Certified Information Security Manager (CISM)

The Certified Information Security Manager (CISM) is ISACA's management-focused information security certification. Recognized globally, it validates expertise in information security management, governance, risk management, and incident response. CISM is designed for security professionals who manage, design, and oversee enterprise information security programs rather than hands-on technical roles.

Request Training Email Inquiry

What is the Certified Information Security Manager (CISM)?

Who Should Take This Course?

Information Security Managers and Directors
Chief Information Security Officers (CISOs)
IT Managers with security oversight responsibilities
Risk and Compliance professionals in security roles
Security Architects designing governance frameworks
IT Auditors specializing in information security
Consultants advising on security program management

What You Will Learn in the CISM Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Domain 1: Information Security Governance

Establish and maintain an information security governance framework.

Information security strategy and program charter
Aligning security with business objectives
Security governance frameworks: COBIT, ISO 27001, NIST
Roles, responsibilities, and organizational structures

Domain 2: Information Security Risk Management

Identify, assess, and manage information security risks.

Risk identification and classification methodologies
Qualitative and quantitative risk assessment
Risk appetite, tolerance, and treatment strategies
Third-party risk management

Domain 3: Information Security Program

Design and manage the information security program.

Security program development and resource management
Security controls selection and implementation
Security awareness and training programs
Metrics and KPIs for security program effectiveness

Domain 4: Incident Management

Establish and manage information security incident response.

Incident response plan development and testing
Incident classification and escalation procedures
Forensic investigation and evidence handling
Business continuity and disaster recovery integration

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

5 years of information security management experience required
3 years waived with qualifying security certifications (CISSP, CCSP, CISA, etc.)
Adherence to ISACA Code of Professional Ethics
CISM exam pass must be followed by experience verification within 5 years

Exam Information

Everything you need to know about the CISM certification exam.

Exam Component	Details
Exam Name	Certified Information Security Manager
Exam Code	CISM
Exam Type	Multiple Choice
Total Questions	150
Passing Score	450 (out of 800)
Exam Duration	240 minutes
Language	English, Chinese Simplified, Japanese, Korean, Spanish, Turkish
Exam Provider	PSI Exams (in-person or online)
Exam Focus	Information security governance, risk management, program management, and incident management
Exam Registration	ISACA portal (isaca.org/certification/cism-certified-information-security-manager)
Retake Policy	1-year waiting period; maximum 3 attempts per year
Certification Validity	3 years (120 CPE hours required for renewal)