Complete resources to ensure you achieve and maintain your CISM qualification.

Established in 2002, the Certified Information Security Manager (CISM) qualification is awarded by ISACA® and is a globally accepted standard of achievement among information security, information systems (IS) audit and IT governance professionals.

IT Governance offers a complete range of products, including study guides and training, which are designed to help you pass the CISM examination at the first attempt.

Speak to an expert

Studying for your CISM examination

Our complete range of CISM study guides and training services:

  • CISM Exam Passport
  • CISM Review Manual, 15th Edition
  • CISM Review Questions, Answers & Explanations Manual, 9th Edition

What are the requirements for the CISM qualification?

The CISM certification is awarded to candidates with at least five years of relevant work experience, who pass a rigorous written examination.

ISACA defines four CISM domains on which you will be examined:

  • Domain 1 - Information Security Governance (24% of exam)
  • Domain 2 - Information Risk Management and Compliance (30% of exam)
  • Domain 3 - Information Security Program Development and Management (27% of exam)
  • Domain 4 - Information Security Incident Management (19% of exam)

For more information, please see the official CISM 'How to Become Certified' web page.

How do you pass the CISM exam at the first attempt?

We recommend the following actions:

  1. Check that you have the relevant five years of work experience to qualify
  2. Register and schedule your exam direct with ISACA
  3. Purchase the official ISACA study guides and third-party textbooks
  4. Plan a self-study programme that covers all of the key knowledge domains
  5. Attend an exam preparation training course a few days before you sit the exam

How to register and schedule the CISM exam

Starting in 2017, the CISM exam will be offered via a computer-based testing (CBT) session, which is available during three testing windows per year. All candidates must first register online direct with ISACA and pay for the examination in advance. They will then receive email instructions on how to schedule an exam appointment at a local PSI exam centre. For the May-June 2017 window only, this notification will be delayed until 15 February 2017 for anyone who purchases prior to this date.

For further information, please review the ISACA Exam Candidate Information Guide for 2017 Exams.

Essential CISM books and study guides

As preparation is essential to passing the CISM examination, we strongly recommend that all delegates purchase the CISM exam and study guides before taking the relevant course. All titles are available from our dedicated ISACA Certification Bookstore.

We particularly recommend that you purchase the Official CISM Exam Passport package, which contains copies of the CISM Review Manual, 15th Edition, and the CISM Review Questions, Answers and Explanations Manual, 9th Edition.

Continuing Professional Education

There is a Continuing Professional Education (CPE) policy in respect of qualified CISM professionals. The goal of this policy is to ensure that all CISMs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security.

CISMs who successfully comply with the ‘continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organisations’. The responsibility for setting the CPE requirements rests with the CISM Certification Board which oversees the process and requirements to ensure their applicability.

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed three-year period. Please see the Maintain Your CISM page on ISACA’s website for further details.


Speak to an expert

Please contact our team for advice and guidance on our CISM products and services.