CISM Certification – Benefits and Who Should Get This


What is a Certified information security manager (CISM) certification?

CISM (certified information security manager) certification is for professionals who are eager for new career opportunities or looking for growth in their current company. The ISACA organization offers the CISM certification, apart from their most famous CISA certification. After getting your Certified information security manager certificate, you will be able to handle information security-related tasks.

What you will be able to do after getting the certificate

You will be able to handle information security-related following tasks

  • Information security governance
  • Information risk management
  • Information security program development and management
  • Information security incident management

Is CISM a good certification?

CISM certification is recognized by the IT industry as proof that the certified person can manage, design, assess enterprise information security, and oversee processes. The certification is even required by the IT industry to handle information security management tasks.

The certification is needed for

  • security consultants & managers
  • IT directors & managers
  • Security auditors & architects
  • CISOs
  • Risk officers
  • Security system engineers
  • Information security managers

Even someone who does not handle any of these roles in their company or organization but still working in the information security domain can aspire for the certification. This will help them get the boost in their career that they need.

Benefits of getting a CISM certification

  • Having a CISM certification will help you get advancement in your job as an information security professional.
  • CISM certification is worldwide recognized by various organizations.
  • Having a certification will show that you are committed to the profession. 
  • In addition to all this, being a certified information security manager will get you access to valuable resources including peer networking and idea exchange.

What is the average annual salary of a certified CISM according to Glassdoor?

The average CISM salary has been reported to be $51,881/year.

  • The average annual salary of the System analytics is 20 Lakhs
  • The average annual salary of the Information security manager is 15 Lakhs
  • The average annual salary of the security product manager is 16 Lakhs

Who can become a Certified Information Security Manager?

Anyone with an interest in learning about information security management as well as the eagerness to learn & up-skill themselves can become a certified information security manager. However, for taking an exam everyone has to meet some qualification criteria. Let’s take a look at what is the criteria to become a CISM certificate holder:

  • To apply for a CISM certification you must have passed the exam in the last 5 years. And to appear in the CISM exam, you need to have a bachelors degree.
  • You should have at least 3 to 5 years of experience in the information security management domain to get the certificate.
  • If you are passing both of these criteria then you can apply for the certification with the fee.

Having at least 3 years of experience in the Information Security Management Field

The person who is going to take the exam must have at least 3 years of experience in any of the following 3 job practices. However, it is possible to earn the experience after passing the exams as well, which would off course delay your certification:

  • Information Security Governance.
  • Information Risk management.
  • Information Security Program Development and Management.
  • Information Security Incident Management.

However, if you do not have the 3 years of experience then 2 years of experience in information security management will also help and following experience substituions and waivers are also available for CISM certification:

  • General information security work experience of at least a minimum of 1 month, maximum of 2 years
  • Current CISSP in good standing (2-year waiver)
  • Current CISA in good standing (2-year waiver)
  • The postgraduate degree must be relevant to the Information Security Management professional (2-year waiver).
  • Information Systems Management experience (1-year waiver).
  • Skilled based certification, such as CBCP, MCSE, CompTIA Security+, GIAC, ESL IT Security Manager (1-year waiver)

What is there in the CISM certification exam?

Applicants can take the CISM certification exam twice a year in June and December.

  • The exam has 200 multiple choice questions that students have to take within 4 hours of duration.

What is the syllabus for the CISM exam?

  • About 24% of questions are related to Information security governance
  • About 33% of questions are related to Information risk management and compliance
  • About 25% of questions are related to Information security program development and management
  • About 18% of the questions are related to Information security incident management

How to maintain your CISM certification

Getting the certification after passing the exam does not mean that you will be a certified CISM certificate holder for a lifetime. To maintain your status as CISM certified professional there are guidelines from the Continue Professional Education (CPE) policy that you must follow. This means that you will need to meeting 20 CPE hours every year and in a three year cycle, you should clock in 120 hours of Continuous Professional Education to maintain your CISM certification.

You must maintain an adequate level of current knowledge as well as proficiency in the domain of information security management. It will be proof of your experience and help your peers and external as well as internal stakeholders that you are up to date in your domain.

Is the CISM exam hard – how do I pass it

The CISM examination is relevantly hard to pass. This is to keep the integrity of the certification at high standards. However, students can choose to self-study or take online classes (assuming you are a full-time working professional). This will help you utilize your time with more efficiency. Let take a look at what are the key resources you will be needing to pass the examination. 

  • Exam Candidate Guide
  • CISM Planning Guide
  • CISM Review Manual 15th Edition
  • CISM Review Questions, Answers & Explanations (QAE) Manual 9th Edition

Some of the study tips to take the examination

  • The first tip to pass any exam is to plan, study, and measure how far you have come. Do this with consistency to ensure your passing. Setting your study time aside and keeping it up to exam day will surely help you. 
  • Obtaining all of the resources required to take the exam and studying using them is also important.
  • Having an official sample exam book will help you. You can download it from the ISACA’s website.
  • You must have knowledge of CISM practice areas including domains, task statements, and knowledge statements.
  • Take a good cover to read the CISM review manual.
  • Practice review questions, answers, and explanations. Do it as much as you can. Once you are done with sample questions, you should be able to tell which answer was correct and which one wasn’t.
  • Take notes, lots of notes. Even take notes of references. Keep your plan sheet up to date.
  • If you have already registered for the exam then check whether you are getting at least 80% of the marks in the practice/mock-up exams for crossing the baseline. If not then you can always reschedule your examination date up to 48 hours before the exam.
  • Review your grasp on the topics. Use CISM review manuals from the QAEs.
  • Study by making a timetable and follow it through. However, if you are tired from your job then do not study, rather take a rest, feel fresh, and then study.
  • For the final tip study and practice as much as you can. Remember that practice will make you perfect.

How much does CISM certification cost?

The average cost of registration for the exam of CISM certification is $400 to $700. The cost is different for members and non-members of ISACA.

Does CISM certification expire

Once you have earned a certification of CISM, your CISM credentials are valid for up to three years.

Once your certification is expired, you can choose to continue the certification by paying CISM certification maintenance fee of $45 for members of ISACA and $85 for non-ISACA members.

In addition to this, ISACA also demands its certified members to hold a minimum of 120 Continuing Professional Education (CPE) credits. Professionals can have 3 years to maintain their credentials. This means that everyone has to earn at least 20 CPE credits every year.


Having a CISM certification will surely help you up-skill yourself as well as gain new opportunities in your current organization and the new ones too. In addition to this, you will also learn so much while preparing for the exam. While wrapping this article all I want to say if you are thinking about taking a CISM certification exam but are confused if you should take it or will it help you in excelling your career as an Information security manager. Well, you should go for it. But if you want to explore other options, you can read our CISM and CISSP comparison.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.