Episode 15: Deep Dive into NIST Cybersecurity Framework (CSF)
The NIST CSF is another framework CISM candidates must understand. In this episode, we explain the five core functions—Identify, Protect, Detect, Respond, Recover—and ...
Episode 16: Strategic Planning Essentials – Budgets, Resources, and the Business Case
Security managers must think like business leaders. This episode focuses on how to plan strategically: building security budgets, aligning resources with business prio...
Episode 17: Current Cyber Threat Landscape
CISM Domain 2 begins here—with risk identification. This episode explores common and emerging threats, including ransomware, insider risk, APTs, and supply chain compr...
Episode 18: Identifying and Managing Emerging Risks (AI, Quantum, IoT)
Emerging tech means evolving risk. In this episode, we cover how technologies like AI, IoT, and quantum computing introduce new security threats—and what CISM candidat...
Episode 19: Conducting Vulnerability and Control Deficiency Analysis
Risk management starts with understanding where you’re weak. This episode teaches you how to identify control gaps and vulnerabilities, distinguish between the two, an...
Episode 20: Quantitative vs. Qualitative Risk Assessment
Understanding how to evaluate risk is a CISM must-have. In this episode, we break down qualitative and quantitative assessment methods—including likelihood, impact, an...
Episode 21: Conducting Effective Risk Analysis Workshops
CISM candidates must know how to facilitate cross-functional risk workshops. In this episode, we walk through the process—from identifying participants and setting obj...
Episode 22: Risk Mitigation and Acceptance Strategies
When risks can't be eliminated, they must be managed. This episode covers the two most frequently used risk treatment options: mitigation and acceptance. Learn how to ...
Episode 23: Risk Transfer and Avoidance Strategies
Sometimes the best risk response is walking away—or handing it off. This episode focuses on transferring and avoiding risk, from insurance and outsourcing to project t...
Episode 24: Establishing Risk and Control Ownership
Ownership is essential to accountability. In this episode, we explain how to assign ownership for risks and controls, and how to ensure those responsibilities are clea...
Episode 25: Best Practices in Risk Monitoring and Reporting
CISM exam scenarios often involve risk communication. This episode covers how to monitor risks over time and report findings in ways that drive decision-making. You'll...
Episode 26: Staffing and Managing Security Teams
Domain 3 covers security program development—and that includes managing people. In this episode, we examine how to build and lead an effective security team, define ro...
Episode 27: Selecting and Implementing Security Tools and Technologies
Technology supports security—but strategy drives selection. This episode helps you evaluate tools based on business needs, risk reduction, and operational fit. You’ll ...
Episode 28: Information Asset Identification and Classification Fundamentals
CISM professionals must protect what matters most. This episode covers how to identify, categorize, and classify information assets, including systems, data, and servi...
Episode 29: Applying Industry Standards and Frameworks to Your Security Program
Domain 3 expects you to apply security frameworks—not just memorize them. In this episode, we explain how to align your program with standards like ISO 27001, NIST SP ...
Episode 30: Developing Effective Security Policies
Every security program is built on policy. In this episode, we cover how to draft policies that support governance, define behavior, and reflect organizational risk ap...
