CISM: ISACA Certified Information Security Manager
Browse certifications
Exam Resources
Official learning paths, exam details, skills measured, and community resources to supplement your study.
About the CISM Exam
Master information security governance, risk management, and program leadership
200 original practice questions for the ISACA CISM exam. Every question includes detailed explanations, scenario-based context, and exam tips. Covers all 4 domains: Information Security Governance, Risk Management, Security Program, and Incident Management.
Who Should Take This Exam?
The CISM is designed for IT professionals with some hands-on experience. 6-12 months of hands-on experience recommended.
Typical study time: 4-8 weeks of focused study
Exam Quick Facts
| Detail | Value |
|---|---|
| Exam Code | CISM |
| Title | ISACA Certified Information Security Manager |
| Duration | 240 minutes |
| Questions | 150 |
| Pass Score | 450 / 800 |
| Cost | $575 USD (member) / $760 USD |
| Provider | PSI |
| Validity | 3 years (CPE required) |
| Question Types | Multiple choice |
| Official Page | View on ISACA → |
Exam Domains & Weights
The CISM exam covers 4 domains. Focus your study time based on the weights below — higher-weighted domains have more exam questions.
| Domain | Weight | Practice Qs |
|---|---|---|
| Information Security Governance | 17% | 34 |
| Information Security Risk Management | 20% | 40 |
| Information Security Program | 33% | 66 |
| Incident Management | 30% | 60 |
| Total | 100% | 200 |
💡 Study tip: Information Security Program carries the most weight (33%) — start there. Information Security Governance has the least (17%), but don’t skip it — exam questions can come from any domain.
Practice Exam — 200 Questions
Prepare for the CISM with our 200-question practice exam covering all 4 exam domains. Every question includes detailed explanations and maps to official exam objectives.
What you get:
- ✅ Exam simulation mode with timer
- ✅ Spaced repetition for weak areas
- ✅ Detailed explanations for every question
- ✅ Progress tracking across domains
- ✅ 20 free questions — no account needed
ISACA Certification Path
ISACA certs are role-based, not hierarchical. CISA for auditors, CISM for security managers, CRISC for risk professionals, CGEIT for IT governance, CDPSE for privacy.
Related ISACA Certifications
If you’re studying for the CISM, you might also be interested in these ISACA certifications:
- CDPSE: ISACA Certified Data Privacy Solutions Engineer — 200 practice questions
- CGEIT: ISACA Certified in the Governance of Enterprise IT — 200 practice questions
- CISA: ISACA Certified Information Systems Auditor — 200 practice questions
- CRISC: ISACA Certified in Risk and Information Systems Control — 200 practice questions
Study Tips
- Start with the heaviest domain — focus your time where the exam focuses its questions
- Use our practice exam — try the 20 free questions first to gauge your readiness
- Review explanations — don’t just check if you got it right; read why each answer is correct
- Simulate exam conditions — use the timed exam mode to practice under pressure
- Check the official page — official exam details always have the latest objectives