Certified: The CISM Audio Course
Episodes
Welcome to the ISACA CISM
14 Oct 2025
Contributed by Lukas
Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world ...
Episode 71: Continuous Improvement through Post-Incident Reviews and Risk Reassessment
06 Jul 2025
Contributed by Lukas
Mature security programs improve over time. In this final episode, we explain how to lead post-incident reviews, implement lessons learned, and reasse...
Episode 70: Supervising Risk Treatment and Continuous Monitoring
06 Jul 2025
Contributed by Lukas
Managing risk doesn’t stop with one decision. In this episode, we explore how to supervise treatment activities (mitigation, transfer, acceptance) a...
Episode 69: Supervising Risk Identification and Assessment
06 Jul 2025
Contributed by Lukas
CISM-certified professionals must oversee—not just conduct—risk assessments. This episode covers how to supervise the process, validate results, a...
Episode 68: Managing and Monitoring Security Compliance with External Parties
06 Jul 2025
Contributed by Lukas
Vendors, suppliers, and partners all affect your risk posture. This episode explores how to define, enforce, and monitor external security requirement...
Episode 67: Integrating Security Requirements into Organizational Processes
06 Jul 2025
Contributed by Lukas
In this episode, we cover how to embed security into core business workflows—from procurement to development and beyond. You’ll learn how to ensur...
Episode 66: Aligning Security Programs with Operational Business Objectives
06 Jul 2025
Contributed by Lukas
Security must support the mission. This episode teaches you how to align your security initiatives with day-to-day business operations, process priori...
Episode 65: Evaluating and Reporting Information Security Metrics
06 Jul 2025
Contributed by Lukas
Metrics turn performance into visibility. This episode shows you how to define, collect, and report information security metrics that support governan...
Episode 64: Compiling and Presenting Effective Security Reports
06 Jul 2025
Contributed by Lukas
CISM candidates must know how to report program results and risk insights to both executives and operational teams. This episode explains how to compi...
Episode 63: Defining and Communicating Security Roles and Responsibilities
06 Jul 2025
Contributed by Lukas
Effective governance depends on clear roles and responsibilities. In this episode, we walk through how to assign, document, and communicate who owns w...
Episode 62: Gaining Senior Leadership Commitment and Stakeholder Support
06 Jul 2025
Contributed by Lukas
Security programs rise or fall on leadership support. This episode teaches you how to earn and sustain executive commitment, communicate risk in busin...
Episode 61: Communicating the Business Case and Gaining Stakeholder Buy-In
06 Jul 2025
Contributed by Lukas
CISM leaders must champion security through influence, not just authority. In this episode, we cover how to build and communicate compelling business ...
Episode 60: Building Effective Security Budgets and ROI Analysis
06 Jul 2025
Contributed by Lukas
Budgeting is about more than asking for money—it’s about justifying value. This episode explains how to estimate costs, present return on investme...
Episode 59: Integrating Information Security into Corporate Governance
06 Jul 2025
Contributed by Lukas
Security can’t operate in a silo. This episode covers how to embed information security into broader corporate governance, ensuring risk, compliance...
Episode 58: Implementing Information Security Governance Frameworks
06 Jul 2025
Contributed by Lukas
Frameworks turn strategy into structure. In this episode, we explain how to implement security governance frameworks like COBIT and ISO in ways that s...
Episode 57: Establishing Information Security Strategy Aligned with Organizational Goals
06 Jul 2025
Contributed by Lukas
Security strategy must serve the business. This episode walks you through aligning your security vision, priorities, and investment with what the orga...
Episode 56: Identifying Internal and External Influences on Security Strategy
06 Jul 2025
Contributed by Lukas
Domain 1 isn’t just about governance—it’s about understanding what shapes strategy. This episode teaches you how to identify organizational driv...
Episode 55: Conducting Meaningful Post-Incident Reviews
06 Jul 2025
Contributed by Lukas
CISM professionals must know how to lead structured post-incident reviews. This episode explains how to capture lessons learned, evaluate what went wr...
