CISM Exam Information and Outline
Certified Information Security Manager
CISM Exam Syllabus & Study Guide
Before you start practicing with our exam simulator, it is essential to understand the official CISM exam objectives. This course outline serves as your roadmap, breaking down exactly which technical domains and skills will be tested. By reviewing the syllabus, you can identify your strengths and focus your study time on the areas where you need the most improvement.
The information below reflects the latest 2026 course contents as defined by ISACA. We provide this detailed breakdown to help you align your preparation with the actual exam format, ensuring there are no surprises on test day. Use this outline as a checklist to track your progress as you move through our practice question banks.
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
The CISM Exam is offered twice a year in the months of June and December every year. The CISM Exam consist 200 multiple-choice questions and is a four hour duration exam. Candidates are tested on the grounds of four functional areas of information security.
CISM Exam Syllabus
Information security governance – 24%
Information risk management and compliance – 33%
Information security program development and management – 25%
Information security incident management – 18%
Benefits of CISM Certification
Recognition of attainment of advanced job skills as required for an information security professional
Worldwide recognition as an information security manager
Confirms commitment to profession
Provides access to valuable resources- such as peer networking and idea exchange
Exam Name ISACA Certified Information Security Manager (CISM)
Exam Code CISM
Duration 240 mins
Number of Questions 150
Passing Score 450/800
Information Security Governance - INFORMATION SECURITY GOVERNANCE affirms the expertise to establish and/or maintain an information security governance framework (and supporting processes) to ensure that the information security strategy is aligned with organizational goals and objectives. 24%
Information Risk Management - MANAGING INFORMATION RISK proficiency in this key realm denotes advanced ability to manage information risk to an acceptable level- in accordance with organizational risk appetite- while facilitating the attainment of organizational goals and objectives. 30%
Information Security Program Development and Management - DEVELOPING AND MANAGING AN INFORMATION SECURITY PROGRAM establishes ability to develop and maintain an information security program that identifies- manages and protects the organizations assets while aligning with business goals. 27%
Information Security Incident Management - INFORMATION SECURITY INCIDENT MANAGEMENT validates capacity to plan- establish and manage detection- investigation- response and recovery from information security incidents in order to minimize business impact. 19%