CISM prerequisites: The top 5 things you need [Updated 2022]


The Certified Information Security Manager (CISM) certification is a globally recognized credential that signifies expertise in information security management. CISM-certified professionals are in high demand by organizations of all sizes that need to protect their information assets.

If you are interested in a career in information security, or if you are already working in the field and want to take your career to the next level, then the CISM certification is the right choice for you.

CISM is a difficult exam to clear. It is very important that you understand CISM prerequisites before you decide to take the exam. In this blog, we elaborate on all the required prerequisites for the CISM exam.

In this article –

  • CISM Prerequisites
  • Maintaining CISM certification
  • CISM Exam-related information
  • CISM domains
  • Free CISM exam practice test

CISM prerequisites

Getting CISM certification is a separate activity from passing the CISM exam.

CISM exam is open for all with no prerequisites as such, other than the examination fee. But after passing the exam, the candidate has to apply to ISACA for getting certification.

Below are the prerequisites for the CISM certification –

1. CISM examination

There are no requirements as such for taking the CISM exam. Anyone who is having an interest in the exam can register and take the exam.

You must prepare well and understand all four domains of the CISM exam.

We can divide the steps of taking the exam as below –

2. ISACA Code of Professional Ethics

All ISACA certification holders must agree to adhere to the ISACA code of professional ethics. Detail of those ethics can be found on the above link.

A member’s or certification holder’s conduct may be investigated as a result of a violation of this Code of Professional Ethics, which could lead to disciplinary action.

Anyone who observes a breach of the ISACA Code of Professional Ethics is able to file a complaint by following the procedure.

3. CPE (Continuing Professional Education) policy

You have to pay annual maintenance fees and maintain a minimum of 20 contact hours of CPE.

CPE adherence is needed to guarantee that all CISMs maintain a sufficient level of current knowledge and proficiency, and maintain an individual’s competency.

Successful CISM who adhere to the CISM CPE Policy will be more qualified to manage, plan, monitor, and evaluate the information security of an organization.

4. Minimum work experience requirement

  • CISM certification requires candidates to have a minimum of 5 years of professional experience in the Information security field
  • This experience must be within the past 10-year period

Additionally, you can apply for a waiver of one year of experience if –

  • You have one-year additional information systems management experience
  • You have general security management experience
  • Skill-based security certifications – GIAC, MCSE, Security+ etc.

5. Apply to Get Certified

Once you fulfill all the above requirements, you must apply for the CISM certification.

Before applying you must –

  • Within the recent five years, have pass the CISM exam.
  • Have the relevant full-time work experience
  • Submit the CISM Certification Application including the application processing fee.

Maintaining CISM certification

Achieving CPE hours across an annual and three-year certification period is required by the CISM CPE policy.

CISM professionals must follow below to maintain their certification:

  • Earn and report an annual minimum of 20 CPE hours.
  • A minimum of 120 CPE hours must be accrued and reported over a three-year reporting cycle.
  • CISM’s annual maintenance cost is $85 for non-members and $45 for members.
  • Comply with the annual CPE audit if selected
  • Comply with ISACA’s Code of Professional Ethics 

CISM Exam related information

Duration4 Hours
Number of questions150
Exam formatMultiple choice
Passing marks450 out of 800
Cost760 USD

CISM domains

CISM exam constitutes of following four domains. The table below also shows what percentage of exam questions will come from each domain.

1Information Security Governance17
2Information Risk Management20
3Information Security Program Development and Management33
4Information Security Incident Management30

More on CISM :

10 CISM Sample Exam Questions to Help You Prepare –

Prepare for CISM:

CISM Certification Exam Practice Test [Free] –

CISM Certification Exam Practice Test [Free] –

CompTIA CASP+ (CAS-004): Practice Tests [Free] –

Free Resources –

Flashcard –

Free Guide to Get Started in Ethical Hacking –

Leave a Comment

Shopping Cart