CISMCertified Information Security Manager
The management-focused security credential for security leaders
Exam details independently verified January 2026
About this certification
The CISM validates expertise in information security management, program development, incident management, and risk management. Unlike CISSP (which is broad) or CEH (offensive), CISM focuses specifically on managing and governing enterprise security programs.
MyCertPath verdict
ISACA's CISM is the management counterpart to CISSP — narrower, more management-focused, and arguably more aligned with the day-to-day work of a security manager. Holds particular weight on the CISO/director track in regulated industries, especially financial services.
What it actually tests
150 questions in four hours across four domains, weighted heavily toward Information Risk Management and Information Security Program Development. Questions are scenario-based and test judgement, not memorization. ISACA's wording is subtle — practice with ISACA-source materials specifically, not generic 'CISM' prep.
Common traps
Things candidates underestimate or get wrong on this exam.
- Studying with non-ISACA materials. ISACA's question style is distinct enough that generic prep misses it.
- Forgetting the five-year experience requirement (with some waivers). Without it, you pass the exam but aren't credentialed.
- Underestimating maintenance — 120 CPEs every three years plus annual ISACA membership.
What you'll validate
- ✓Information security governance
- ✓Security risk management
- ✓Security program development
- ✓Incident management
- ✓Compliance and audit
Pros & Cons
Advantages
- +Top security management credential
- +Highly valued in financial services and healthcare
- +Focused on business and governance — less technical than CISSP
Disadvantages
- −Requires 5 years of experience
- −Annual maintenance fee
- −Less widely known than CISSP
Who it's for
Best for
- →Security managers targeting CISO
- →IT directors adding security governance credentials
Not ideal for
- ×Technical security practitioners (use CISSP)
- ×Entry-level professionals
Career paths this unlocks
Study Resources
Affiliate links — we may earn a commissionTop picks for CISM
Register for the exam
Apply through ISACA.org — ISACA member pricing saves $200+ on exam fees
More places to study
Most popular cert prep courses, often on sale for $14.99
Highest-rated practice exams for AWS, Azure, and GCP
University-backed courses from Google, IBM, DeepLearning.AI
Practice tests and hands-on labs for 30+ cert tracks
Official study guides and exam prep books
Hands-on cloud sandboxes and cert prep subscriptions
1-month free trial — includes 21,000+ cert prep courses
MyCertPath earns a commission when you purchase through these links — at no extra cost to you. We only recommend resources we'd stand behind.
Jobs for CISM holders
CISM holders report $10k–$30k+ salary uplift on average.
LinkedIn Jobs
Updated daily
Indeed
Dice (tech roles)
Tech-focused job board
CyberSeek (cyber only)
NIST-backed supply/demand tool
Job links open external sites. Search results are live and not curated by MyCertPath.
Quick Facts
- Exam Cost
- $760 (ISACA member price $575)
- Exam Duration
- 240 minutes
- Questions
- ~150
- Passing Score
- 450/800
- Exam Format
- Multiple Choice
- Study Time
- ~200 hours
- Validity
- 3 years
- Salary Impact
- Strong ($10k–$30k+ uplift reported)
- Last Verified
- January 2026
Prerequisites
- !5 years of security experience, 3 in security management
Actyra Training
Custom eLearning built on the science of how people actually learn
Actyra designs and builds cert-prep training programs for enterprise teams — custom courseware grounded in cognitive science.
Talk to a training expert →