Skip to content
Home » Blog » Introduction to CISM exam process

Introduction to CISM exam process

  • by


Customers’ data, banking information, and financial records are all examples of sensitive information and private data that must be constantly maintained to guarantee data security and integrity.

The Certified Information Security Manager (CISM) certification is for information security managers, supervisors, and other individuals with information security management duties.

Anyone who controls, builds, or monitors an organization’s information security systems should pursue the CISM certification.

It is largely concerned with security management in relation to IS jobs, and individuals working in this field will undoubtedly find this certification to be quite beneficial.

The benefits of this certification stem from the reality that it supports worldwide best practices and industry security standards, which means that the goals examined in this exam are the same ones that organizations worldwide are looking for.

Because it also satisfies the criteria of ISO/IEC 17024:2003, the DoD has accepted the ANSI-accredited CISM credential program.

By passing this test, candidates gain knowledge and skills in security planning, developing and administering a security program, and reacting to incidents, which can help them progress in their careers or broaden their scope of duties.

Personal and professional accomplishments can instill confidence in the candidate, encouraging to pursue new job prospects.

CISM experts are competent to manage and monitor an organization’s information security tasks and monitor and manage information systems.

What Does the CISM Exam Aim to Achieve?

Achieving CISM certification entails studying a wide range of topics in the field of information security.

Exam questions are developed from an ISACA job practice analysis research.

The activities done in a CISM’s day-to-day operations, as well as the underlying knowledge necessary to create and administer an information security program, is perfectly represented by the topics chosen for the exam. have more extensive explanations of the task and knowledge assertions.

The scope of the CISM test is extremely broad. The test includes four areas of job practice –

Candidates should be aware of the CISM’s question approach, as it is not just a multiple-choice test with one correct answer to each question.

Rather, some questions on the exam require you to choose the most probable or best answer.

Candidates can also run through a tutorial on the exam-taking process after logging into their testing station at the exam center immediately before writing the exam.

Candidates are highly urged to pay great attention to this lesson in order to avoid missing any crucial information about the exam-taking procedure.

To identify the best questions, examine exam outcomes, and statistically analyze the findings for ongoing development, independent committees have been formed.

Do not be alarmed if you come across a very tough or odd question.

It’s possible that this question was created for a different reason.

Because they are offered for research and analytical reasons, a few questions on the exam will not be counted against your score.

However, there are no signs in the exam that this is the case.

When an applicant has demonstrated expertise in these practices by earning the CISM certification, they can then demonstrate to potential employers how much value they can bring to the company.

Want to know the best books for CISM preparation? Click here are our recommendations.

Exam Schedule, Timing, and Structure for CISM

The CISM is a multiple-choice test in which questions are presented one at a time, with the opportunity to mark answers for subsequent review.

The test is around 4 hours long and consists of 150 questions representing four job practice areas.

The test is performed on a computer. Each question includes four possible answers; test takers can only choose the best one.

You can bypass questions and come back to them later, as well as flag them for further review if time allows.

The remaining time will display on the screen while you are taking the exam.

If a candidate believes they have finished all of the needed questions ahead of time, they will be allowed to finish the test before the time limit expires.

In some exam questions, there will be more than one right answer.

Based on their understanding of the examination criteria, the applicant must choose which response is the most right.

Check  planning guide for more exam-related information.

CISM exam process
CISM Exam process

Exam registration

Several examination periods are available throughout the year for the certification.

You may register in a variety of methods; but, regardless of which technique you use, It is strongly advised that you prepare in advance and register early.

Before making a reservation, the candidate must ensure that a test center is accessible to them in their region and on the day they intend to take the exam.

An ISACA-sponsored institution administers the test. Visit the ISACA website for more information on the location nearest you.


Once the testing center is confirmed to be accessible on the chosen day and at the desired location, the prospective examinee can proceed to register for the exam.

You will receive an email confirmation of your registration as soon as it is completed. The next step is to schedule your certification exam.

The exam fee can be paid at the same time as the registration fee, or it can be paid later.

However, payment must be paid before the exam can be scheduled.

You will be sent to the certification registration page on the ISACA website, where you will choose a day, time, and place for your test.

You will get an email confirmation once you have confirmed the date, time, and location of your exam.

What kind of identification is necessary for the CISM exam?

Applicants will be allowed to the testing facility only if they have valid proof of identity.

This identity must be current and genuine, and it must include the candidate’s name and photo as they appear on the confirmation of the scheduled email.

The following are acceptable types of identification:

  • A valid driver’s license
  • Government identity card
  • A valid passport
  • National identification card

Candidates who do not show up for their exam, or more than 15 minutes late, or have invalid ID will be declared absent, forfeiting their examination costs and losing their exam seat.

It is strongly advised that anybody interested in taking the CISM test become familiar with the location of their desired examination facility.

The proctor will watch you while you take the test, and you may be observed by video monitoring to ensure that no one cheats on the exam.

Cancellations, late arrivals, and postponing

Any cancellation or postponement requests should be made at least 48 hours before the planned examination.

Within 48 hours before the exam, Applicants must either take the exam or lose their registration money.

If a candidate arrives more than 15 minutes late, they may be unable to write the exam and may forfeit their exam money.

Arrive at least 30 minutes before your exam is scheduled to begin, and allow plenty of time to find your way into the testing center.

When Should You Take Your Exam?

Before enrolling, paying for, and scheduling the exam, candidates must verify that they are well prepared.

Also, applicants should plan ahead of time to ensure that they have enough time to study for the exam.

Some winning candidates have said that they allowed themselves three months to prepare for the test and kept their initial intended date to be focused and prepared for the big day.

Whether it’s self-study, a study group, an instructor-led course, or a boot camp, everyone has a favorite learning method. Make an effort to create a study plan that makes use of your abilities.

