Certified Information Security Manager (CISM)
ISACA
Issued: 2023-01-05
Certified Information Security Manager (CISM) affirms your ability to assess risks, implement effective governance, and proactively respond to incidents. CISM is a globally respected credential by ISACA, designed specifically for professionals managing an enterprise’s security posture.
Unlike technical certifications that focus on hands-on tools or frameworks, CISM is all about strategy, governance, and leadership in information security. Since its inception in 2002, more than 107,000 people have obtained ISACA’s CISM certification.
Four CISM Domains
The CISM exam covers four domains:
- Information Security Governance - Addressing the framework for information security within an organization
- Information Risk Management - Identifying and managing information security risks to achieve business objectives
- Information Security Program Development and Management - Planning, establishing and managing the capability to respond to and recover from disruptive and destructive information security incidents
- Information Security Incident Management - Managing and tackling issues that were not already planned or considered
Requirements
- Five or more years of CISM professional work experience across at least three of the four CISM domains
- Work experience must be gained within the 10-year period preceding the application date
- Pass the CISM examination
- Adhere to ISACA’s Code of Professional Ethics
- Maintain certification through continuing professional education
Exam Details
- Questions: 150 multiple-choice questions
- Duration: 4 hours
- Domains: Information Security Governance, Information Risk Management, Information Security Program Development and Management, Information Security Incident Management
Continuing Education
- Minimum of 120 Continuing Professional Development (CPE) hours during a three-year reporting period
- Minimum of 20 CPE hours per year