Information Security Management Expert


Information Security Management Expert certification

About the course

Information Security Management Expert (ISME) prepares you for successful progression into a senior information security management role.  In this course, you will learn how to develop, implement, monitor and improve an enterprise-wide information security program in line with legal requirements, industry standards and business strategy objectives.

The course is based on the SECO-Institute’s own Information Security Management Framework, a step-by-step model developed by practicing CISOs to guide you through the process of building an effective information security program. As you move along in the course, you will master all the major topics of information security management, from strategic alignment to operational implementation and performance monitoring. Every step of the way, you will perform exercises and case studies that ready you for accomplishing a Chief Information Security Officer’s tasks.

  • Get structured guidance for information security implementation and maintenance;
  • Develop your strategic planning, policy development, leadership and budget advocacy skills with realistic hands-on assignments;
  • Access information security templates you can use directly in your work.


A good understanding of information security management principles is required.

SECO Information Security Practitioner certificate (or equivalent) is recommended.

About the certificate

Core CISO competencies you will validate with your S-ISME certificate

The ISME certification exam tests your real-world information security management skills. By passing the certification exam and earning a SECO-Information Security Management Expert (S-ISME) certificate, you demonstrate that you possess the top competencies of a successful information security leader.

In particular, an S-ISME certificate attests to your ability to:

  • Establish information security goals and objectives in accordance with corporate goals and needs;
  • Communicate effectively with board members and stakeholders and gain the board’s support for information security;
  • Define information security measurement metrics and key performance indicators;
  • Establish information security implementation strategies and monitor their implementation;
  • Translate relevant laws, regulations and standards to information security policies and guidelines;
  • Develop and implement information security policies;
  • Design an internal information security organisation and allocate information security roles, responsibilities and authorisations;
  • Integrate information security procedures with the organisation’s business processes and project management practices;
  • Design a company-wide security awareness program;
  • Define a risk management framework;
  • Establish, implement and monitor an ISO 27001-compliant information security management system and assist the organisation in obtaining ISO 27001-certification;
  • Prioritise and allocate resources to ensure appropriate cover for security assets;
  • Establish an Incident Response Team and predict and treat information security risks;
  • Organise information security audits, interpret audit reports and translate them for the business;
  • Work with leadership to oversee the operations of the internal information security organisation;
  • Demonstrate an in-depth understanding of business continuity management and business continuity planning;
  • Estimate budget and resources needed for security projects.

What are the benefits of an S-ISME certificate?

An S-ISME certificate demonstrates that you possess the knowledge and skills necessary to develop security strategies, guide a security team, and exert influence at the board level. This achievement will give you the confidence to assume a senior information security management role and provide leadership for your organisation, while earning a median annual salary of £115,000.

Who should certify?

The course and the certificate are ideal for you if you are an IT or information security professional with ambitions to become a top-level information security leader.

The certification is particularly suitable for you, if you have a background in

  • Security analysis;
  • Information security risk management;
  • Information security compliance;
  • IT security management.

How to prepare for the certification exam?

You can prepare for your certification exam by taking a course or by self-study.

We offer classroom training through our accredited education partners. To find a course in your country, visit the Get Trained page.

How to book a certification exam?

You can take your certification exam at an accredited exam centre or online.

For more information on the exam, please refer to the SECO Examination Guide.

S-ISME certificate and digital badge

Upon successful completion of a SECO Information Security Management Expert certification exam, you will receive the S-ISME certification title and a digital badge. Your credentials will grant you a one-year SECO membership. After your certification expires, you will have the option to re-certify by paying a small fee.

As a prerequisite to renewing your certification, you have to meet Continuing Professional Education (CPE) requirements. CPE requirements can be met by attending workshops, conferences and webinars, publishing articles, providing training, and performing other similar activities that help you maintain your professional competencies.

For more information on the certification process and Continued Professional Education (CPE) requirements, please refer to the SECO Certifications Guide.