This website uses cookies. View our cookie policy
Select regional store:

Certified Information Security Manager (CISM)

Developed by ISACA, the CISM qualification has been specifically designed for experienced information security managers. CISM qualifications are internationally recognized and are consistently listed as one of the most highly sought-after and well-paying IT certifications.

IT Governance offers a complete range of products, including study guides and training courses, designed to help you pass the CISM examination at the first attempt.

CISM is divided into four domains, each of which is covered in the CISM Review Manual and the exam:

  • Domain 1—Information Security Governance
  • Domain 2—Information Risk Management and Compliance
  • Domain 3—Information Security Program Development and Management
  • Domain 4—Information Security Incident Management

The CISM certificate is awarded to candidates who have at least five years of relevant work experience and who pass a rigorous written examination which occurs only three times each year.

Benefits of CISM:

  • Demonstrates that an individual understands the relationship between an information security program and an organization's business goals and objectives
  • Demonstrates knowledge and experience in the management and development of an information security program
  • Premier information security management qualification
  • Often considered a prerequisite for senior- and director-level positions
  • Demonstrates a level of credibility in the individual and the organization, and demonstrates their commitment to compliance, security, and integrity
  • Helps an organization retain and win new business due to its commitment to information security management

The CISM Review Manual

The CISM Review Manual is the core text for candidates taking the CISM exam. Updated each year, it is also the industry-leading source of information for those who wish to understand the roles and responsibilities of an information security manager.

As well as the CISM Review Manual, it is also advised that any candidate taking the CISM exam purchases and studies a copy of the Official CISM Review Questions, Answers & Explanations. This manual provides 815 multiple choice practice questions, answers, and explanations for CISM candidates. Find out more >>

CISM Exams

The CISM exams are currently held only three times a year. To sit the exam you must have five years of relevant work experience and pre-register for the exam directly with ISACA.

For more information, please see the ISACA CISM "How to Become Certified" web page.

Exam Center Locations & Registration

The locations of the Exam Centers can be found here. You must register online with ISACA for the exam. After registration and payment, candidates are sent The Candidate's Guide to the CISM Exam, which provides a detailed outline of the subject areas covered in the examination, a suggested list of reference materials to review, a glossary of acronyms commonly used, and a sample copy of the answer sheet used for the exam.

Continuing Professional Education

There is a Continuing Professional Education (CPE) policy in respect of qualified CISM professionals, which aims to ensure that all CISMs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control, and security.

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed three-year period.

See ISACA's Maintain Your CISM for further details.