Certified Information Security Manager (CISM)

ISACA's Certified Information Security Manager (CISM) is the globally accepted certification for information security managers. The demand for skilled information security management professionals is increasing especially in the government and enterprise agencies. Having this certification demonstrates your understanding of information security and its role in the business goals. It distinguishes your security expertise as well as your management experience and puts you into a network of similar elite professionals. 

According to the ISACA website, in order to qualify for this certification, you must meet the following requirements:

1. Successfully Pass the CISM Exam: Your exam score will be available for 5 years. During those 5 years you must meet the other requirements to qualify for certification.

2. The Code of Professional Ethics: When you become an ISACA member, you agree to hold up their code of ethics and professional conduct.

3. Continuing Education Requirements: Fees and at least 20 hours of contact hours are required each year to maintain certification. 120 contact hours are required within a fixed 3-year period.

4. Work Experience: You must submit verified work with a minimum of 5 years security experience, with at least 3 years of information security management experience in one of the 3 analysis areas. This work experience must be gained within 10 years preceeding the application date or within the 5 years of passing the exam. There are specific substitutions that can be made regarding work experience.

Visit the CISM® Exam Boot Camp page for a comprehensive review of the ISACA topic areas that will prepare you for the exam.

The course specifically covers the task statements and knowledge statements contained within the four major content areas of CISM including:

  • Information Security Governance (24%)
  • Information Risk Management and Compliance (33%)
  • Information Security Program Development and Management (25%)
  • Information Security Incident Management (18%)


The CISM® exam is offered three times per year, over a window of dates. The window dates for 2017 are:

  1. May 1 – June 30
  2. August 1 – September 30
  3. November 1 – December 31

To find a testing location near you, please visit www.isaca.org/examlocations.