CISM Certification: Certified Information Security Manager

ISACA Elite Featured Training Partner

2,472 Learners

Accredited by


Want to Train your team? :Get a quote

Accredited by


CISM Certification Course Overview

You will acquire the requisite skills to design, deploy, and manage security architecture for your organization with this CISM certification training from Simplilearn. CISM course is aligned with ISACA best practices. Today, enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification.

Exam Pass Guarantee
Simplilearn offers an Exam Pass Guarantee* to students who complete our course training. We also provide a voucher (free of charge) to our students so they can retake the exam in case they fail the CISM Certification final exam on the first try.
100% Money Back Guarantee
No questions asked refund*

At Simplilearn, we value the trust of our patrons immensely. But, if you feel that a course does not meet your expectations, we offer a 7-day money-back guarantee. Just send us a refund request via email within 7 days of purchase and we will refund 100% of your payment, no questions asked!

CISM Certification Key Features

  • ISACA Kit & Exam Voucher
  • 16 CPE’s offered
  • 24x7 course assistance service and access to recorded content
  • ISACA Accredited Instructors
  • 8X higher interaction in live online classes conducted by industry experts
  • ISACA Kit & Exam Voucher
  • ISACA Accredited Instructors
  • 16 CPE’s offered
  • 8X higher interaction in live online classes conducted by industry experts
  • 24x7 course assistance service and access to recorded content
  • ISACA Kit & Exam Voucher
  • ISACA Accredited Instructors
  • 16 CPE’s offered
  • 8X higher interaction in live online classes conducted by industry experts
  • 24x7 course assistance service and access to recorded content

Skills Covered

  • Information Security Governance
  • Information Security Program
  • Design Security Architecture
  • Enterprise IT Frameworks
  • Information Security Risk Management
  • Incident Management
  • Knowledge of ISACA Domains
  • Information Security Governance
  • Information Security Risk Management
  • Information Security Program
  • Incident Management
  • Design Security Architecture
  • Knowledge of ISACA Domains
  • Enterprise IT Frameworks
  • Information Security Governance
  • Information Security Risk Management
  • Information Security Program
  • Incident Management
  • Design Security Architecture
  • Knowledge of ISACA Domains
  • Enterprise IT Frameworks

Begin your journey to success

Get lifetime access to self-paced e-learning content


CISM certification is a globally recognized professional requirement in the IT Security domain. This certification is best suited for security consultants and managers, IT directors and managers, security auditors and architects, security system engineers, CISOs, information security managers, and risk officers.

  • Designation
  • Annual Salary
  • Hiring Companies

Training Options

online Bootcamp

  • Flexi Pass Enabled: Flexibility to reschedule your cohort within first 90 days of access.
  • Lifetime access to high-quality self-paced elearning content and live class recordings
  • 24x7 learner assistance and support
  • Batch starting from:
3rd Aug, Weekend Class
View All Schedules

35% Off$1,950$3,000

Corporate Training

Upskill or reskill your teams

  • Flexible pricing & billing options
  • Private cohorts available
  • Training progress dashboards
  • Skills assessment & benchmarking
  • Platform integration capabilities
  • Dedicated customer success manager

CISM Certification Course Curriculum


CISM certification is a globally recognized professional requirement in the IT Security domain. This certification is best suited for security consultants and managers, IT directors and managers, security auditors and architects, security system engineers, CISOs, information security managers, IT consultants, and risk officers.

To be eligible to take the CISM exam, you must meet the following requirements:

Successful completion of the CISM Exam

Certification application within the five-year window post-exam

Accumulation of 5 years of experience in the Information Security Management field

Eligibility criteria for job roles under IS audit, control, assurance, or security experience can be found here

Experience required within 3 out of the 4 domain 

All applicable experience must fall within the past 10 years of the application

A minimum of 3 years of experience is required in three out of the four CISM job practice areas.

General Information Security Experience Waiver (optional) 
Overall experience in information security (up to a maximum of 2 years).

