Skip to main content

What is CISM?

by Chris Brook on Tuesday June 13, 2023

Contact Us
Free Demo

CISM (Certified Information Security Manager) is an advanced certification designed for IT professionals who focus on information security management. In this post, we’ll discuss what CISM is, the CISM certification process, and the benefits of being CISM-certified.

Definition of CISM

CISM (Certified Information Security Manager) is “an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security program.” This certification is offered by ISACA, a nonprofit, independent association. CISM is accredited by ANSI under ISO/IEC 17024:2003.

CISM is designed for professionals who focus on information security management, like IT managers, information security analysts, or consultants supporting information security management. A CISM-certified individual is expected to manage the company’s information security, develop policies and practices, and understand the relationship between information security and business objectives.


CISM is one of the two most popular certifications for IT professionals; the other one is CISSP (Certified Information Systems Security Professional). What are the similarities and differences between CISM and CISSP?

  • CISM is offered by ISACA, while CISSP is by (ISC)2. Both organizations are independent and nonprofit.
  • Both CISM and CISSP will certify a candidate’s skills against a standard body of knowledge. Both require at least 5 years of experience in specific domains. Both need CPE (continuing professional education) credits for continued certification.
  • CISM’s emphasis is on management and strategy. On the other hand, CISSP focuses on the operation and threat response. This is the crucial difference between these two certifications.

How to Become a CIMS

CIMS certification involves several steps, including registration, taking the exam, and maintaining certification.

CISM certification exam

The CISM certification process starts with a 150-question multiple-choice exam. This exam is scored with a 200-800 scaled scoring method; the CISM passing score is 450. The exam covers the 4 CISM domains or content areas:

  • Information security governance
  • Information risk management
  • Information security program development and management
  • Information security incident management

CISM prerequisites

Not every IT professional can take the exam. Someone who aspires to be CISM-certified must have 5 years of experience in information security, with at least 3 years of information security management experience in 3 or more of the CISM domains mentioned above. Moreover, the experience should be gained within 10 years before the application date or within 5 years after passing the exam.

After passing the exam, applicants can then apply for CISM certification within 5 years.

How to prepare for the CISM exam

Here are a few practical tips on preparing for the CISM exam:

  • Download and read the latest ISACA Certification Exam Candidate Guide. This document contains all the useful information about the exam, like registration, deadlines, exam-day details, CISM domains, tips, and the length, languages, and number of questions of the exam.
  • Check the official CISM Exam Resources and the CISM Review Manual. The manual covers the exam content.
  • Do CISM practice tests. Start with ISACA’s free 10-question practice quiz. After that, move to the official CISM Review Questions, Answers & Explanations, which contains 1,000 questions and detailed answers.
  • Create your study plan. You can prepare on your own, but if possible, explore attending a CISM training course. ISACA also has available prep solutions, like CISM study aids that can be purchased and a sponsored CISM exam study community.
  • During the exam, think like a manager. Remember: CISM is management-focused. While having technical expertise is handy, always approach the questions with a manager’s mindset.

How to maintain CIMS certification

Here are the requirements for maintaining the CISM certification. The person must:

  • Sustain an adequate level of knowledge and proficiency in information systems security management.
  • Complete 20 CPE hours every year.
  • Follow ISACA's Code of Professional Ethics.

Blog Post

27 Data Security Experts Reveal The #1 Information Security Issue Most Companies Face With Cloud Computing & Storage

Benefits of CISM Certification

Should you seek CISM certification? Here are some points you can consider:

Higher salary

A CISM certification, like other information security certifications, can give your salary a boost. According to Certification Magazine, 48% of information security professionals who got the CISM certification have received a salary increase within a year. While 68% of those surveyed said their increase is less than 5%, roughly 25% got a 20-25% raise. The rest reported higher figures.

Moreover, out of 12 certifications, the average CISM salary appears to be the highest, at $127,063. CISSP ranks second at $117,030.

More credibility

As employers are having a hard time looking for qualified professionals, having CISM certification is a great way to screen whether a candidate has the expertise and experience. However, note that a CISM certification is not always a guarantee that a candidate for an information security management job would be successful in the long run.

More knowledge

Perhaps the best value CISM certification can provide to CISM holders is that it gives a standard understanding of essential concepts. CISM-certified individuals understand the business of their organizations. They can identify issues and adapt business practices to allow the management of information technologies.

Being CISM-certified shows that you have the skills and background to understand the relationship between an information security program and business objectives. Such a skillset is in high demand, making CISM an excellent choice for a career progression. In the end, choosing whether to pursue CISM certification must be aligned with the person’s long-term career goals.

Tags:  Information Security

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.