Skip to main Content

CISM - Certified Information Security Manager

Learn how to develop an information security plan and become a CISM expert

The Certified Information Security Manager (CISM) certification is a management-focused certification which confirms that you have the expertise and experience to develop, manage and implement an organizations information security program.


To apply for CISM certification, you must have five or more years of professional experience in information security management, including at least three years of practical experience in one of the areas listed below. At the discretion of ISACA, you will be eligible to claim certain security or information system certification degrees or credentials for up to two years of the required five years of experience.

About the CISM exam

The ISACA CISM exam is an MCQ with 150 questions based on the following 4 areas:

  • Information Security Governance (24%)
  • Information Risk Management and Compliance (30%)
  • Information Security Program Development and Management (27%)
  • Information Security Incident Management (19%)

The exam is 4 hours in duration and needs to be scheduled via an approved PSI Center. This can be done via the PSI testing site
Please note: The CISM exam is only available in English however a glossary of terminology is provided by ISACA on their website in multiple languages.

Recommended Training

Exam Training Course
CISM Security: Preparing for CISM Security Manager Certification


The CISM Continuing Professional Development Program (CPE) requires the validation of at least 20 hours of CPE per year and 120 hours of CPE every three years.

More details on the ISACA website.

More Information

Please contact us for more details about this or any of the ISACA certifications or training courses.