5-Day Instructor-Led Programme
The XCISM Certification Programme is the practitioner alternative to CISM — covering all four information security management domains: information security governance, information security risk management, information security programme development, and incident management. Assessed on Day 5 through a supervised security governance and programme design scenario — no multiple choice, no exam, no CPE renewal requirements.
Duration
5 Days
Price
$5,620
CISM is the leading information security management certification globally, with over 107,000 holders. It is a 150 multiple choice exam across four domains covering the management and governance of enterprise information security. The exam rewards knowledge of ISACA terminology and CISM-specific definitions — not demonstrated management capability. XCISM is built for security managers and programme leads who want to apply security governance, risk management, and programme design skills in real scenarios rather than MCQ recall.
Across five instructor-led days, XCISM covers all four CISM job practice domains as refreshed per the current ISACA outline: Information Security Governance (17%), Information Security Risk Management (20%), Information Security Programme (33% — the highest-weighted domain), and Incident Management (30%). The 2026 CISM exam content update is noted and where published, XCISM content will reflect it. Coverage aligns to how security managers actually perform these functions — not to the exam question bank.
On Day 5, participants navigate a security governance and programme development scenario for a simulated organisation facing new regulatory obligations. A senior practitioner with security management experience assesses the quality of governance decisions, risk management approach, and programme design. XCISM certificate and Practitioner Assessment Report issued. Aligned with ISO 27001:2022 (Clause 5/6/8/9), NIST CSF 2.0 Govern function, COBIT 2019, ISO 31000, NIS2, and DORA governance requirements.
Applied governance exercises: security strategy development, risk register design, security programme roadmap construction, incident management scenario, and regulatory compliance gap assessment.
Mentor-led sessions from experienced information security managers covering real governance decisions, risk acceptance challenges, programme investment justification, and board communication of security management outcomes.
Govern enterprise information security programmes across all four CISM domains — strategy alignment, risk management, programme delivery, and incident leadership — evidenced by a professional governance scenario assessment.
Design and govern enterprise information security programmes aligned to CISM job practice domains, ISO 27001:2022, and NIST CSF 2.0 Govern function
Develop security governance frameworks including policy architecture, board reporting structures, regulatory compliance governance, and security culture programmes
Apply qualitative and quantitative risk management methodology including FAIR, risk register design, and third-party risk governance
Lead information security programme design from capability maturity assessment through roadmap construction, investment governance, and KPI measurement
Govern incident management programmes including response governance, regulatory notification decision-making, and business continuity integration
Communicate information security programme performance to board-level audiences using metrics, maturity models, and risk language
Minimum 5 years of information security management experience with at least 3 years in a security management or programme leadership role
Working knowledge of at least two major security frameworks: ISO 27001, NIST CSF, COBIT, or equivalent governance frameworks
Experience with security risk management and/or security programme management at organisational level
Organized by professional domains with comprehensive coverage
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
Custom quotes for teams and organisations
We come to you. Training delivered at your workplace for teams of 6 or more.
Custom pricing based on:
No obligation. Response within 1 business day.
Classroom training at a professional venue. Ideal for focused, immersive learning.
Custom pricing based on:
No obligation. Response within 1 business day.
Combine online and in-person learning for maximum flexibility and impact.
Timeline tailored to learner availability
Custom pricing based on:
No obligation. Response within 1 business day.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of XCISM — Xcademia Information Security Management Practitioner , learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and recognised by employers across the UK defence and security sector.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
CISM is a 150 multiple choice exam across 4 domains. Beyond the $760 exam, CISM holders pay annual renewal fees and must earn 120 CPE credits every 3 years. XCISM is 5 instructor-led days covering all 4 CISM domains, assessed through a real governance and programme design scenario on Day 5. One price, no annual fees. The Practitioner Assessment Report documents applied governance capability.
Take the next step in your professional development