Select regional store:

CISM - Certified Information Security Manager Qualification


The CISM qualification

Established in 2002, the Certified Information Security Manager (CISM) qualification is awarded by ISACA® and is a globally accepted standard of achievement among information security, information systems (IS) audit, and IT governance professionals.

IT Governance is the exclusive approved reseller of ISACA publications and offers the complete range of official ISACA study guides, designed to help you pass the CISM examination at the first attempt.

What are the requirements for the CISM qualification?

The CISM certification is awarded to candidates with at least five years of relevant work experience, who pass a rigorous written examination.

ISACA defines four CISM domains on which you will be examined:

  • Domain 1 - Information Security Governance (24% of exam)
  • Domain 2 - Information Risk Management and Compliance (30% of exam)
  • Domain 3 - Information Security Program Development and Management (27% of exam)
  • Domain 4 - Information Security Incident Management (19% of exam)

For more information, please see the CISM 'How to Become Certified' web page.

How do you pass the CISM exam at the first attempt?

We recommend the following actions:

  1. Check that you have the relevant five years of work experience to qualify, or you’re able to gain this experience within the next 5 years
  2. Register and schedule your exam direct with ISACA
  3. Purchase the official ISACA study guides and third-party textbooks
  4. Plan a self-study program that covers all of the key knowledge domains
  5. Attend an exam preparation training course 2-4 weeks before you sit the exam

How to register and schedule the CISM exam

The CISM exam will be offered via a computer-based testing (CBT) session, which is available all year round. All candidates must first register online direct with ISACA and pay for the examination in advance. They will then receive email instructions on how to schedule an exam appointment at a local PSI exam centre.

For further information, please review the ISACA Exam Candidate Information Guides.

Essential CISM books and study guides


CISM Review Manual, 15th Edition

Official ISACA CISM Review Manual

The CISM Review Manual is the core text for candidates taking the CISM exam. Updated each year, it is also the industry-leading source of information for those who wish to understand the roles and responsibilities of an information security manager.

This book is primarily created for exam prep, but is also a useful reference for information security managers. This current edition has been updated for the CISM Job Practice.

Shop now

CISM Review Questions, Answers & Explanations Manual, 11th Edition

Official ISACA CISM Review Questions, Answers & Explanations Manual

As well as the CISM Review Manual, it is also advised that any candidate taking the CISM exam purchases and studies a copy of the Official CISM Review Questions, Answers & Explanations

The official CISM Review Questions, Answers & Explanations Manual, 9th Edition from ISACA provides 1,000 multiple-choice questions and their thoroughly explained answers to allow you to practise fully before sitting the CISM exam. This book has been updated for the CISM Job Practice.

Shop now

CISM Exam Passport

CISM Exam Passport

This package contains the CISM Review Manual, 15th Edition and the CISM Review Questions, Answers & Explanations Manual, 9th Edition. Both official ISACA books have been updated to reflect the current CISM job practice areas, and are the most up-to-date study resources for the CISM exam.

Shop now

Continuing Professional Education

There is a Continuing Professional Education (CPE) policy in respect of qualified CISM professionals. The goal of this policy is to ensure that all CISMs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.

CISMs who successfully comply with the ‘continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organizations’. The responsibility for setting the CPE requirements rests with the CISM Certification Board which oversees the process and requirements to ensure their applicability.

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed three-year period.

Please see the Maintain Your CISM page on ISACA’s website for further details.

This website uses cookies. View our cookie policy