It is recommended that you design your study program to last at least two months but up to six months, depending on how much job experience you have in information security management.

Throughout this time, take practice exams on a regular basis and keep track of your strengths and weaknesses.

Once you’ve discovered your weak spots, work on them once a week by reviewing relevant portions and taking practice examinations again, and keep track of your improvement.

One point’s true: many folks consider that good, consistent study habits lead to reduced tension, as well as improved clarity and attention during exams.

The long-term, constant study approach is highly recommended because of the exam’s difficulty.

Examine the job practice areas in depth. There are several study options available. If you have the time, look into the various resources accessible to you.

Many ISACA chapters and other organizations have formed specific study groups or offer less expensive exam review courses. Contact your local chapter to see whether these options are available to you.

When Can You Retake the Exam If You Fail in CISM?

Don’t give up if you didn’t pass your exam on the first try.

Rather, keep in mind that failure is only a necessary step to greater achievement. Take a careful inventory of your situation and identify places where you might improve.

Applicants who do not pass the exam are only permitted to retake it once each testing window.

Only three test periods are available, usually in a year.  

Individuals who desire to retake the CISM have to follow the same processes as previously, including enrolling, paying, and scheduling the exam for the next available exam window.

Individuals get four chances to pass the test over the course of a rolling twelve-month period.

Those who do not pass the test on their first try get a total of three chances to retake it within 12 months of the first attempt.

Applying for the CISM certification

After you have passed the exam, you have to apply for the certification separately.

You must be able to show proof of a passing score and relevant work experience in order to qualify for certification.

Remember that you have five years from the time you obtain a passing score to apply for CISM certification.

You will have to retake the exam when this period has passed.

Furthermore, all job experience must have occurred within the last ten years of your new certification application.

You must supply the following information to complete the procedure:

1) Application for CISM certification –

Specify your information security management experience, as well as the CISM job, practice areas your experience relates to. 

Also, write the test ID number from your exam results letter.

2) Work Experience Verification Forms –

To validate your job experience, they must be filled out and signed by your direct supervisor or a person of higher rank in the organization.

3) A letter or a transcript

You must produce an actual transcript or letter from the institution or university confirming degree status if you are utilizing an educational experience waiver.

You’ll have to wait about eight weeks for your application to be completed after you’ve successfully mailed it.

What does it cost to take the CISM exam in 2021?

Below is the examination cost for the CISM exam.

The prices shown here are accurate as of June 2021, although they are subject to change.

Exam cost for ISACA Members: $US 575
For nonmembers: $US 760

ISACA membership cost: $US 67.50

CPE (Continuing Professional Education) Maintenance Fees

You must pay CPE maintenance fees every year to keep your CISM certification.

Each year, members pay $45, and nonmembers pay $85 in fees.

ISACA membership and local chapter dues are not included in these costs. Both of these are not necessary to keep your CISM certification current.

CISM exam score

The certification test consists of 150 multiple-choice questions that are based on the most recent job practice analysis and cover the various job practice categories.

Candidates have up to 4 hours (240 minutes) to complete the exam.

ISACA utilizes and reports a standard scale of 200 to 800 points.

It is a translated raw score matched to a scale rather than a percentage or arithmetic average, which provides a more realistic representation of the candidate’s knowledge of the course content.

All of that is done in part by having numerous correct answers to questions, albeit some answers will be fractionally more accurate than others.

This certification’s extra degree of difficulty is what makes it so significant.

Refer to the ISACA certification exam candidate guide for more info

Maintaining your CISM certification 

It takes more than taking an exam, submitting an application, and obtaining a paper certificate to become a CISM professional.

Being a certified CISM practitioner is a continual process.

All who hold CISM certification must not only adhere to the code of conduct but also maintain their certification by meeting continuing education requirements and paying yearly certification maintenance fees.


The purpose of continuing professional education requirements is to guarantee that professionals keep CISM-related expertise in order to create and administer security management programs more effectively.

Professionals who want to keep their CISM certification must complete 120 hours of continuing education in three years, with a minimum of 20 hours per year.

Each CPE hour must include 50 minutes of active learning.

Below are the examples of some of the activities that can be counted as valid CPE credit –

  • Attend professional development programs and meetings offered by ISACA.
  • Attend Non-ISACA professional education activities and meetings.
  • Educating, lecturing, or giving a presentation on topics relating to job practice.
  • Articles and books on the profession are published.
  • CISM exam question development and review.
  • Taking and passing associated professional exams.

Next Chapter:CISM: Introduction to the four domains

Further Study: CISM domains

Further Study: CISM Resources

Below are some recommended CISM books on Amazon :

CISM Certified Information Security Manager All-in-One Exam Guide by Peter H. Gregory

This bundle contains all-in-one exam guide and CISM practice exams. When searching for the CISM preparation material, I could find only this book worth giving a try apart from the ISACA review manual.

The study guide is thorough and covers all aspects of the exam.

Electronic exams are included in both the study guide and the practice test book. Some questions are shared between both but they rarely overlap.

The practice tests and questions were as close to the exam version I took as feasible without being dumps, indicating that they were extremely accurate reflections of the test material.

With around 20 days of regular studying for about 1-2 hours per day, I was able to pass the test on my first attempt with ease. Based on the findings, I believe the study guide and practice test set is well worth the money and should likely be the only study material necessary.

CISM Review Manual, 15th Edition by ISACA

It’s a good handbook to read for the CISM exam, however, some of the information is a little raw. It’s kind of required reading for the CISM test, however, it’s a rather dull read. Lots of relevant and useful content. However, this appears to be a review handbook rather than a guidebook.

Related Posts


Leave a Reply