Certified Information Security Manager

Pass Your Certified information security manager easily.


Certification Provider


Exam Code



Exam Name

Certified Information Security Manager



4 hours


No. of Question

200 questions


Passing Score

450 (out of 800)



English, Chinese, Japanese, Korean, and Spanish



5 years

With our service you can practice exam on free!

Start practice exam

CISM (Certified Information Security Manager) is an advanced security certification designed for IT professionals who focus on information security management. This certification indicates that one possesses the knowledge and experience required to manage the organization's information security programs. The CISM certification makes you capable of understanding the relationship between information security and business objectives.

This certification primarily focuses on a security management system that is related to the information system. It makes you capable of managing an organization's information system. Holding this certification helps you to earn a higher salary. This certification enhances your value as an employee and sets your path towards success. Your certificate will get well respected by multinational companies and clients. So CISM certification not only validates your skill, but it gives a complete advantage when you look for a job.

CISM is a difficult exam that keeps on updating every year. It validates the skills necessary to manage, design, and assess an organization's information security. It focuses on the risk management of the organization. CISM is for the management-level IS professional.

About Certified Information Security Manager (CISM) Certification Exam

To achieve CISM certification, you have to clear the CISM exam. The format of the CISM exam remains unchanged. It is a multiple-choice examination where the questions are delivered one at a time, with the option of flagging answers for later review. CISM exam consists of about 200 multiple-choice questions that cover 4 CISM domains. The duration of the exam is 4 hours. To pass the exam, the candidate must score more than 450 out of 800. If you pass the exam, then the result will be mailed within eight weeks. You can take this exam in multiple languages like English, Chinese, Japanese, Korean, and Spanish.

Exam price

Certified Information Security Manager Exam fees aren't cheap. The exam price is different for its member and non-member candidates. Discounted exam fees are available to ISACA members. You will have to pay for the membership separately. If you register early, you'll receive $50 off on the CISM exam fee. For early registration of the CISM exam, the cost is $525 for members and $710 for non-members. Final registration is $575 for members and $760 for a non-member. Once you pay exam registration fees, they are non-refundable and non-transferrable.

Exam validation  

This certification is valid for only 5 years.

Exam retake policy

ISACA has implemented the following retake policy:

  • Individuals have 4 chances to pass the exam over a rolling twelve-month cycle. Within 12 months from the date of the first attempt, those who do not pass on their first attempt are allowed to retake the exam a total of 3 more times.

In detail:

  • First Retake: Candidates who do not pass an examination on the first attempt must wait 30 days to take the examination again. 
  • Second and Third Retake: If a candidate fails the exam in the second and third attempts, he/she has to wait for 90 days to take the exam again. 
  • Individuals who pass the exam are prohibited from taking the same test within 5 years of the application date. 
  • Certification holders, although they are qualified, are prohibited from taking the same certification test.

Exam Rescheduling and Cancellation Policy

Candidates can schedule their exam for any day/time within 365 days. Candidates must select either they want to give the exam through online remote proctoring or an in-person testing center. Due to some conditions, if you cannot take your exams on the scheduled date, you can reschedule the exam. You have to reschedule your exam at least 48 hours before your scheduled exam appointment. The late rescheduling of the exam will constitute a fee. If you fail to show up for your CISM exam or do not reschedule or cancel your exam at least 48 hours before your scheduled exam, you will lose your full test fee.

Follow the steps:

  • Please log in to your ISACA account.
  • Visit your MyISACA and press the "Certifications & CPE Management" tab to cancel the schedule for your exam (to be able to reschedule). 
  • Next, click on the link to reschedule or cancel your test. 
  • You will be entitled to reschedule during your 365-day eligibility span after you cancel your schedule.

Syllabus of the exam



No. of the question asked in the exam

Domain 1 (Topic 1)– Information Security Governance


48 questions

Domain 2 (Topic 2)– Information Risk Management


66 questions

Domain 3 (Topic 3)– Information Security Program Development and Management


50 questions

Domain 4 (Topic 4)– Information Security Incident Management


36 questions

Requirements for Taking Exam 

Not every IT professional can take this exam. To get CISM certification, you must fulfill the following requirements.

  • Agree with the ISACA code of professional ethics.
  • Agree with CISM policy on Continuing Education.
  • Minimum five-year experience of information security work, including at least three years of work experience in information security management in three or more job practice analysis fields. These experiences should be gained within ten years before the application date or within five years after passing the exam.
  • Submit a CISM certification application within five years from the date of the initial passing of the exam.

Importance of CISM certification

The CISM exam is not easy. It takes a lot of time and preparation to pass the exam. But once you pass the exam, you will get a lot of benefits. You will get many chances to uplift your career at its peak once you get the certification. Some of the advantages of having CISM certification are as follows:

  • Certification helps you to earn higher.
  • You will get worldwide recognition as an information security manager.
  • This certification is accepted all around the world. So you can get a job in any organization in any part of the world.
  • Validate your ability to manage information security.
  • You will get a chance to join a specific group of professionals who have proven their knowledge and skills.
  • Increase your skill and knowledge in information security programs.

 What are the Identification Requirements for the Exam?

Candidates can only enter into the test center if they have a valid form of identification with them, and ID must be a current and original government-issued ID that contains:

  • Candidate's name (same as it appears on the Notification to Schedule email from ISACA) 
  • Candidate's signature
  • Candidate's photograph

Acceptable forms of identification are the following:

  • Driver's license
  • Passport card 
  • Passport 
  • State identity card (non-driver's license) 
  • Military ID 
  • Green card, alien registration, permanent resident card 
  • National identification card

If a candidate does not provide an acceptable form of ID, their ID will be rejected and considered absent. They will also lose the registration fee.

Can I attend the exam online?

