What Is Certified Information Security Manager (CISM)? - ITU Online

What Is Certified Information Security Manager (CISM)?

Quick Answers To Common Questions

The Certified Information Security Manager (CISM) is a globally recognized certification for information security management. It is designed for professionals who manage, design, oversee, and assess an enterprise’s information security. The certification emphasizes the importance of information security governance, risk management, program development and management, and incident management. Earning the CISM demonstrates expertise in information security governance, a critical area for protecting and enhancing the value of information assets.

Associated Exams

  • Certification Body: ISACA
  • Exam Format: Multiple choice
  • Number of Questions: 150
  • Exam Duration: 4 hours
  • Passing Score: 450 out of 800
  • Prerequisites: Five years of work experience in information security, with at least three years in information security management

Exam Costs

The exam cost for CISM varies by membership status and registration period. For ISACA members, the exam fee is typically around $575, while for non-members, it’s approximately $760. Prices may vary slightly depending on the country or specific conditions.

Exam Objectives

  1. Information Security Governance: Establishing and maintaining an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.
  2. Information Risk Management: Identifying and managing information security risks to achieve business objectives.
  3. Information Security Program Development and Management: Establishing and managing the information security program in alignment with the information security strategy.
  4. Information Security Incident Management: Planning, establishing, and managing the capability to detect, investigate, respond to, and recover from information security incidents to minimize business impact.
Certified Information Security Manager (CISM)

CISM Training

Unlock your full potential in cybersecurity with our cutting-edge CISM training course! This isn’t just another certification; it’s a career game-changer. Designed for pros who’ve already aced Cisco and Microsoft exams like PenTest+ or CySA+, this course will arm you with advanced skills and the confidence to pass the CISM exam. Take the leap—enroll today!

Frequently Asked Questions Related to Certified Information Security Manager (CISM)

Who should obtain the CISM certification?

Individuals in information security management roles or aspiring to be information security managers.

How long is the CISM certification valid?

The CISM certification is valid for three years, requiring continuing education credits for renewal.

What is the difference between CISM and CISSP certifications?

While both certifications are highly regarded in the field of information security, CISM focuses more on information security management, whereas CISSP covers a broader spectrum of information security topics.

Can I take the CISM exam without having the required work experience?

Yes, you can take the exam before meeting the experience requirements, but you must gain the required experience within five years to obtain the certification.

What are the continuing education requirements for CISM?

CISM certification holders must earn 120 continuing education credits over a three-year period, with a minimum of 20 credits per year, to maintain their certification.

Key Term Knowledge Base: Key Terms Related to Certified Information Security Manager (CISM)

Understanding the key terms associated with the Certified Information Security Manager (CISM) certification is crucial for anyone aspiring to excel in the field of information security management. This knowledge not only prepares individuals for the CISM certification exam but also equips them with the language and concepts needed to navigate the complexities of managing and governing a company’s information security program. These terms cover a broad range of topics, from risk management to information security governance, and are essential for those looking to demonstrate their expertise and commitment to the field.

Information Security GovernanceThe framework established to ensure that the information security strategies are aligned with organizational goals and objectives, providing the foundation for information security management.
Risk ManagementThe process of identifying, assessing, and prioritizing risks to organizational assets and implementing strategies to reduce these risks to an acceptable level.
Information Security Program Development and ManagementThe process of creating and managing an organization’s information security program, including the policies, procedures, and controls necessary to protect information assets.
Incident ManagementThe process of identifying, managing, and mitigating events that could threaten the security of information assets.
ComplianceEnsuring that organizational practices adhere to applicable laws, regulations, policies, and standards related to information security.
Information Security ManagementThe oversight and administration of an organization’s information security program in alignment with business goals and risk tolerance.
Business Continuity Planning (BCP)The process of creating systems of prevention and recovery to deal with potential threats to a company, ensuring that operations can continue in the event of a disaster.
Disaster Recovery Planning (DRP)The strategic plan for resuming business operations quickly and efficiently after a disaster, focusing on the recovery of information technology systems.
Security PolicyA set of documented guidelines and standards that dictate how information and information systems are managed and protected.
Access ControlThe process of granting or denying specific requests to obtain and use information and related information processing services.
CryptographyThe practice and study of techniques for secure communication in the presence of adversaries, including encryption and decryption.
Information AssetAny data, device, or other component of the environment that supports information-related activities.
Threat ModelingThe process of identifying and understanding potential threats to information systems and developing countermeasures to prevent or mitigate the impact of these threats.
Vulnerability AssessmentThe process of identifying, quantifying, and prioritizing the vulnerabilities in a system.
Security ArchitectureThe structural design of networks, information systems, and controls to provide a secure computing environment.
Security Awareness TrainingPrograms designed to educate employees about the importance of information security and the security practices and procedures they should follow.
Incident Response PlanA set of procedures to be followed in the event of a security breach or cyberattack.
Risk AssessmentThe process of determining the likelihood and impact of identified risks.
Security AuditA systematic evaluation of the security of a company’s information system by measuring how well it conforms to a set of established criteria.
Cybersecurity FrameworkA structured set of guidelines for how an organization can assess and improve its ability to prevent, detect, and respond to cyber attacks.

This list encompasses the foundational concepts that are integral to the CISM certification and to the practice of information security management. Mastery of these terms and their applications is essential for any information security professional aiming to achieve CISM certification and to effectively manage and protect an organization’s information assets.

LIFETIME All-Access IT Training

All Access Lifetime IT Training

Upgrade your IT skills and become an expert with our All Access Lifetime IT Training. Get unlimited access to 12,000+ courses!
Total Hours
2,619 Training Hours
13,281 On-demand Videos


Add To Cart
All Access IT Training – 1 Year

All Access IT Training – 1 Year

Get access to all ITU courses with an All Access Annual Subscription. Advance your IT career with our comprehensive online training!
Total Hours
2,627 Training Hours
13,409 On-demand Videos


Add To Cart
All-Access IT Training Monthly Subscription

All Access Library – Monthly subscription

Get unlimited access to ITU’s online courses with a monthly subscription. Start learning today with our All Access Training program.
Total Hours
2,619 Training Hours
13,308 On-demand Videos

$14.99 / month with a 10-day free trial