Certified Information Security Manager

Why Trust Techopedia

What Does Certified Information Security Manager Mean?

Certified Information Security Manager (CISM) is a vendor-neutral security management certification granted by ISACA. This advanced certification provides employers and business partners with documentation that the certificate holder has the work experience and knowledge to manage an organization’s information and communication technology (ICT).


The exam for this certification is multiple-choice, has 150 questions and takes four hours to complete. Candidates for this advanced certification are encouraged to have a college degree or successfully complete an information security bootcamp before taking the exam, which evaluates knowledge in the following areas:

Techopedia Explains Certified Information Security Manager

ISACA’s Certified Information Security Manager (CISM) certification is intended for information technology professionals who have work experience in security and want to move into a managerial role.

While both CISSP and CISM certifications are geared toward information security professionals, CISM is often considered to be a more advanced certification because it requires the candidate to demonstrate their knowledge of cybersecurity best practices from an international, business point of view.

CISM certification is valid for five years if the recipient does the following:

  • Completes a minimum of 120 hours of continuing education within a three-year period, with a minimum of 20 hours of continuing professional education each year.
  • Submits verification of three or more years work experience management in infosec within five years of passing the exam. At least one year’s work has to focus on security management, one year has to focus on risk management and one year has to focus on information security program development.
  • Honors ISACA’s annual maintenance fees.

CISM certifications verify the certificate owner’s working knowledge of risk management, incident management, program development and information governance.



Length of Exam

3 hours/100-150 items

4 hours/150 questions

Passing Score

700 out of 1,000

450 or higher

Exam Fee

U.S. $749

Members: U.S. $575

Nonmembers: U.S. $760

ISACA Membership


U.S. $135

Annual Fee

U.S. $125

Members: U.S. $45

Nonmembers: U.S. $85

Required Continuing Professional Education (CPE) Credits

120 credits over 3 years; minimum of 40 credits per year

120 hours over 3 years; minimum of 20 credits per year


Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.