Episode 54: Techniques for Secure Recovery and Restoration
06 Jul 2025
Contributed by Lukas
After eradication comes recovery—and it must be secure. This episode shows you how to safely bring systems back online, validate their integrity, an...
Episode 53: Techniques for Incident Eradication
06 Jul 2025
Contributed by Lukas
Eradication is where you eliminate the root cause of an incident. This episode walks you through how to fully remove malware, close exploited vulnerab...
Episode 52: Incident Response Communications: Reporting, Notification, and Escalation
06 Jul 2025
Contributed by Lukas
Incident response is only effective if the right people are informed at the right time. In this episode, we explore how to build a communication plan ...
Episode 51: Effective Incident Containment Methods
06 Jul 2025
Contributed by Lukas
Containment is a critical phase in incident response—and a highly tested concept in Domain 4. This episode covers the strategies and decision points...
Episode 50: Digital Forensics and Evidence Collection Basics
06 Jul 2025
Contributed by Lukas
You don’t have to be a forensic analyst—but you do need to understand the basics. This episode explains how evidence is collected, preserved, and ...
Episode 49: Incident Investigation Methodologies
06 Jul 2025
Contributed by Lukas
CISM candidates must understand how to manage an incident investigation. This episode covers how to gather evidence, document timelines, identify root...
Episode 48: Incident Management Tools and Techniques
06 Jul 2025
Contributed by Lukas
Tools can streamline detection, coordination, and resolution during incidents. In this episode, we explore common technologies used in incident manage...
Episode 47: Training, Testing, and Evaluating Your Incident Management Capabilities
06 Jul 2025
Contributed by Lukas
Your incident response plan is only as strong as your ability to execute it. This episode covers how to train staff, conduct simulations, and evaluate...
Episode 46: Incident Classification and Categorization Methods
06 Jul 2025
Contributed by Lukas
Classifying incidents accurately enables proper response. In this episode, we discuss how to build an incident classification system based on impact, ...
Episode 45: Testing, Maintenance, and Improvement of Your DRP
06 Jul 2025
Contributed by Lukas
A DRP must be tested, maintained, and improved over time to remain effective. This episode explains how to schedule recovery tests, evaluate outcomes,...
Episode 44: Designing Your Disaster Recovery Plan (DRP)
06 Jul 2025
Contributed by Lukas
Disaster recovery planning ensures technology and data availability during a crisis. In this episode, we break down how to design and document a DRP t...
Episode 43: Building Your Business Continuity Plan (BCP)
06 Jul 2025
Contributed by Lukas
Business continuity is broader than disaster recovery—and the CISM exam knows it. This episode explains how to build a BCP that supports organizatio...
Episode 42: Conducting Business Impact Analysis (BIA
06 Jul 2025
Contributed by Lukas
CISM Domain 4 expects you to know how to conduct a business impact analysis. In this episode, we walk through how to identify critical functions, asse...
Episode 41: Maintaining and Updating Your Incident Response Plan
06 Jul 2025
Contributed by Lukas
An outdated incident response plan is a liability. This episode teaches you how to maintain IR documentation over time, incorporate lessons learned, a...
Episode 40: Designing and Documenting the Incident Response Plan
06 Jul 2025
Contributed by Lukas
Domain 4 begins here. This episode walks you through how to design a comprehensive incident response plan—from defining roles and escalation paths t...
Episode 39: Communications and Reporting for the Information Security Program
06 Jul 2025
Contributed by Lukas
Strong security programs communicate effectively. In this episode, we explain how to report program performance, risks, and control status to senior l...
Episode 38: Contractual Security Requirements and Ongoing Vendor Monitoring
06 Jul 2025
Contributed by Lukas
Once a vendor is onboarded, the work doesn’t stop. This episode covers how to include security clauses in contracts, define SLAs, and monitor vendor...
Episode 37: Vendor Risk Assessment and Selection
06 Jul 2025
Contributed by Lukas
Third-party vendors can expand capabilities—or introduce serious risk. This episode explains how to evaluate vendors before selection by conducting ...
Episode 36: Developing Engaging Information Security Awareness and Training Programs
06 Jul 2025
Contributed by Lukas
Security programs fail without user participation. This episode explores how to build training and awareness initiatives that promote secure behavior ...
