ISACA – CISM

by | Jan 22, 2026

Current Status
Not Enrolled
Price
$3,495.00
Get Started
or

ISACA – Certified Information Security Manager – CISM

Overview

The CISM credential validates that you can assess risks, implement effective governance, and proactively respond to incidents in the security environment. It’s designed for professionals who manage, design, oversee or assess an enterprise’s information security program.

Key facts:

  • The certification emphasizes leadership and management of information security rather than purely technical skills.

  • Since its inception, more than 100,000 professionals have earned the CISM credential worldwide.

  • Exams are computer-based, global, and allow remote proctoring in many cases.

What You’ll Learn

Domains & Weights

  • Domain 1: Information Security Governance  24% of the exam
    Establishing and maintaining an information security governance framework and supporting processes.
  • Domain 2: Information Risk Management  30% of the exam
    Identifying, analyzing, evaluating, and managing information security risk.
  • Domain 3: Information Security Program Development and Management  27% of the exam
    Designing, developing, and managing an organization’s information security program.
  • Domain 4: Information Security Incident Management  19% of the exam
    Planning, establishing, and managing the capability to detect, respond to, and recover from incidents.

Experience Requirements

  • You must have five (5) years of professional information security management work experience.
  • At least three (3) years of this experience must be gained across three or more of the four CISM domains.
  • Experience waivers and substitutions (up to two years) may be granted for certain education, certifications, or approved credentials, per ISACA policy.

Maintenance & Certification

  • After passing the exam, candidates must apply for CISM certification within five (5) years of the exam date.
  • Certification holders must adhere to ISACA’s Continuing Professional Education (CPE) policy:
    • 20 CPE hours annually
    • 120 CPE hours over a three-year cycle
  • Annual maintenance fees are required to keep the certification active.
Details

3-4 Years Experience

40 Hours

Audience
  • Information Security Managers – professionals responsible for setting security strategy and directing security operations.
  • IT Managers / Directors – leaders who oversee IT operations with accountability for security and risk management.
  • Security Consultants – advisors who help organizations develop and improve security governance and programs.
  • Risk and Compliance Managers – professionals focused on governance, risk assessment, and regulatory compliance.
  • Chief Information Security Officers (CISOs) and Senior Security Leaders – executives who set security direction and align security with business goals.
  • Security Program Managers – those who develop, implement, and manage enterprise-wide security initiatives.
  • IT Governance and Risk Professionals – individuals involved in enterprise risk management and information governance frameworks.