Exam Details
Exam CodeCISM
Exam Cost$575 USD
Duration240 minutes
Questions150
Passing Score450/800
ProviderISACA
Difficulty7/10
Salary Data
Professionals holding the CISM certification earn between $115,000 and $195,000 annually, with an average of $148,000.
Job market demand trend: Growing (+8% YoY)
Prerequisites
- 5 years of information security management experience
- At least 3 years in 3+ CISM domains
- Experience waivers available for certain qualifications
Skills Covered
Information Security GovernanceInformation Risk ManagementSecurity Program DevelopmentIncident ManagementBusiness ContinuityRegulatory ComplianceSecurity StrategySecurity Architecture
Best Study Resources
Comparisons Featuring CISM
CISA vs CISM
CISA vs CISM: two elite ISACA certifications for different career trajectories. CISA validates expertise in IT auditing ...
CISM vs CISA: Security Management vs IT Audit
ISACA's two flagship certifications target distinct but complementary career paths — information security management and...
CISSP vs CISM
CISSP and CISM sit at the top of the cybersecurity certification hierarchy, but they serve fundamentally different caree...
Career Paths With CISM
Frequently Asked Questions
CISM vs CISSP — which is more valuable?
Both are top-tier certifications. CISM focuses on security management and governance — ideal for CISO-track roles. CISSP is broader and more technical. CISM holders average $148K; CISSP holders average $152K. Choose based on your career direction.
How hard is the CISM exam?
CISM is considered challenging with a ~55% pass rate. The 150-question exam over 4 hours tests deep understanding of security management concepts. Most candidates study 3-6 months.
Data Sources
- Salary data — Aggregated from job postings and salary surveys (US median)
- Job listings — Active postings across major job boards
- Pass rates — Community-reported estimates (not official vendor data)
- Exam details — ISACA official documentation