Episode 35: Techniques for Information Security Control Testing and Evaluation
06 Jul 2025
Contributed by Lukas
Testing controls is how you validate effectiveness—and it’s a must-know area for the exam. In this episode, we walk through test design, performan...
Episode 34: Implementing and Integrating Information Security Controls
06 Jul 2025
Contributed by Lukas
CISM candidates must know how to implement controls—not just select them. This episode covers how to plan, deploy, and integrate security controls a...
Episode 33: Designing and Selecting Effective Information Security Controls
06 Jul 2025
Contributed by Lukas
Controls are at the heart of any security program. This episode shows you how to choose the right controls based on risk assessments, business impact,...
Episode 32: Developing and Using Information Security Program Metrics
06 Jul 2025
Contributed by Lukas
If you can’t measure it, you can’t manage it. In this episode, we cover how to create meaningful metrics for tracking the effectiveness of your se...
Episode 31: Writing Actionable Procedures and Guidelines
06 Jul 2025
Contributed by Lukas
Policies set direction—but procedures make things happen. This episode teaches you how to translate security policies into actionable procedures and...
Episode 30: Developing Effective Security Policies
06 Jul 2025
Contributed by Lukas
Every security program is built on policy. In this episode, we cover how to draft policies that support governance, define behavior, and reflect organ...
Episode 29: Applying Industry Standards and Frameworks to Your Security Program
06 Jul 2025
Contributed by Lukas
Domain 3 expects you to apply security frameworks—not just memorize them. In this episode, we explain how to align your program with standards like ...
Episode 28: Information Asset Identification and Classification Fundamentals
06 Jul 2025
Contributed by Lukas
CISM professionals must protect what matters most. This episode covers how to identify, categorize, and classify information assets, including systems...
Episode 27: Selecting and Implementing Security Tools and Technologies
06 Jul 2025
Contributed by Lukas
Technology supports security—but strategy drives selection. This episode helps you evaluate tools based on business needs, risk reduction, and opera...
Episode 26: Staffing and Managing Security Teams
06 Jul 2025
Contributed by Lukas
Domain 3 covers security program development—and that includes managing people. In this episode, we examine how to build and lead an effective secur...
Episode 25: Best Practices in Risk Monitoring and Reporting
06 Jul 2025
Contributed by Lukas
CISM exam scenarios often involve risk communication. This episode covers how to monitor risks over time and report findings in ways that drive decisi...
Episode 24: Establishing Risk and Control Ownership
06 Jul 2025
Contributed by Lukas
Ownership is essential to accountability. In this episode, we explain how to assign ownership for risks and controls, and how to ensure those responsi...
Episode 23: Risk Transfer and Avoidance Strategies
06 Jul 2025
Contributed by Lukas
Sometimes the best risk response is walking away—or handing it off. This episode focuses on transferring and avoiding risk, from insurance and outso...
Episode 22: Risk Mitigation and Acceptance Strategies
06 Jul 2025
Contributed by Lukas
When risks can't be eliminated, they must be managed. This episode covers the two most frequently used risk treatment options: mitigation and acceptan...
Episode 21: Conducting Effective Risk Analysis Workshops
06 Jul 2025
Contributed by Lukas
CISM candidates must know how to facilitate cross-functional risk workshops. In this episode, we walk through the process—from identifying participa...
Episode 20: Quantitative vs. Qualitative Risk Assessment
06 Jul 2025
Contributed by Lukas
Understanding how to evaluate risk is a CISM must-have. In this episode, we break down qualitative and quantitative assessment methods—including lik...
Episode 19: Conducting Vulnerability and Control Deficiency Analysis
06 Jul 2025
Contributed by Lukas
Risk management starts with understanding where you’re weak. This episode teaches you how to identify control gaps and vulnerabilities, distinguish ...
Episode 18: Identifying and Managing Emerging Risks (AI, Quantum, IoT)
06 Jul 2025
Contributed by Lukas
Emerging tech means evolving risk. In this episode, we cover how technologies like AI, IoT, and quantum computing introduce new security threats—and...
