Certified Information Security Manager (CISM)

Sought after by experienced information security managers, the CISM certification is a groundbreaking credential earned by more than 23,000 professionals since it was established in 2002. The management-focused CISM is the globally accepted achievement for individuals who develop, build and manage enterprise information security programs. CISM retention is more than 95 percent.

The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.


The CISM certification was developed specifically for experienced information security managers and those with information security management responsibilities who include:

Information Security Managers Aspiring Information Security Managers IS/IT Consultants Chief Information Officers

Today CISM's holders include

  • 7,600 security directors, managers or consultants.
  • 3,200 IT directors, managers or consultants.
  • 2,700 who are employed in managerial, consulting or related positions in IT operations or compliance.
  • 2,300 who serve as audit directors, managers or consultants
  • 2,000 CIOs, CISOs, or chief compliance, risk or privacy officers.
  • Nearly 700 who are CEOs, CFOs or equivalent executives.
  • More than 200 who serve as chief audit executives, audit partners or audit heads.

The CISM exam is offered three times a Year i.e. June, September and December and consists of 200 multiple-choice questions which are to be completed in a 4 hour duration.

The Benefits of CISM

  • pave the path from security technologist to security manager,
  • Demonstrate deep understanding of the relationship between information security programs and broader business goals and objectives.
  • A potent combination of technical competence and managerial acumen.
  • Be able to effectively manage and adapt technology to their enterprise and industry.
  • Better align the organizations’ information security programs and the organizations broader goals and objectives,
  • Approach IT security from a business perspective emphasizing business understanding and leadership combined with technical expertise.

CISM Impacts Your Career and Your Organization

The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area. CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.

For the Professional, CISM Certification:

  • Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives
  • Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program
  • Puts you in an elite peer network
  • Is considered essential to ongoing education, career progression and value delivery to enterprises.

Why Employers Hire CISMs?

Enterprises and government agencies increasingly recognize, require and expect their IS and IT professionals to hold CISM certification. .

CISM employees:

  • Identify critical issues and customize company-specific practices to support the governance of information and related technologies
  • Bring credibility to the enterprise for which they are employed
  • Take a comprehensive view of information systems security management and their relationship to organizational success
  • Demonstrate to enterprise customers their commitment to compliance, security and integrity; ultimately contributing to the attraction and retention of customers
  • Ensure that there is improved alignment between the organization's information security program and its broader goals and objectives
  • Provide the enterprise with a certification for Information security management that is recognized by multinational clients and enterprises, lending credibility to the enterprise

How to Become CISM Certified-

To earn the CISM certification, candidates are required to:

  • Pass the CISM examination (offered worldwide every June, September and December, in 4 languages and at more than 240 locations)
  • Submit proof of five years of work experience in the field of information security, with at least three years in the role of information security manager
  • Adhere to ISACA’s Code of Professional Ethics
  • Agree to comply with the CISM Continuing Education Policy

Preparing for the CISM exam

ISACA Bangalore chapter enables you to prepare for the exam. Regular weekend classes and crash courses are conducted at the Bangalore Chapter. See the Review Classes page for more information and/or Write to chapter@isacabangalore.org for more information.

For more information on preparing for the CISM exam and information relating to study material, exam preparation community etc, please click here

Taking the CISM exam

The CISM exam is offered thrice in a year i.e. June, September & December and is usually held on the second sunday of the respective months. The exam comprises 200 questions and is to be taken within a four hour time frame. For more details about the exam, please click here

For a list of frequently asked questions relating to CISM , click here

CISM Recognitions include

  1. SC Magazine selected CISM as a finalist of the 2014 “Best Professional Certification Program” in the Professional Awards category for the fourth year in a row.
  2. The Australian Signals Directorate listed CISM as a prerequisite for its Information Security Registered Assessor Program.
  3. CISM is listed as being tied for the fourth highest-paying certification in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI) for 1 July 2013 – 1 October 2013.
  4. CISM was noted as having gained 8.3% in average market value from 1 April to 1 October 2012 and was listed as a highest-paying certification in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI). CISMs are earning premiums that place them in the top 7% of all 268 certifications currently being reported.
  5. Devry encourages earning the CISM (the only certification listed) on its infographic, “A Path to a Secure Future—Your Cyber Security Career Roadmap.”
  6. Global Knowledge listed CISM as the CyberSecurity certification for 2013 in “Eight Emerging IT Certifications For 2013.
  7. CISM was listed among the three highest-paying certifications in the 2012 IT Skills and Salary Survey by Global Knowledge andTechRepublic.
  8. CISM remained on the list of highest-paying IT security certifications in the 2012 IT Skills and Certifications Pay Index (ITSCPI) from research firm Foote Partners.
  9. The Skills Framework for the Information Age (SFIA) has recognized the CISA and CISM certifications by mapping them to the SFIA and showing the relevance of the related skills and experience.(www.sfia.org.uk)
  10. ISACA’s CISM certification is listed in Govinfosecurity.com’s Top 5 Information Security Certifications for 2012 due to the required experience and commitment to ethical standards.
  11. The World Lottery Association (WLA) recommends its auditors be CISAs or CISMs.
  12. CISM was recognized at the Hong Kong ICT Awards 2011 with the Certificate of Merit under the “Best Professional Development (ICT Professional) Award.”
  13. The DRII Institute for Continuity Management recognizes DRII certification applicants who hold CISM in good standing. CISMs qualify for the Certified Business Continuity Auditor (CBCA) and get a bypass for references.
  14. The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent.
  15. CISM has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past four years.
  16. The US Department of Defense includes the CISM certification in the list of approved certifications for its information assurance professionals.

CISM in the News

  • CSO ~"Hot security skills of 2013" notes that technical certifications like CISM are helpful for CSOs in the workplace.
  • The Heritage Foundation ~ “A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace,”encourages an increase in the number of IT professionals with security certifications such as CISM.
  • CIO Magazine ~ In “23 IT Certifications That Mean Higher Pay,” ISACA’s CISM certification is listed, based on data from Foote Partners LLC’s latest IT Skills and Certifications Pay Index.
  • In a September 2011 Bankinfosecurity.com article and podcast titled “What it Takes to Get Top Jobs; Expert: Technical Skills and Certifications Alone Won't Cut it,” David Foote of Foote Partners LLC research firm notes that the CISM credential is “going up in value.”
  • Global Knowledge listed the “Top IT Jobs for 2010 and Beyond” and named CISM the primary certification for the IT security manager.

Make the most of your relatioship with ISACA

Become a Member