What is CISM?
The Certified Information Security Manager (CISM) qualification is an international professional certification offered by ISACA for Information Security Managers. The certification recognises an individual's ability to design, implement and manage an information security programme.
CISM is globally recognised as one of the most prestigious certifications for Information Security Managers. CISM-certified professionals are in high demand and the certification can help individuals to progress in their careers and earn higher salaries.
Which is better, CISM or CISSP?
There is no simple answer to this question as it depends on many factors, including work experience, job roles and personal preferences. Some people may prefer the CISM qualification as it focuses on information security management, while others may prefer the CISSP qualification for its more general information security coverage.
How difficult is CISM?
While the Certified Information Security Manager (CISM) exam is not easy, it can be a manageable challenge with the right amount of preparation.
The CISM exam covers a lot of ground, testing your knowledge of information security program development and management, risk management and incident response.
With a comprehensive study plan and access to quality study materials, you can give yourself the best chance of passing the CISM exam.
Does CISM expire?
The Certified Information Security Manager (CISM) credential does not expire, but credential holders must participate in Continuing Professional Education (CPE) to maintain their active status.
Is CISM worth it?
Certified Information Security Manager (CISM) is worth considering for information security professionals. Earning your CISM demonstrates your commitment to information security and throws your hat in the ring for management-level positions.
What are the requirements for the CISM qualification?
The CISM certification is awarded to candidates with at least five years of relevant work experience who pass a rigorous written examination.
ISACA defines four CISM job practice domains on which you will be examined:
- Domain 1 – Information Security Governance (24% of exam)
- Domain 2 – Information Risk Management (30% of exam)
- Domain 3 – Information Security Program Development and Management (27% of exam)
- Domain 4 – Information Security Incident Management (19% of exam)
Please note that from 1 June 2022, the CISM job practice domains will be:
- Domain 1 – Information Security Governance (17% of exam)
- Domain 2 – Information Security Risk Management (20% of exam)
- Domain 3 – Information Security Program (33% of exam)
- Domain 4 – Incident Management (30% of exam)
How do you pass the CISM exam at the first attempt?
We recommend the following actions:
- Check that you have the relevant five years of work experience to qualify.
- Purchase your CISM exam directly from IT Governance.
- Register and schedule your exam with ISACA.
- Plan a self-study programme that covers all the key knowledge domains.
- Attend our exam preparation training course 2-4 weeks before you sit the exam.
How to register and schedule the CISM exam
The CISM exam is offered via a computer-based testing (CBT) session, which is available online, or at a PSI exam centre all year round. All candidates must first register online directly with ISACA. They will then receive email instructions on how to schedule an exam appointment.
Continuing Professional Education
There is a Continuing Professional Education (CPE) policy in respect of qualified CISM professionals. The goal of this policy is to ensure that all CISMs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.
CISMs who successfully comply with the continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organisations. The responsibility for setting the CPE requirements rests with the CISM Certification Board, which oversees the process and requirements to ensure their applicability.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed 3-year period.
Please see the Maintain CISM Certification page on ISACA’s website for further details.
Get in touch
If you are an IT professional looking to advance your career with the CISM qualification but have some questions, call our training team on +44 1474 556685, or request a call back using the form below. Our experts are ready and waiting with practical advice.