What is CISM all About?

Certified Information Security Manager (CISM) is a professional audit certification offered by the Information Systems Audit and Control Association (ISACA) to validate the skills and knowledge of an expert in information security risk, management, control, and governance. CISM certification is ANSI accredited certification under ISO/IEC 17024:2012 and has been named as the “Best Professional Certification Program in the 2018 SC Media Awards.”

CISM is an accepted standard among IT governance, Audit of Information Systems, and Information Security professionals globally. After passing this certification, it will certify that an individual has knowledge and experience in the development of information security strategy & policy and management of an information security program of an enterprise. Information security management has a vital role in the IT enterprise sector, and CISM helps very much in managing and developing an information security program.

The professional applying for the certification is required to prove their skills in IT auditing, security, and control of information. This certification promotes international practices of information security and recognizes the person who can design and manage the information security of an enterprise. The individual has to demonstrate the ability to merge information security with the objectives of a company. A person who is more interested in managerial aspects of information security than the technical aspects of IT can apply for this certification.

CISM Exam Details and Eligibility Criteria

CISM Exam Details: Certified Information Security Manager (CISM) Certification will examine you on four Different Functional Domains, which are:

  • Information Security Incident Management (19% Exam Weightage) –

It examines the capacity of planning, establishing and managing detection, investigation, response & recovery from information security incidents to reduce the impact on business.

  • Information Security Program Development and Management (27% Exam Weightage) –

It examines the ability to develop and maintain an information security program that identifies the risk, protects, and manages the organization’s assets while aligning with business objectives.

  • Information Risk Management and Compliance (30% Exam Weightage) –

It examines the ability to manage information risk up to an acceptable level while facilitating the attainment of an enterprise’s objectives and goals according to organizational risk appetite.

  • Information Security Governance (24% Exam Weightage) –

It examines the ability to establish and maintain an information security governance framework

CISM Exam Schedule, Duration, and Scoring: The CISM exam is offered via computer-based testing (CBT) session, which is available for applicants all year round. The CISM Exam will be of 4 hours duration, consisting of 150 Multiple Choice Questions (MCQ). A candidate should score at least a minimum of 450 points out of 800 points to pass the CISM Examination. The candidate will be examined on all 4 Functional Domains Areas of Information Security.

CISM Exam Cost: It will cost $760 for non-members and $575 for an ISACA member to take the exam.

CISM Eligibility Criteria: An applicant must have at least 5 years of experience in the Information Security field to qualify for the CISM Certification, which can be gained before or after passing the exam. The applicant must gain the work experience within five years from the date of initially passing the exam or within the 10 years preceding the time of application for CISM Certification. In 5 years of work experience in Information Security Field, the applying applicant must have minimum work experience of 3 years as an information security manager.

How to Prepare for the CISM Exam?

Applying for CISM Exam: An applicant can register, pay the application fee, and schedule the exam directly with ISACA on their website using the link below:

Exam Location: After the CISM Registration, the applicant will receive instructions on the email to schedule a date for the exam at any local nearby PSI Exam Centre.

Exam Preparation: Individuals who are preparing for the exam must plan a self-study program that will cover all four domains of the CISM Exam. One can also purchase the official ISACA Study Guide and take help to study from third-party textbooks. An individual can also take a CISM exam preparation course before taking the exam. Also, one can prepare from Review Questions, Answers & Explanations Database, which is provided by ISACA. Individual must also learn to think like a Manager to acquire managerial skills. Keep on taking practice exams and join a CISM Exam Study Community.

Maintain Your CISM – Continuing Professional Education (CPE):

All those who have passed and qualified as CISM professionals are required to maintain a minimum level of current proficiency and knowledge in the field of information system security, control, and audit. For this purpose, ISACA has a Continuing Professional Education (CPE) policy for qualified CISM professionals to ensure that the required skills and knowledge are maintained.

A qualified CISM has to comply with Continuing Education requirements every year. To maintain the CISM certification, a minimum of 20 hours of CPE is required every year along with annual maintenance fees payment, and a minimum of 120 contact hours are required during a fixed 3-year certification cycle period in compliance with ISACA requirements.

Salary and Demand for CISM Certified Professionals

CISM Salary: CISM is one of the most sought after certifications worldwide with certificate holders getting highly competent salaries in the industry. As per an article in Certification Magazine’s Salary Survey 2018, the average global salary of CISM certificate holders in the USA is $120,410.

Demand for CISM Professionals: Information Security failures can cause significant damage to an enterprise’s success in today’s business world. The demand will keep on rising for skilled information security management professionals as no enterprise can risk with any kind of information breach in today’s world. With the growing number of high-profile breaches, CISM Certification is an accepted standard of achievement in this area globally.


More than 40,000 professionals have obtained ISACA’s Certified Information Security Manager (CISM) certification since it was introduced in 2002. The CISM certification is usually done by network security engineers, network administrators, privacy officers, IT auditors, IT consultants and managers, etc.

It is required for any enterprise to avoid any data security breach, and CISM professionals play a vital role in solving that problem. With this certification, one can become a precious asset for any organization to build a strong base of information technology system.


0 responses to “What is CISM all About?”

Leave a Reply

Your email address will not be published. Required fields are marked *