You are cordially invited to join the training for one of the most recognized information security certificates in the world – CISM (Certified Information Security Manager). The review course will be led online by the accredited trainer Uroš Žust. The training will follow the updated CISM curriculum that will be in effect with exams from June 1st 2022 on.


From July 4th till 8th 2022


Online (Zoom), in English

A few facts about CISM

What is CISM?

SACA’s Certified Information Security Manager® (CISM®) certification indicates expertise in information security governance, program development and management, incident management and risk management. If you are a mid-career IT professional aspiring to senior management roles in IT security and control, CISM can get you the visibility you need.


1Information Security Governance
AEnterprise Governance
1A1Organizational Culture
1A2 Legal, Regulatory, and Contractual Requirements 
1A3Organizational Structures, Roles, and Responsibilities 
BInformation Security Strategy 
1B1Information Security Strategy Development 
1B2Information Governance Frameworks and Standards 
1B3  Strategic Planning (e.g., budgets, resources, business case).
2Information Security Risk Management
AInformation Security Risk Assessment
2A1Emerging Risk and Threat Landscape
2A2Vulnerability and Control Deficiency Analysis
2A3Risk Assessment and Analysis
BInformation Security Risk Response
2B1Risk Treatment / Risk Response Options
2B2Risk and Control Ownership
2B3Risk Monitoring and Reporting
3Information Security Program
AInformation Security Program Development
3A1Information Security Program Resources (e.g., people, tools, technologies)
3A2Information Asset Identification and Classification
3A3Industry Standards and Frameworks for Information Security
3A4Information Security Policies, Procedures, and Guidelines
3A5Information Security Program Metrics
BInformation Security Program Management
3B1Information Security Control Design and Selection
3B2Information Security Control Implementation and Integrations
3B3Information Security Control Testing and Evaluation
3B4Information Security Awareness and Training/td>
3B5Management of External Services (e.g., providers, suppliers, third parties, fourth parties)
3B6Information Security Program Communications and Reporting
4Incident Management
AIncident Management Readiness
4A1Incident Response Plan
4A2Business Impact Analysis (BIA)
4A3Business Continuity Plan (BCP)
4A4Disaster Recovery Plan (DRP)
4A5Incident Classification/Categorization
4A6Incident Management Training, Testing, and Evaluation
BIncident Management Operations
4B1Incident Management Tools and Techniques
4B2Incident Investigation and Evaluation
4B3Incident Containment Methods
4B4Incident Response Communications (e.g., reporting, notification, escalation)
4B5Incident Eradication and Recovery
4B6Post-incident Review Practices



Uroš is a director in Broader Assurance Services for SEE at PwC Slovenia. He has more than 17 years of experience in the fields of IT auditing, cyber security, security assessments, risk management, corporate compliance management in a wide range of industries. He has obtained his experience both in Europe as well as in US, where he lived and worked for 5 years.

He is an accredited trainer for ISACA CISA and CISM certification, and a seasoned presenter, that has led the aforementioned trainings in Slovenia, US, Serbia and Czech Republic. 


The regular price for attending this 5-day course is 897 EUR + VAT. If you are a member of ISACA, your price is 570 EUR + VAT.

The participation needs to be paid in advance. Your application can be cancelled without penalties by June 27th 2022. A cancellation after this date will not result in a refund. ISACA Slovenian Chapter reserves the right to cancel the training (for any reason) before the start of the training.