Substitutions for CISM Work Experience (Optional) - Only 1 may be applied and documentation required. Click here for more details
Read More


Work experience verification requires independent confirmation from a person with whom you collaborated
- Manager
- Supervisor
- Colleague 
- Client
Verifiers cannot be:
- Immediate or extended family 
- Human Resources Department
Read More

Course Content

  • Certified Information Security Manager (CISM®)

    • Lesson 01: Course Introduction

      • 1.01 Welcome to Certified Information Security Manager Course
      • 1.02 Certification Overview
      • 1.03 Skills Covered
    • Lesson 02: Information Security Governance: Enterprise Governance

      • 2.01 Organizational Culture
      • 2.02 Governance vs. Management
      • 2.03 Legal Regulatory and Contractual Requirements
      • 2.04 Data Security Frameworks
      • 2.05 Data States
      • 2.06 Organizational Structures Roles and Responsibilities
    • Lesson 03: Information Security Governance: Information Security Strategy

      • 3.01 Information Security Strategy Development
      • 3.02 Information Governance Frameworks and Standards
      • 3.03 Strategic Planning
      • 3.04 SWOT Analysis
      • 3.05 Opex and Capex
      • 3.06 KGI's KPI's and KRI's
      • 3.07 CIA Triad
      • 3.08 Designing security into software
      • 3.09 US Data Privacy Laws
      • 3.10 GDPR
    • Lesson 04: Information Security Risk Management Information Security: Risk Assessment

      • 4.01 Emerging Risk and Threat Landscape
      • 4.02 Risk Identification
      • 4.03 Risk Management
      • 4.04 Vulnerability and Control Deficiency Analysis
      • 4.05 Risk Assessment and Analysis
      • 4.06 COBIT
      • 4.07 Attackers and Phishing
      • 4.08 ISO 27001
    • Lesson 05: Information Security Risk Management Information Security: Risk Response

      • 5.01 Risk Treatment and Response
      • 5.02 Risk and Control Ownership
      • 5.03 Risk Monitoring and Reporting
    • Lesson 06: Information Security Program Information Security: Program Development

      • 6.01 Information Security Program Resources
      • 6.02 Information Asset Identification and Classification
      • 6.03 Information Security Policies Procedures and Guidelines
      • 6.04 Information Security Program Metrics
    • Lesson 07: Information Security Program Information Security: Program Management

      • 7.01 Information Security Control Design and Selection
      • 7.02 Information Security Control Implementation and Integrations
      • 7.03 Information Security Control Testing and Evaluation
      • 7.04 Information Security Awareness and Training
      • 7.05 Management of External Services
      • 7.06 Information Security Program Communications and Reporting
      • 7.07 Introduction to Access Control
      • 7.08 Authentication and Authorization
      • 7.09 Introduction to Cryptography
      • 7.10 Overview of Encryption
      • 7.11 Hashing
      • 7.12 Social Engineering Attacks
    • Lesson 08: Incident Management: Incident Management Readiness

      • 8.01 Incident Management Plan
      • 8.02 Business Impact Analysis (BIA)
      • 8.03 Business Continuity Plan (BCP)
      • 8.04 Disaster Recovery Plan (DRP)
      • 8.05 Incident Classification and Categorization
      • 8.06 Incident Management Training and Testing
    • Lesson 09: Incident Management: Incident Management Operations

      • 9.01 Incident Management Tools and Techniques
      • 9.02 Incident Containment Methods
      • 9.03 Incident Response Communications
      • 9.04 Incident Eradication and Recovery
      • 9.05 Post incident Review Practices

CISM Training Course Advisor

  • Dean Pompilio

    Dean Pompilio

    Technical Trainer, Owner- Steppingstonesolutions Inc

    Mr.Pompilio has been an IT Professional since 1989. He has worn many hats along the way and holds over 20 IT certifications which include EC-Council CEI, CEH, CHFI, CISSP, CISA, CISM. His passion is to help IT professionals achieve their training goals and career growth.


CISM Course Exam & Certification

CISM Certification: Certified Information Security Manager
  • How do you become a CISM certified professional?

    To become a Certified Information Security Manager, you must meet the following requirements:

    • Successful completion of the CISM Certificate examination
    • Adherence to the ISACA Code of Professional Ethics
    • Agree to comply with the Continuing Education Policy
    • Five years of work experience in the field of information security, three of which must be as an information security manager. Work experience must be gained in three of the four domains of CISM. All information must be verified independently by employers.
    • Submit an application for CISM certification Training within five years from the date of initially passing the exam.

