Certified Information Security Manager (CISM)
The Certified Information Security Manager (CISM) certification from ISACA validates advanced expertise in managing, designing, and assessing enterprise information security programs. It demonstrates a professional’s ability to align security strategies with business goals.
What is Certified Information Security Manager (CISM)
The Certified Information Security Manager (CISM) credential, developed by ISACA, is a globally recognised qualification for professionals who manage, design, and oversee enterprise information security programs.
It focuses on governance, risk management, and incident response, helping organisations protect valuable information assets while supporting business objectives.
This CISM certification guide was written by our team of cyber security experts.
What topics does a CISM certification cover?
The CISM certification covers four key domains:
Information Security Governance
Aligning security strategies with organisational goals.
Information Risk Management
Identifying and managing information security risks.
Information Security Program Development and Management
Building and maintaining effective security programs.
Information Security Incident Management
Establishing and managing incident response procedures.
These domains ensure CISM professionals have the knowledge to lead and manage enterprise-level information security operations.
How do I earn a CISM certification?
To earn the CISM credential, candidates must:
-
Pass the CISM exam administered by ISACA.
-
Agree to ISACA’s Code of Professional Ethics.
-
Show verified work experience — at least five years in information security management (with possible substitutions for certain credentials or education).
-
Continue learning through ISACA’s CPE (Continuing Professional Education) program.
To support your CISM exam preparation, you can take our CISM training course.
What are the benefits of becoming CISM Certified?
CISM empowers learners with the skills to design, deploy and manage security architecture within a business. It ensures that learners are equipped to manage on-going security programmes, as well as essential compliance and governance framework.
Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification. It is a globally recognised professional requirement in the IT security domain and one that is suitable to a range of IT and security roles.
What are the pre-requisites of a CISM certification?
To qualify for certification, you must have five years of information security management experience. However, ISACA allows substitutions for up to two years of experience for:
-
Other certifications such as CISSP, CISA, or CRISC
-
A relevant university degree
-
Teaching or managerial experience in information security
Candidates may take the exam before completing the full experience requirement but must meet it within five years.
Which roles require a CISM certification?
CISM is ideal for professionals in mid to senior-level cyber security management roles such as:
-
Information Security Manager
-
IT Governance Specialist
-
Chief Information Security Officer (CISO)
-
Security Consultant
-
Risk and Compliance Manager
Employers value CISM-certified professionals for their ability to translate technical knowledge into strategic security leadership. According to LinkedIn data, CISM is among the top 5 in-demand security certifications globally, often required for managerial and leadership positions across industries.
Is CISM worth it?
CISM is one of the most respected credentials for information security management professionals. It signals strategic and managerial capability rather than purely technical expertise.
Employer recognition
CISM is highly regarded across government, finance, and enterprise sectors.
Earning potential
CISM-certified professionals earn an average UK salary of £85,000–£120,000[1], depending on role and experience.
Global credibility
With ISACA’s reputation, CISM opens international career pathways and leadership opportunities.
Overall, it’s a smart investment for professionals aiming to transition from technical security roles into senior management or governance positions.
CISM training courses
Taught by our cyber security experts, this course provides a comprehensive preparation for your CISM exam.
Preparing for the CISM certification exam
What is the exam structure of Certified Information Security Manager (CISM)?
The CISM exam consists of 150 multiple-choice questions covering four ISACA domains. Candidates have 4 hours to complete the exam, which is delivered through remote proctoring or at authorised testing centres via PSI.
The exam uses a scaled scoring system ranging from 200 to 800 points, with a 450 minimum passing score. ISACA regularly updates its exam content to reflect emerging industry practices.
What study resources are available for CISM?
For structured, expert-led preparation, QA offers the CISM training course, aligned with ISACA’s latest exam domains. Additional resources include:
-
The official ISACA CISM Review Manual
-
ISACA online question database
-
Study groups and forums via ISACA chapters or LinkedIn communities
Does a CISM certification expire?
Yes. CISM certification holders must renew every three years by earning at least 120 Continuing Professional Education (CPE) hours and paying an annual maintenance fee. This ensures certified professionals stay current with evolving security standards, technologies, and management practices.
Why choose QA for CISM training?
Trusted partner
We are an accredited, elite partner of ISACA, offering the full catalogue of ISACA certifications.
Expert-led training
QA and its trainers have been recognised for its excellence in delivering ISACA training courses.
More ways to learn
Our expert-led CISM training can be taken virtually with an instructor, or in-person in a classroom.
More Cyber Security Certifications
Let's talk
Start your digital transformation journey today
Contact us today via the form or give us a call
