Project Management Institute logo with orange, purple, and blue abstract shapes
Project
Management
Institute.
  1. Home
  2. Certifications
  3. Certified Information Security Manager®
CISM logo
Certification

Certified Information Security Manager (CISM)®

5+ years of information security management experience

The CISM® certification is a globally recognized credential for IS professionals who manage, design, oversee, and assess an enterprise’s information security. CISM demonstrates your ability to align information security strategy with broader organizational goals.

CISM helps you transition from a technical specialist to a strategic security leader, making you highly valuable to enterprises prioritizing effective security governance.

Member price
₹44,000*
Non-member price
₹61,000*

*Prices may vary by region and membership status.

Learn More About Membership

Is CISM Right for You?

The CISM certification is ideal for experienced information security managers and those who have information security management responsibilities. It is a globally recognized credential that validates your knowledge in managing and governing enterprise information security programs.
42%

Professionals holding a CISM certification earn 42% higher average salaries than their non-certified peers globally.

70,000+

More than 70,000 security leaders globally have earned the CISM credential to strengthen their career path.

Handbook & Requirements

Download the CISM Candidate Guide to understand exam details, policies, and application procedures.

About the Exam

Exam Format

150 multiple-choice questions

Exam Time

4 hours

Languages

English, Simplified Chinese, Japanese, Spanish, French, and more

The CISM exam focuses on four key domains: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management.

Before you apply, make sure you meet one of the following sets of CISM certification requirements:

Set A Requirements

  • Five (5) or more years of professional experience in information security management within the last ten years.
  • Experience must be gained across at least three of the four CISM domains.
  • Adherence to ISACA’s Code of Professional Ethics and Continuing Education Policy.

Set B Requirements

  • Four (4) years of experience in information security management plus a bachelor’s degree (or equivalent).
  • Substitutions of experience allowed based on educational achievements or other certifications (e.g., CISSP).
  • Must pass the CISM exam and agree to ISACA policies.

Set C Requirements

  • Three (3) years of experience in information security management with a master's degree in information security or a related field.
  • Education can substitute up to two years of required experience per ISACA guidelines.
  • Must comply with the Code of Ethics, Continuing Education Policy, and successfully pass the exam.

Maintaining your CISM certification

Maintaining your CISM demonstrates your ongoing commitment to professional growth and adherence to globally recognized security practices. CISM holders are required to earn a minimum of 20 Continuing Professional Education (CPE) hours annually and 120 CPE hours over a three-year cycle.

  • Attending ISACA conferences, workshops, and online programs
  • Delivering presentations or workshops on cybersecurity
  • Authoring articles, books, or whitepapers
  • Completing approved courses or webinars
  • Volunteering with ISACA chapters or industry organizations

Staying certified as a CISM strengthens your professional standing and demonstrates a proactive approach to adapting in the ever-evolving cybersecurity landscape.

Learn More About Maintaining