You can take the ISACA Certification exams online from any location you wish. The exam will be monitored via a webcam.  

  • You can take a test from anywhere, especially from your own home's security and privacy.
  • You can take the test at any time, and you can plan the exam wherever possible, minimizing overlapping goals or problems.
  • You have to take a test in a closed-door environment where remote proctoring ensures the same safe monitoring conditions as a test center. You should be in a walled room with a closed door and with no distractions. Nobody else is allowed to join you in the room while you are testing.

Registration Procedure for the CISM certification exam

The complete registration procedure for your exam is as follows:

  • Go to the Exam Registration page. https://www.isaca.org/ 
  • Select your certification.
  • Create an account or Log in to your account.

Note: If you are creating an account, please make sure that your name is the same as what appears on your government-issued identification that you will display on exam day.

  • It is necessary to verify a PSI test site near you before you register for the exam.

Exam applicants will have a twelve 12 month eligibility period to take their exam after registration. This implies that you have 12 months (365 days) to take your test from the day you file your registration.

Schedule CISM Exam

To schedule an exam, you have to follow the following steps: 

  • First, log in to your ISACA account
  • Click on the myCertification button and select the Schedule Exam.
  • You will be taken to the PSI site by clicking the Access Exam Dashboard to schedule your examination.
  • Click the scheduled exam.
  • Follow the instructions once you are on the PSI scheduling site:
  • Select a language for the exam. 
  • Select the Country and Time Zone. 
  • Pick the date and time available on the calendar. 
  • Press the Continue button. 
  • Check the details of the schedule and press Continue.

After that, you will receive a confirmation mail from the exam website confirming your exam appointment.

Can I request a rescoring?

Yes, you can request rescoring if you do not pass the exam. But for each request, you have to pay a fee of $75.

What is the average CISM certification salary?

CISM is the top paying cybersecurity certification. The average annual pay made for CISM-certified candidates is about $137,058 a year. These salaries range from $52,402 to $243,610.

What are the career opportunities after this certification? 

CISM is a high-level certification of information security management. Once you are certified with this certification, you will get various job opportunities. Some of the jobs that you can get after CISM certification are :

  • Information System Security Officer

Information systems security officers are responsible for research, development, implementation, testing, and reviewing the company's information security. They protect the information and prevent unauthorized access. They prepare and review all security documents in the organization. They ensure that the appropriate security controls are applied to all systems. They keep on monitoring all the IT systems. They even provide information security expertise to the system development teams.

  • Information / Privacy Risk Consultant

They identify and minimize the risks that an organization faces. They make the information secure. Their main responsibility is to analyze the risk and assessment of the threat. They evaluate the risks and threats.

  • Information Security Manager

The Information Security Manager is responsible for analyzing security measures. They formulate and Implement IT Security Policies. They are the one who is responsible for the safekeeping of IT technology within the organization. They ensure that all the systems are kept safe and secure. They protect the organization from different hackers and cyber-criminal activities. 

  • Security Engineer

They are responsible for reducing the threat of cyber attacks. They install security software and update systems to ensure that they have the most updated protection. They also keep on testing the networks and analyzing trends to make predictions regarding future threats. 

  • Information Security Analyst

Information Security Analyst will design and implement IT security systems to protect organization computer networks from cyber attacks. They install security measures and operate the software. They are responsible for installing and upgrading the antivirus software. They even test and evaluate the new technology to ensure security.

  • IT Security Consultants and Architects 

IT Security Consultants and Architects design, implement and maintain security protocols, plans, and policies to cover all possible security threats. They stay up to date with the latest security system to understand the latest IT system. They even think like a hacker to become one step ahead to ensure the overall network and system security.

How to Prepare for the exam?

There are many resources to prepare for the exam. You can stay home and prepare yourself for the exam. As there are several ways to prepare yourself for the exam. Some of them are:-

  • Create a study plan
  • Read the ISACA's Exam Candidate Information Guide
  • Take Practice Exams
  • Self-study
  • Join the CISM Exam Study Community
  • Create a study plan

Firstly, make a study plan. There are many factors to be considered while creating your study plan. First, you have to check how soon you can take the exam. You have to find the time that works for you. Then you have to decide how much you can spend on preparation material and training courses. Then finally, you have to figure out which training method is best for you.

  • Read the ISACA’s Exam Candidate Information Guide

ISACA guide provides lots of practical information for the CISM exam. It publishes an updated version of its candidate guide. You can use the latest version to review important topics, like exam registration, deadlines for the exam, domains, question number, exam length, and language. Without reading this guide, no applicant can take the CISM exam.

  • Take Practice Exams

Practice makes the man perfect. The more you practice, the more you get confident and skilled. So keep on practicing the CISM question to pass the exam. For practice tests, you can visit examselect.com. Examselect is a platform where you can get a practice test with the latest question and answer. So visit ExamPirate for CISM practice questions if you are thinking of giving the CISM exam.

  • Self-study

For many people, Self-study has been the most preferred choice to prepare for the exam. You only need to connect to the internet to gather the study resources, so Self-study is comparatively cheaper than other preparation methods. You can use online courses, videos, and books for self-study. Books contain all the information that you need to know. They are a deep source of information. Experts make online courses and videos by doing lots of research work. So you can trust these courses and go through them.  

  • Join the CISM Exam Study Community

The ISACA sponsors the CISM Exam Study Community and is freely open to any candidate. It allows the exchange of questions, methods of analysis, and exam tips. As past top candidates coordinate this community, you will get proper guidance from them. You can ask the question and answer that you feel confused about in this community. It costs nothing and allows you to learn what to expect on the day of the exam.


CISM is a popular certificate that focuses on information security management. This certification makes you capable of managing and securing the information properly. It gives you updated knowledge and skills required to manage information security.

Related Exams

Find the most popular exams here!