Certified Information Security Manager (CISM)


ISACA's Certified Information Security Manager (CISM) is the globally accepted certification for information security managers. The demand for skilled information security management professionals is increasing especially in the government and enterprise agencies. Having this certification demonstrates your understanding of information security and its role in the business goals. It distinguishes your security expertise as well as your management experience and puts you into a network of similar elite professionals. 

According to the ISACA website, in order to qualify for this certification, you must meet the following requirements:

1. Successfully Pass the CISM Exam: Your exam score will be available for 5 years. During those 5 years you must meet the other requirements to qualify for certification.

2. The Code of Professional Ethics: When you become an ISACA member, you agree to hold up their code of ethics and professional conduct.

3. Continuing Education Requirements: Fees and at least 20 hours of contact hours are required each year to maintain certification. 120 contact hours are required within a fixed 3-year period.

4. Work Experience: You must submit verified work with a minimum of 5 years security experience, with at least 3 years of information security management experience in one of the 3 analysis areas. This work experience must be gained within 10 years preceeding the application date or within the 5 years of passing the exam. There are specific substitutions that can be made regarding work experience.

Visit the CISM® Exam Boot Camp page for a comprehensive review of the ISACA topic areas that will prepare you for the exam.

The course specifically covers the task statements and knowledge statements contained within the four major content areas of CISM including:

  • Information Security Governance (24%)
  • Information Risk Management and Compliance (33%)
  • Information Security Program Development and Management (25%)
  • Information Security Incident Management (18%)


The CISM® exam is offered three times per year, over a window of dates. The window dates for 2017 are:

  1. May 1 – June 30
  2. August 1 – September 30
  3. November 1 – December 31

To find a testing location near you, please visit

Courses related to this certification:
  • Exam
  • Code of Professional Ethics
  • Experience

ISACA Members: $575
ISACA Non-Members: $760

A $50 discount is available for individuals who schedule their exam early

Exam Details

150 multiple-choice questions over 4 hours proctored at PSI testing facility

Required Certification
  • *Relevant certifications may reduce experience requirement

Required Education

*Relevant education may reduce experience requirement

Required Experience

Minimum 5 years of information security experience, with at least three years in three or more of the job practice analysis areas (

ISACA may allow substitutions for experience to candidates with relevant certifications or education

Other Requirement Details

Agree to Code of Professional Ethics (


ISACA Member: $45/year
ISACA Non-Member: $80/year

20 ISACA approved contact hours (CPEs)/year and 120 CPEs/3 years