For more information about CSM-ACE 2022, please contact: 
  • |
  • +603 8800 7999

Certified Information Security Awareness Manager (CISAM)

Date 26 - 27 Oct 2022
Time 9:00 am - 5:00 pm
Venue Physical, Menara Cyber Axis, Cyberjaya

Training: RM2,520 (Fees exclude 6% SST)

Not inclusive of Exam Fee @ RM1,200

Certified Examination

The CISAM examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for an information security awareness manager. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/ underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating member countries. Candidates who have successfully passed the CISAM examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.


Certified Information Security Awareness Manager (CISAM) is a 2 days hands-on training and certification program that provides the essential know-how, enabling information security professionals to develop and manage an effective security awareness program for their organization.

  1. Identify the “As-Is” state of your organisation’s awareness and competence levels;
  2. Understand the difference between awareness, training and education;
  3. Build and maintain a comprehensive awareness and competence programme, as part of an organisation’s information security programme;
  4. Identify awareness, training and competence needs, develop a training plan, and get organisational buy-in for the funding of Select awareness, training and competence topics; Find sources of awareness and training materials;
  5. Implement awareness and training material, using various methods;
  6. Evaluate the effectiveness of the programme; Understanding and overcoming the obstacles to success; Update and improve the focus of technology and organisational priorities change; and
  7. Create an effective social engineering assessment programme.
  1. Information security officers / ISMS managers
  2. C-level executives
  3. Security auditors, risk and compliance managers
  4. Training managers / Human resource managers
  5. Anyone responsible to plan and execute security awareness

DAY 1:


  1. The difference between “awareness” and “behavior”
  2. The elements of risks and analysis on why humans are the weakest link
  3. The learning continuum: awareness, training and education

Designing an Awareness and Competence Programme

  1. Structuring an organizational awareness and training programme
  2. Conducting awareness and training needs assessment
  3. Developing an awareness and training strategy and plan
  4. Establishing priorities
  5. Setting the bar
  6. Funding the security awareness and training programme

Developing Awareness and Competence Material

  1. Developing awareness material: selecting topics and sources of awareness materials
  2. Developing training material: a model for building training courses and sources for training courses

DAY 2:

Implementing the Awareness and Competence Programme

  1. Communicating the plan
  2. Various techniques for delivering awareness material
  3. Reinforcement of learning


  1. How to monitor compliance
  2. Evaluation and feedback
  3. Using metrics to measure the impact of the awareness programme, including how to effectively run phishing assessments
  4. Managing change

Overcome Obstacles to Success

  1. Obstacles to success
  2. Critical success factors