CISM explained

CISM: A Comprehensive Guide to the Certified Information Security Manager Certification

3 min read ยท Dec. 6, 2023
Table of contents


In the ever-evolving world of cybersecurity, organizations require professionals who possess the knowledge and skills to effectively manage and secure their information assets. One certification that validates these abilities is the Certified Information Security Manager (CISM). CISM is a globally recognized certification that demonstrates an individual's expertise in information security management, making it a valuable asset for professionals seeking career advancement in the field. In this article, we will delve deep into the world of CISM, exploring its history, purpose, relevance, and career aspects.

What is CISM?

The Certified Information Security Manager (CISM) certification is awarded by ISACA (formerly known as the Information Systems Audit and Control Association), a nonprofit professional association for IT Governance, risk management, and cybersecurity professionals. CISM focuses on information security management, encompassing the development, implementation, and management of an enterprise's information security program.

CISM Domains

CISM covers four key domains that represent the core competencies required of information security managers. These domains are:

  1. Information Security Governance (24%): This domain focuses on establishing and maintaining an information security governance framework and supporting processes. It involves developing and implementing an information Security strategy aligned with organizational goals and objectives.

  2. Information Risk Management (30%): This domain deals with the identification, assessment, and management of information risks to achieve business objectives. It includes processes for risk assessment, risk treatment, and risk Monitoring.

  3. Information Security Program Development and Management (27%): This domain covers the establishment and management of the information security program. It involves designing and managing the program framework, resource management, and implementing information security controls.

  4. Information Security Incident Management (19%): This domain addresses the establishment and management of the capability to respond and recover from information security incidents. It includes developing and implementing an Incident response plan, incident detection and response, and post-incident activities.

CISM Certification Process

To obtain the CISM certification, candidates must successfully complete the following steps:

  1. Pass the CISM Exam: The CISM exam consists of 150 multiple-choice questions that cover the four domains mentioned earlier. Candidates must achieve a scaled score of 450 or higher (out of 800) to pass the exam.

  2. Work Experience: Candidates must have at least five years of work experience in information security management, with at least three years of experience in three or more CISM domains. However, individuals who lack the required work experience can substitute a maximum of three years with other certifications, education, or work experience waivers.

  3. Adherence to the Code of Professional Ethics: Candidates must agree to the CISM Code of Professional Ethics, which outlines the professional and ethical conduct expected from CISM-certified individuals.

  4. Continuing Professional Education (CPE): After becoming certified, CISM holders must maintain their certification by earning and reporting CPE hours annually. This ensures that professionals stay up-to-date with the latest developments in the field.

CISM Relevance and Career Benefits

The CISM certification offers several benefits to professionals seeking career growth in the field of information security management:

  1. Global Recognition: CISM is globally recognized, providing professionals with a credential that is respected and sought after by employers worldwide. It demonstrates their commitment to excellence in information security management.

  2. Career Advancement: CISM certification enhances career prospects by validating the knowledge and skills required for senior management and leadership roles in information security management. It opens doors to opportunities such as Chief Information Security Officer (CISO), Information Security Manager, and Risk Manager.

  3. Industry Standards and Best Practices: CISM equips professionals with a comprehensive understanding of industry standards and best practices in information security management. This knowledge enables them to effectively develop, implement, and manage information security programs aligned with organizational goals.

  4. Network and Community: CISM certification provides access to a global network of professionals in the information security management field. This network offers opportunities for collaboration, knowledge sharing, and career growth.


CISM is a prestigious certification that validates professionals' expertise in information security management. It covers essential domains required for effective information security governance, Risk management, program development, and incident management. The certification process ensures that candidates possess the necessary experience and adhere to professional ethics. CISM offers numerous career benefits, including global recognition, career advancement opportunities, knowledge of industry standards, and access to a professional network. As the demand for skilled information security managers continues to rise, the CISM certification remains highly relevant in the industry.


Featured Job ๐Ÿ‘€
Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Full Time USD 137K - 180K
Featured Job ๐Ÿ‘€
Cyber Security Strategy Consultant

@ Capco | New York City

Full Time Mid-level / Intermediate USD 110K - 145K
Featured Job ๐Ÿ‘€
Cyber Security Senior Consultant

@ Capco | Chicago, IL

Full Time Mid-level / Intermediate USD 110K - 145K
Featured Job ๐Ÿ‘€
Information Assurance Engineer

@ Leidos | 6314 Remote/Teleworker US

Full Time Senior-level / Expert USD 101K - 183K
Featured Job ๐Ÿ‘€
SharePoint Administrator

@ General Dynamics Information Technology | USA FL MacDill AFB - MacDill AFB (FLC007)

Full Time Mid-level / Intermediate USD 93K - 126K
Featured Job ๐Ÿ‘€
Tier 2 Systems Administrator

@ Northern Trust | USA MD Fort Meade - Fort Meade (MDC025)

Full Time Mid-level / Intermediate USD 88K - 103K
CISM jobs

Looking for InfoSec / Cybersecurity jobs related to CISM? Check out all the latest job openings on our CISM job list page.

CISM talents

Looking for InfoSec / Cybersecurity talent with experience in CISM? Check out all the latest talent profiles on our CISM talent search page.