Episode 17: Current Cyber Threat Landscape
06 Jul 2025
Contributed by Lukas
CISM Domain 2 begins here—with risk identification. This episode explores common and emerging threats, including ransomware, insider risk, APTs, and...
Episode 16: Strategic Planning Essentials – Budgets, Resources, and the Business Case
06 Jul 2025
Contributed by Lukas
Security managers must think like business leaders. This episode focuses on how to plan strategically: building security budgets, aligning resources w...
Episode 15: Deep Dive into NIST Cybersecurity Framework (CSF)
06 Jul 2025
Contributed by Lukas
The NIST CSF is another framework CISM candidates must understand. In this episode, we explain the five core functions—Identify, Protect, Detect, Re...
Episode 14: Deep Dive into ISO 27001 and ISO 27002
06 Jul 2025
Contributed by Lukas
ISO 27001 and ISO 27002 show up frequently on the CISM exam. This episode covers their purpose, structure, and use in implementing and managing an Inf...
Episode 13: Deep Dive into COBIT Framework
06 Jul 2025
Contributed by Lukas
COBIT is more than just a buzzword—it’s a cornerstone of enterprise governance. In this episode, we explore COBIT’s structure, goals cascade, go...
Episode 12: Overview of Major Governance Frameworks (COBIT, ISO, NIST)
06 Jul 2025
Contributed by Lukas
Expect questions about governance frameworks on the CISM exam. This episode introduces COBIT, ISO 27001/27002, and the NIST Cybersecurity Framework. W...
Episode 11: Developing an Effective Information Security Strategy
06 Jul 2025
Contributed by Lukas
CISM Domain 1 emphasizes the creation of business-aligned security strategies. In this episode, we walk through the core elements of an effective secu...
Episode 10: Organizational Structures, Roles, and Responsibilities in Security Governance
06 Jul 2025
Contributed by Lukas
CISM candidates must know how security fits into the broader enterprise structure. This episode covers how roles, responsibilities, and reporting line...
Episode 9: Contractual Requirements and Security Agreements
06 Jul 2025
Contributed by Lukas
Security responsibilities often extend to third-party contracts. In this episode, we explain how SLAs, NDAs, MOUs, and security addendums play a role ...
Episode 8: Legal and Regulatory Compliance Essentials
06 Jul 2025
Contributed by Lukas
Compliance is a core topic in Domain 1 and a frequent source of exam questions. This episode breaks down the distinctions between laws, regulations, a...
Episode 7: Organizational Culture and Its Impact on Security
06 Jul 2025
Contributed by Lukas
Domain 1 begins here. In this episode, we explore how organizational culture influences security behavior, policy adoption, and governance success. Yo...
Episode 6: Test-Taking Strategies and Exam-Day Tips for Success
06 Jul 2025
Contributed by Lukas
Even well-prepared candidates can trip up on exam day. This episode walks you through proven test-taking strategies including time management, scenari...
Episode 5: Building a Personalized CISM Study Plan
06 Jul 2025
Contributed by Lukas
A solid study plan can make all the difference. In this episode, we help you build a realistic, customized CISM prep schedule that aligns with your ex...
Episode 4: Essential Skills and Experience for CISM Candidates
06 Jul 2025
Contributed by Lukas
Before you apply for the exam, make sure you qualify. This episode explains ISACA’s professional experience requirements, including the five-year mi...
Episode 3: CISM vs. CISSP vs. CRISC – Choosing Your Certification Path
06 Jul 2025
Contributed by Lukas
Confused about which certification is right for your career goals? In this episode, we compare the CISM with CISSP and CRISC to help you decide. You’...
Episode 2: Understanding the Exam – Domains, Structure, and Study Strategies
06 Jul 2025
Contributed by Lukas
To pass the CISM exam, you need more than flashcards—you need a strategy. In this episode, we explain how the exam is structured, how domain weight ...
Episode 1: Welcome to the CISM Certification – Overview and Benefits
06 Jul 2025
Contributed by Lukas
Thinking about becoming a Certified Information Security Manager? This episode is your official onboarding to the CISM journey. We explain what CISM m...