CISM: Certified Information Security Manager

Difficulty 6/10
Cost $575 (Member) / $760 (Non-member)
Duration 4 Hours
Format 150 Multiple Choice Questions

CISM is ISACA’s management-focused certification, emphasizing the strategic relationship between information security and broader business goals. It covers information security governance, risk management, program development, and incident management, positioning the security leader as a business enabler rather than a technical blocker. The exam assumes the candidate is managing a team or a program, focusing on budget allocation, policy creation, and executive reporting. It is designed for managers who oversee security strategy rather than technical implementation, and is often a requirement for CISO or Security Director roles. Like CISA, it requires verified work experience to fully earn the designation.