     For additional information on how to become a certified CISM professional and to understand the CISM certification requirements, please visit:

    *Exam Pass Guarantee: Except for Indian Subcontinent and Africa.

    Simplilearn offers an Exam Pass Guarantee to our students who complete our course training. We offer a voucher (free of charge) to the students to retake the exam in case they fail ISACA CISM final exam.

    T&C for claiming the retake voucher as a part of the exam pass guarantee:

    • Attend at least one complete instructor-led class
    • Must take final exam within 30 days from the date of course completion
    • Produce exam failure notice received from ISACA

  • What are the prerequisites for CISM certification Exam?

    To become a CISM-certified professional, you need to fulfill the following criteria:

    • A completed application must be submitted within 5 years from the date of initially passing the examination.
    • All experience must be verified independently with employers.
    • This experience must have been gained within the 10 years preceding the application date for certification or within five years of passing the examination.
    • Three (3) years of the five (5) years of work experience must be gained performing the role of an information security manager.
    • In addition, this work experience must be broad and gained in three (3) of the four (4) domains of CISM®.

  • What do I need to do to unlock my certificate?

    Online Self-learning
    • Complete 85% of the Online Self Learning Content
    • Complete one simulation test with a minimum score of 60%

    Online Classroom:

    • Attend 1 complete Live Class batch or Complete 85% of the Online Self Learning Content
    • Complete one simulation test with a minimum score of 60%

  • Do you provide any practice tests as part of this course?

    Yes, we provide 1 practice test as part of our course to help you prepare for the actual certification exam. You can try this Free CISM Exam Prep Practice Test to understand the type of tests that are part of the course curriculum. 

  • Are there any domains I should prioritize when studying for the CISM exam, such as Information Security Governance?

    While comprehensive preparation across all four CISM domains is essential for success, understanding their relative weightage can guide strategic study efforts.

    According to the ISACA CISM Exam Outline, the approximate weightage for each domain is as follows:


    Average Weight

    1. Information Security Governance 17%
    2. Information Security Risk Management 20%
    3. Information Security Program 33%
    4. Incident Management 30%
    Total 100%

    However, it's crucial to remember:

    • Weightage can vary slightly from exam to exam.
    • Neglecting domains with lower weightage could still lead to missed questions and a lower score.
    • Exam questions often integrate concepts from multiple domains, requiring a holistic understanding.

CISM Certification Training Reviews

  • Peter Bartow

    Peter Bartow

    Sr Project Manager IT PMO

    I enjoyed taking the class with so many people from all over the world. The course was elaborate and easy to comprehend.

  • Tejaswa Rastogi

    Tejaswa Rastogi

    The course encapsulates the offensive approach, which is good, and there is much to learn.

  • Hussein Ali AL-Assaad

    Hussein Ali AL-Assaad

    IT Manager at O&G Engineering

    Simplilearn has been a great learning experience. The trainer is extremely knowledgeable. The full team is very helpful and flexible. I recommend Simplilearn to my friends and families.


Why Online Bootcamp

  • Develop skills for real career growthCutting-edge curriculum designed in guidance with industry and academia to develop job-ready skills
  • Learn from experts active in their field, not out-of-touch trainersLeading practitioners who bring current best practices and case studies to sessions that fit into your work schedule.
  • Learn by working on real-world problemsCapstone projects involving real world data sets with virtual labs for hands-on learning
  • Structured guidance ensuring learning never stops24x7 Learning support from mentors and a community of like-minded peers to resolve any conceptual doubts

CISM Certification’s Related FAQs

  • You offer an exam pass guarantee. How does it work?

    *Free exam retake terms and conditions:

    Terms and Conditions: 
    Simplilearn offers Exam Pass Guarantee to our students who complete our course training. Simplilearn uses top learning methodologies to equip learners with the knowledge and confidence to pass the CISM exam in the first attempt. If you do not pass the CISM exam at the first attempt, Simplilearn will provide you one free exam retake.

    To ensure your success, we strongly recommend that you take the CISM exam within a week of the course completion date—or a maximum of 45 days from the completion of the online training. This way, the course materials will be fresh in your mind.

