CISM - Certified Information Security Manager
What is CISM?
The CISM (Certified Information Security Manager) qualification is an international professional certification offered by ISACA. The certification recognises an individual’s ability to design, implement and manage an information security programme.
CISM is globally recognised as one of the most prestigious certifications for information security managers. CISM-certified professionals are in high demand and the certification can help you progress in your career and earn higher salaries.
Book your place on the CISM training course today
The CISM Training Course is designed to ensure that you pass the ISACA CISM examination at the first attempt.
Delivered in just four days, this course has been designed to maximise time effectiveness and reduce any unnecessary time away from the office.
Which is better: CISM or CISSP?
There is no simple answer to this question as it depends on many factors, including work experience, job roles and personal preferences. Some people may prefer the CISM qualification as it focuses on information security management, while others may prefer the CISSP qualification for its more general information security coverage.
How difficult is CISM?
While the CISM exam is not easy, it can be a manageable challenge with the right amount of preparation.
The CISM exam covers a lot of ground, testing your knowledge of information security program development and management, risk management and incident response.
With a comprehensive study plan and access to quality study materials, you can give yourself the best chance of passing the CISM exam.
Is CISM worth it?
CISM is definitely worth considering for information security professionals. Earning your CISM demonstrates your commitment to information security and makes you an attractive candidate for management-level positions.
What are the requirements for the CISM qualification?
The CISM certification is awarded to candidates with at least five years of relevant work experience who pass a rigorous written examination.
ISACA defines four CISM job practice domains on which you will be examined:
- Domain 1 – Information Security Governance (17% of exam)
- Domain 2 – Information Security Risk Management (20% of exam)
- Domain 3 – Information Security Program (33% of exam)
- Domain 4 – Incident Management (30% of exam)
How do you pass the CISM exam at the first attempt?
We recommend the following actions:
- Check that you have the relevant five years of work experience to qualify.
- Book your course here.
- Register and schedule your exam with ISACA.
- Plan a self-study programme that covers all the key knowledge domains.
- Attend our exam preparation training course 2 to 4 weeks before you sit the exam.
How to register for and schedule your CISM exam
The CISM exam is offered online or at a PSI exam centre all year round. All candidates must first register online directly with ISACA. They will then receive email instructions on how to schedule an exam appointment.
Does CISM expire?
CISM does not expire, but there is a CPE policy that aims to ensure that all CISMs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
CISMs who successfully comply with the CPE policy will be better trained to assess information systems and technology and provide leadership and value to their organisations. The responsibility for setting the CPE requirements rests with the CISM Certification Board, which oversees the process and requirements to ensure their applicability.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed three-year period.
Frequently asked questions (FAQs)
CISM (Certified Information Security Manager) is a globally recognised certification for professionals who manage, design and oversee enterprise information security programmes. It’s issued by ISACA.
In cyber security, CISM validates your ability to align security strategy with business goals. It focuses on governance, risk management, programme development and incident response.
CISM stands for Certified Information Security Manager.
To get CISM certified, you must:
- Pass the CISM exam.
- Have at least five years’ work experience in information security, with three in management.
- Apply to ISACA for certification
Preparation usually involves formal training courses, ISACA study guides, practice exams and hands-on experience in governance and risk management.
You can register directly through the ISACA website. Exams are offered at authorised testing centres and via remote proctoring.
Yes, the exam is challenging because it tests not only technical knowledge but also management-level decision-making. It requires preparation and practical experience.
CISM is considered more management-focused, while CISSP is broader and includes more technical domains. Some professionals find CISSP harder, while others find CISM more challenging depending on their background.
Yes. CISM is highly valued for leadership and management roles in information security. It’s recognised worldwide and often linked to higher salaries and career advancement.
CISM is an excellent certification if you are aiming for management, governance or risk-focused positions in information security. It’s particularly valuable for CISOs, risk managers and IT governance professionals.