CISM - Certified Information Security Manager qualification

Develop your career with a qualification in IT

If you’re looking to advance your career as an IT professional and build on your skillset, then professional certification is for you. Speak to one of our training experts for more information on our range of certification courses.

The CISM qualification

Established in 2002, the Certified Information Security Manager (CISM) qualification is awarded by ISACA® and is a globally accepted standard of achievement among information security, information systems audit and IT governance professionals.

Book your place on the CISM training course today

The CISM Training Course is designed to ensure that you pass the ISACA CISM examination at the first attempt.

Delivered in just four days, this course has been designed to maximise time effectiveness and reduce any unnecessary time away from the office. It has also been shown to be considerably more effective than self-study preparation, which requires more time and commitment.

Book now

What are the requirements for the CISM qualification?

The CISM certification is awarded to candidates with at least five years of relevant work experience, who pass a rigorous written examination.

ISACA defines four CISM job practice domains on which you will be examined:

Domain 1 – Information Security Governance (24% of exam)
Domain 2 – Information Risk Management (30% of exam)
Domain 3 – Information Security Program Development and Management (27% of exam)
Domain 4 – Information Security Incident Management (19% of exam)

Please note that from 1 June 2022, the CISM job practice domains will be:

Domain 1 – Information Security Governance (17% of exam)
Domain 2 – Information Security Risk Management (20% of exam)
Domain 3 – Information Security Program (33% of exam)
Domain 4 – Incident Management (30% of exam)

How do you pass the CISM exam at the first attempt?

We recommend the following actions:

Check that you have the relevant five years of work experience to qualify, or you are able to gain this experience within the next five years.
Purchase your CISM exam directly from IT Governance.
Register and schedule your exam with ISACA.
Plan a self-study programme that covers all the key knowledge domains.
Attend our exam preparation training course 2-4 weeks before you sit the exam.

How to register and schedule the CISM exam

The CISM exam is offered via a computer-based testing (CBT) session, which is available online or at a PSI exam centre all year round. All candidates must first register online directly with ISACA. They will then receive email instructions on how to schedule an exam appointment.

Continuing Professional Education

There is a Continuing Professional Education (CPE) policy in respect of qualified CISM professionals. The goal of this policy is to ensure that all CISMs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.

CISMs who successfully comply with the “continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organisations”. The responsibility for setting the CPE requirements rests with the CISM Certification Board, which oversees the process and requirements to ensure their applicability.

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed 3-year period.

Please see the Maintain CISM Certification page on ISACA’s website for further details.

Get in touch

If you are an IT professional looking to advance your career with the CISM qualification but have some questions, call our training team on +44 1474 556685, or request a call back using the form below. Our experts are ready and waiting with practical advice.

CISM® – Certified Information Security Manager Qualification