    Exam Attempts:


    Time Frame


    Free Exam Retake


    Within 6 months (180 days) from enrollment date

    Did Not Pass


    Exam Pass Guarantee:
    If you do not pass the exam on the first attempt, Simplilearn will provide you one free exam retake.  You must submit a copy of your scorecard.  

    Terms and Conditions for qualifying:

    This money-back guarantee applies only to Simplilearn’s CISM blended learning. The guarantee is valid only for participants who have paid the entire enrollment fee.

    The guarantee becomes void if:

    • Participants do not take the CISM examination within 45 days of unlocking the certificate.
    • Participants do not maintain 100% attendance during the training sessions.
    • Participants fail to book their exam within 6 months from the date of enrollment 
    • Participants do not follow the instructions of the trainer and do not complete the exercises given during the training.
    • Participants do not submit the required documents to Simplilearn.
    • Participants failed to request a refund within 15 days of receiving their results 

  • What is the CISM certification cost?

    The CISM certification cost is USD 575 for ISACA members and USD 760 for non-ISACA members.

  • What is the structure of the CISM certification exam?

    ISACA uses and reports scores on a common scale of 200 to 800. For example, the scaled score of 800 represents a perfect score with all questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly. You must achieve a score of 450 or higher to pass the CISM exam.

  • What certification will I receive after completing the training?

    After successful completion of the course, you will be awarded the course completion certificate along with the 16 CPE certificate from Simplilearn.

  • When & where are the CISM exams conducted?

    The CISM exam is conducted thrice a year in the months of July, September, and December. To find the exam locations & dates go to (

  • Can I defer my Certified Information Security Manager certificate exam?

    If you are unable to take the CISM Exam, you can request a deferral of your registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit

  • Do you provide assistance for the exam application process?

    Yes, we do provide assistance for the exam application process. You can state your queries on and get them answered along with any other query or concern that you might have about the course.

  • How does Simplilearn assure me that the CISM training and course material delivered are effective?

    Our CISM course is developed to deliver a first-attempt pass rate of 100%. With a hands-on learning approach, the course not only gives you the confidence to clear the exam but also helps you retain the knowledge beyond the examination.

  • Can I cancel my enrollment? Will I get a refund?

    Yes, you can cancel your enrollment. We provide you a refund after deducting the administration fee. To know more, please go through our Refund Policy.

  • I’d like to learn more about this CISM program. Who should I contact?

    Contact us using the form on the right of any page on the Simplilearn website, or select the Live Chat link. Our customer service representatives will be able to give you more details.

  • What after CISM?

    Achieving a CISM certificate offers you many career benefits. However, you shouldn’t stop upskilling yourself as the world of cybersecurity is quite dynamic. Here are some of the courses you can consider taking after becoming CISM certified:

  • How do I get CISM certified?

    You need to pass the CISM certification exam to get certified. Additionally, you must have the relevant full-time work experience of at least five years in information security management and then submit the CISM Certification Application, including the application processing fee. 

  • What is a CISM certification?

    The CISM or the certified information security manager is a credential designed for information security and IT professionals who want to acquire and validate skills required for designing, maintaining, and deploying security architecture. For risk management to respond proactively to incidents, this certificate focuses on every vital skill necessary for security management. 

    This credential covers four domains including information security risk management, information security governance, information security incident management, and information security program development and management. All these domains are covered to validate the skills and knowledge necessary for efficient and effective information security management. The certificate holds special importance in government entities and large corporation bodies where maintaining information security is crucial.

  • Who is eligible for CISM?

    Although anyone with an interest in the information security management field will find the certified information security manager certification relevant, for becoming a CISM-certified professional it is essential to have at least five years of working experience in the field of information security or fulfilling similar roles. You can sit for the CISM exam without prior working experience in this field; however, for becoming a certified information security manager in CISM, work experience is mandatory. 

