CISM
ISACA Certified Information Security Manager
Created per CertMap methodology · Updated 12 May 2026 · About the editorial team →
▾ Jump to …5 sections
Overview
What is CISM?
The Certified Information Security Manager (CISM) from ISACA is the leading management certification in information security, focusing on governance, risk management, and strategic oversight – not technical implementation details. It is specifically designed for experienced security professionals transitioning into leadership roles or seeking to formally demonstrate management competency. CISM is often perceived as complementary to CISSP: while CISSP emphasizes technical breadth, CISM targets the business perspective and senior management. The exam (150 questions, 4 hrs) is demanding and requires real management experience. An updated Exam Content Outline takes effect in November 2026.
Suitable for
Quick facts
Key details
Cost, prerequisites, exam & renewal
Cost over 5 years
Prerequisites
5 years of experience in information security management. Up to 2 years may be substituted by other qualifications.
Exam format
150 multiple-choice questions, 4 hours, proctored via PSI. Passing score: 450/800.
Renewal & maintenance
Valid for 3 years. 20 CPE hours/year (minimum 120 over 3 years) + annual AMF (45 USD Member / 85 USD Non-Member).
Classification
CertMap score and matching roles
Rating
Matching NICE roles
Mapping from NIST NICE Framework SP 800-181, status 2025. NIST source ↗
Learning & preparation
Freely accessible preparation
A curated selection of freely accessible learning paths for this certification. Not exhaustive, not ranked.
Official from the provider · Guide
ISACA — offizielle CISM-Prüfungsvorbereitung
Review manual, question database and official study materials directly from ISACA.
Provider-affiliated · Course
ISACA Germany Chapter — Schulungen & Weiterbildung
The German ISACA chapter offers preparation events and training around CISM.
Freely accessible community content · Video
Prabh Nair — Mastering CISM: Thinking Like a Manager
Freely accessible CISM explainer videos and exam tips from Prabh Nair.
We only list freely accessible, factual learning paths: from the provider, a provider-affiliated non-commercial body, or established community content. No paid placements, no affiliate links.
More certifications
More certifications
From ISACA
AAIAAdvanced in AI AuditAAIRAdvanced in AI RiskAAISMAdvanced in AI Security ManagementCCOACertified Cybersecurity Operations AnalystCDPSECertified Data Privacy Solutions EngineerCGEITISACA Certified in the Governance of Enterprise ITCISAISACA Certified Information Systems AuditorCRISCISACA Certified in Risk and Information Systems ControlThis page follows CertMap methodology: editorial content is curated by hand. Score, costs and NICE mapping are aggregated from official provider documents. Score methodology → · TCO methodology →
Transparency: CertMap is operated by Daniel Thomas Heessel, who is also managing director of Threat‑Informed, a company specialising in Threat‑Informed Defense. CertMap currently receives no commissions from certification providers, no affiliate links, no sponsored placements. Podcast and interview guests are not paid for appearances and receive no affiliate commissions.
From the knowledge base
View all articles →Nobody is an AI security expert yet.
Which path fits your background, and the certifications that actually count. Three ways into a field where nobody has a ten-year head start.
About the CertMap editorial team
CertMap is an independent platform for comparing cybersecurity certifications, built on data-journalism standards that combine editorial curation with mechanical aggregation.
Certification vs. Certificate: What's the Difference?
Personnel certification per ISO/IEC 17024 versus a training certificate. Why the distinction matters.