CISM

ISACA Certified Information Security Manager

ISACAPersonnel certification (ISO 17024)Leadership

Created per CertMap methodology · Updated 12 May 2026 · About the editorial team →

▾ Jump to …4 sections

Overview

What is CISM?

The Certified Information Security Manager (CISM) from ISACA is the leading management certification in information security, focusing on governance, risk management, and strategic oversight – not technical implementation details. It is specifically designed for experienced security professionals transitioning into leadership roles or seeking to formally demonstrate management competency. CISM is often perceived as complementary to CISSP: while CISSP emphasizes technical breadth, CISM targets the business perspective and senior management. The exam (150 questions, 4 hrs) is demanding and requires real management experience. An updated Exam Content Outline takes effect in November 2026.

Suitable for

Chief Information Security Officer (CISO)

Senior Information Security Manager

IT Security Director

Security Director

VP Information Security

Quick facts

AccreditationISO/IEC 17024 by ANSI

Languagesen · de · fr · es · ja · ko · zh · it

RecognitionGlobal

Key details

Cost, prerequisites, exam & renewal

Cost over 5 years

Exam fee (acquisition)€699

AMF (5 years)€207

CPE time value (5 years)€8,000

5-year total€8,906

CPE effort: 20 h per year · 100 h over 5 years · Valued at 80 €/h.

How is TCO calculated? →

Classification

CertMap score and matching roles

Rating

Market recognition3 / 33 / 3

Scheme quality3 / 33 / 3

Practice evidence2 / 32 / 3

Maintenance2 / 32 / 3

Matching NICE roles

Systems Security Management Cybersecurity Architecture Secure Systems Development Systems Security Analysis Communications Security (COMSEC) Management Cybersecurity Policy and Planning Cybersecurity Workforce Management Cybersecurity Curriculum Development Cybersecurity Instruction Executive Cybersecurity Leadership

Mapping from NIST NICE Framework SP 800-181, status 2025. NIST source ↗

More certifications

From ISACA

AAIAAdvanced in AI Audit AAIRAdvanced in AI Risk AAISMAdvanced in AI Security Management CCOACertified Cybersecurity Operations Analyst CDPSECertified Data Privacy Solutions Engineer CGEITISACA Certified in the Governance of Enterprise IT CISAISACA Certified Information Systems Auditor CRISCISACA Certified in Risk and Information Systems Control

In Leadership

CCISOEC-Council CISSPISC2 ISSMPISC2

This page follows CertMap methodology: editorial content is curated by hand. Score, costs and NICE mapping are aggregated from official provider documents. Score methodology → · TCO methodology →

Transparency: CertMap is operated by Daniel Thomas Heessel, who is also managing director of Threat‑Informed, a company specialising in Threat‑Informed Defense. He additionally offers consulting services on CertMap. CertMap currently receives no commissions from certification providers, no affiliate links, no sponsored placements. Podcast and interview guests are not paid for appearances and receive no affiliate commissions.

From the knowledge base

View all articles →

Methodology

About the CertMap editorial team

CertMap is an independent platform for comparing cybersecurity certifications, built on data-journalism standards that combine editorial curation with mechanical aggregation.

3 min read

Fundamentals