  • Benefits of having CISM certification

    When you successfully acquire a cism certification, you enjoy multiple advantages associated with it, such as:

    • Better Job Opportunities: The cism certification is your doorway to welcoming better job opportunities. After acquiring CISM certification, you can fulfill several important roles in an organization including information security manager, chief information security officer, IT security manager, IT security specialist, and many others. 
    • Increased Income Potential: Undoubtedly, after becoming a Certified Information Security Manager, your income potential increases. You can fulfill roles with higher salary packages and value.
    • Versatility: The CISM certification welcomes versatility in your career. You can choose from a variety of job opportunities including in the fields of IT security, information systems security management, security administration, and many others.
    • Skill Enhancement:  The credential provides you with the opportunity to not only validate your existing skills but also learn new ones. The skill sets learned help in career advancement and increase your value in an organization.
    • Higher Organizational Value: CISM-certified professionals are highly valued throughout the industry. They are valued for their advanced knowledge and skill that helps organizations in enhancing their information security systems.

  • CISM certification requirements

    The list of CISM certification requirements is as follows:

    • The completion of a high school diploma or an undergraduate degree.
    • Submission of a completed application form within five years of passing the CISM exam.
    • Working experience gained within a 10-year period preceding the application date for the certification or within five years of passing the CISM exam. 
    • A minimum of three to five years of working experience, must have served the role of an information security manager or similar position. The experience gained must cover at least three out of four CISM domains. 

  • Is CISM right for me?

    The CISM or certified information security manager certification is right for you if you are willing to establish a rewarding career in the field of information security management. If it is your desire to fulfill higher, strategic, and managerial roles, earning the CISM certification is no less than a valuable asset. If you see the career of your future in the information security industry and want to occupy leadership positions in the same, CISM is definitely the best certification for you to obtain.

  • How to pass CISM Training in first attempt?

    The secret to passing the CISM exam in the first attempt is good preparation. You can choose to pursue a CISM certification training from a reliable and accredited online platform like Simplilearn. The comprehensive training program takes you to the depth of all teh four domains and follows a comprehensive study structure and practice through projects and real-world scenarios. The study materials and practice exams help you fully prepare for the exam and pass it on the first attempt with confidence.

  • What is the pass mark for CISM Certification Exam?

    ISACA, the examining board uses a 200-800 point scale for calculating the marks; however, obtaining a minimum score of 450 or higher is mandatory to obtain the CISM Certificate.

  • How long does CISM certification last?

    The CISM certification is valid for a period of three years. If you are a member of the ISACA, you will be required to pay a minimal fee of $45 for the annual maintenance of the CISM certification. Non-members are required to pay a fee of $85 for annual maintenance. Once the validation of your certification is over, you must appeal for renewal and obtain the desired credit mandatory for the renewal process.

  • Why get a Cism certification?

    Not just one, there are several reasons why you should acquire a CISM certification, such as:

    • Welcomes Advancement in Career: Undoubtedly, the cism certification welcomes career advancement for information security professionals. Once certified, they are recognized in the industry as skilled information security professionals who are ideal for managerial and other leadership roles in the organization. This career advancement enhances credibility and also increases the income potential of a professional. 
    • Increases Organizational Value: There cannot be anything better than occupying a higher-level position in an organization. With the knowledge and skills gained throughout the learning process and obtaining the cism certification, your value in the organizationincreases, and you become the most suitable candidate for occupying higher, more important, skill-based positions. 
    • Your Skills and Knowledge are Enhanced: A CISM certification training is your gateway to learning new skills and obtaining more, in-depth knowledge about the four CISM domains. The new skillsets and in-depth knowledge make you more valuable in the competitive job industry. 
    • Increased Network Opportunities: Once you become a CISM-certified professional, you get global exposure, thus, giving rise to several new opportunities for collaborating, networking, and expanding your recognition. 
    • Your Income Potential is Higher: The CISM-certified exam is competitive, and once you pass this difficult examination, you become eligible for highly paid roles of greater responsibility and importance in an organization.

  • What are the career opinions after completing CISM Training? Can I become a chief information security officer?

