How to Earn CISM Certification


Ranked among the top IT certifications, becoming a Certified Information Security Manager (CISM) positions you for greater earning potential and career opportunities. Without question, security is one of the most in-demand professions and there is a large market for those looking for leadership positions in the space.

The CISM certification is uniquely geared towards those looking to demonstrate their ability to manage systems and teams responsible for a company’s information security.

This credential is for those that have considerable experience in this management role already or those looking to take the next step up the company ladder.

With CISM, you’ll learn how to assess and manage an enterprise’s information security. It establishes the management mentality and validates your competency in overseeing information security systems and teams.

cism_jobsSource: ISACA

This is our ultimate guide to everything you need to know to successfully become a Certified Information Security Manager (CISM).

Who should get CISM certified and what positions will it benefit?

  • Information Security Management Professionals
  • Information Security Analysts
  • IT Systems Managers
  • IT Security Consultants and Architects
  • Chief Information Security Officers
  • Executive and Senior IT Leadership

What does a CISM do?

While the answer to this varies by company, there are some basic responsibilities a CISM takes on.

  • Provides leadership and management oversight of information security staff
  • Reviews, documents, and implements policies and procedures related to information security for a company
  • Manages responses and mitigations to any attempted or potential system attacks
  • Communicates with executive management regarding company security compliance and any audit findings
  • Implements information security strategies to protect a company’s network security
  • Ensures information security systems and policies are in compliance with all applicable rules and regulations
  • Responsible for budget and funding requests for security technology support and enhancements

What is covered on the CISM exam?

ISACA offers the exam during Testing Windows each year. You must have verified at least five years of relevant work experience in the last 10 years. You must also have a minimum of three years of information security management work experience in three or more of the CISM job practice analysis areas.

There will be a total of 150 multiple choice questions on the exam covering the four (4) domains below. To successfully pass the exam, you must score at least 450 points on the 800 point scale. This is a normalized scale which will be calculated following exam completion.

CISM Domains & Percent of Exam

  • Domain 1—Information Security Governance (24%)
  • Domain 2—Information Risk Management (30%)
  • Domain 3—Information Security Program Development and Management (27%)
  • Domain 4—Incident Security Incident Management (19%)

After you pass the exam and have met all the prerequisites, you may apply for certification. Your CISM certification will be valid for three years.

Where can I find CISM training and practice exams?

There are a good number of online courses that cover the CISM exam. However, not all of them provide the right level of information you need to understand before taking the exam.

We’ve reviewed many different courses across the industry and have identified two of the top recommended online courses and one instructor-led training for you.

The flexibility of an online course allows you to learn at your own pace while instructor-led provides greater depth on the subject areas. With either learning path, you will be well prepared since the courses are all designed using the questions on the exam as an input.

Best online CISM certification training:

  1. 2018 CISM Online Exam Prep by Certified InfoSec: This is one of the best-valued courses out there that was developed based on the four (4) CISM domains. The material has been tailored to cover the questions and concepts on the exam. You’ll be well prepared for anything with this CISM exam prep course. You do only have 180 days of access to the course content, but this should be ample time to build your knowledge and successfully pass the exam.
  2. CISM Certification Training by Simplilearn: This course offers 16 hours of self-paced online learning, one (1) practice exam, and knowledge check questions to get you ready. The content covered in this course was crafted by industry experts and builds your competency in the CISM domains. This is a great course to either start learning about CISM or check your knowledge before taking the exam.
  3. CISM Online Review Course by ISACA: This is the only training course published by ISACA and reviews all of the core subjects you need to know in order to pass the CISM exam. The cost for a year of access to the course is high, but it’s hard to beat training from the organization that also manages the exam. (ISACA Members: $795 / Non-members: $895)
  4. CISM Online Course by Cybrary: While the course isn’t as good as the two above, it’s hard to beat FREE. This is one of my favorite sites for information security training. One downside is that you will have to provide valid personal and/or company information in order to gain access to the courses.

Best instructor-led CISM training boot camp:

InfoSec Institute’s training is great for organizations looking to certify multiple employees at a time, but you can’t beat it even if you’re pursuing it for personal development. They have an exam pass guarantee where they will cover a second sitting if you do not pass on your first attempt.

The best course for exam readiness is InfoSec’s five (5) day CISM Bootcamp. In this in-depth course, you will build your competency and knowledge in the concepts covered in the four (4) CISM domains. The course is geared toward holistically learning the four domains, rather just memorizing points to pass the exam. You’re pretty much guaranteed to ace it given the amount of detail covered by InfoSec.

You also get access to the course material for future reference and an exam voucher is included as a way to encourage you to take the final step to get certified. This is the training to choose if you’re looking for a dedicated, instructor-led course to drive home everything you need to know for CISM certification.

What are the CISM certification requirements?

First, you must have a minimum of at least five (5) years of work experience demonstrating and performing the responsibilities that define a CISM professional across at least three (3) of the four (4) CISM domains.

Once you’ve met the work experience requirements, the next step will be to register and sit for the CISM exam at an ISACA testing site administered by PSI.

Before doing so, it is highly recommended to take a CISM exam preparation course, online training, and practice exams no matter your experience level. These resources will help you learn the terminology and content from each domain that will be on the exam.

How much does CISM certification cost?

The CISM certification cost will depend on whether you are an ISACA member or not. For ISACA members, the CISM exam cost is $575. Non-members will pay $760 to sit for the exam.

ISACA membership requires you to pay their $10 New Member Fee (online only), $135 International Dues, and Local Chapter Dues (see Chapter Dues Table). Most chapter dues range between $20-100 depending on location and whether you are a student or recent graduate.

After you pass the exam, you’ll need to apply for certification by sending in your verified evidence of work experience. There is a $50 processing fee that helps cover ISACA’s efficient and quality certification administration.

What is the average CISM certification salary?

Based on a sample of data from PayScale, the average CISM certification salary in 2019 is $122,000. The top cities that pay well above average for this certification include New York, Washington D.C., Dallas, and Seattle.

You’ll find many large employers in these cities that provide technology, financial, or government products and services. However, you’ll quickly find that information security managers are in high demand in just about every major city.

What are other related information and cyber security certifications?

You may also be interested in the following related certifications which will further build your expertise in risk and information security management:

We hope you have found this collection of resources useful to get you on the right track to become a Certified Information Security Manager (CISM). Please share your thoughts in the comments and contact us with any questions.

1 Comment
  1. Complete and comprehensive information regarding CISM Certification in a single post. Thanks, Keep it up, Guys.

Leave a reply