    There are several career opportunities after acquiring the CISM credential, including the Chief Information Security Officer role. Find out the list of career options and their average annual earnings from the detailed table below:

    Job Roles

    Average Salary in India (per year)

    Average Salary in the USA (per year)

    Information Security Officer

    ₹ 12.0 Lakhs


    Chief Information Security Officer

    ₹ 36.4 Lakhs


    Senior IT Security Specialist

    ₹ 13.4 Lakhs


    Lead Security Analyst

    ₹ 15.4 Lakhs


    Senior Security Administrator

    ₹ 9.0 Lakhs


    Information Security Manager

    ₹ 18.0 Lakhs


  • CISM vs. CISSP

    The CISM and CISSP are both highly-valued and recognized certifications in the field of information security. Many professionals get confused between these two certifications and cannot decide which one is better for their career. Here is a brief distinction between CISM and CISSP:




    Main Focus

    The main focus of this certification is on information security systems management and its four domains, including risk management, incident management, program development, and governance. 

    The main focus of this certification is on the domains of network security, cyber security, cryptography, software development security, and so on. 

    Ideal For

    Professionals seeking managerial and leadership roles.

    Professionals seeking IT security roles.

    Required Work Experience 

    Minimum five years of working experience with expertise in three out of four domains of CISM.

    A minimum five years of full-time experience focusing on the eight domains of CISSP. 

  • What are the pros and cons of CISM certification?

    Obtaining a CISM certification facilitates career advancement and higher earning potential in the cybersecurity industry. With this certification, professionals gain recognition for their expertise in managing information security programs, which can lead to increased job opportunities and better job security. 

    However, the process of preparing for the CISM exam may require a significant investment of time and money. Simplilearn's CISM certification training addresses these challenges by providing comprehensive study materials and flexible learning options, ensuring that individuals can acquire the necessary skills and knowledge effectively and efficiently.

  • What is the failure rate for CISM?

    The failure rate for CISM can vary depending on factors like preparation and experience. However, if you enroll in a course like the one offered by Simplilearn, it reduces the risk of failure by providing comprehensive study materials, expert guidance, and practice tests. With Simplilearn's support, individuals can increase their chances of passing the exam and gaining valuable skills in information security management.

  • Is CISM a difficult course?

    CISM can be challenging, but with the right training, it becomes manageable. At Simplilearn, we offer a course that is easy-to-understand materials, along with expert guidance, and practical exercises, making it easier to grasp complex concepts. CISM certification is a valuable skill in information security management, and Simplilearn helps anyone prepare for and pass it.

  • Is CISM more difficult than CISSP?

    Both CISM and CISSP have their challenges, but they're different, as they focus on different aspects of information security. CISM emphasizes information security management, while CISSP covers a broader range of topics. Simplilearn's CISM certification course helps individuals understand the specific concepts needed for CISM, making it easier to tackle.

  • How to maintain CISM Certification?

    To maintain the CISM certificate, you need to earn continuing education credits every year and pay an annual maintenance fee. Simplilearn's CISM training not only helps you pass the exam but also provides ongoing learning resources to fulfill these requirements. You can also stay up-to-date with the latest developments in information security management and maintain your credential effortlessly.

  • Does CISM Certification expires?

    Yes, CISM certification expires after three years if not renewed. Simplilearn's CISM certification training helps you obtain the certification and provides resources and guidance for renewal. Connect with the support staff to understand the process for the same.

  • How to prepare for CISM exam?

    Preparing for the CISM exam involves sourcing relevant study resources, studying key concepts, practicing with mock exams, and gaining practical experience. With proper practice, you can access comprehensive study materials, get expert guidance, and do hands-on exercises to help you prepare effectively. With Simplilearn's structured study approach and team support, you can confidently tackle the exam and advance your career in information security management.

  • How long should you study for the CISM?

    The amount of time needed to study for the CISM exam varies depending on individual experience and study habits. Generally, it's recommended to spend about 3-6 months preparing thoroughly. 

    Simplilearn's security management certification course provides structured learning materials and expert guidance, making it easier to manage your study time effectively and prepare efficiently for the exam.

  • Why is CISM certification important for a career in IT security management?

    CISM certification is important for a career in information security management roles because it demonstrates knowledge and expertise in managing and protecting information systems. It helps professionals stand out in the job market and opens up opportunities for higher-paying roles by providing them with the necessary technical expertise and valuable insights into information security principles and in handling security incidents and security threats, all in alignment with the industry trends. The certificate gives individuals credibility and recognition, making them valuable assets to organizations looking to enhance their cybersecurity measures.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.