CISM Certification and Exam Frequently Asked Questions

The ISACA CISM certification represents an internationally recognized benchmark of achievement in cybersecurity management and verifies that holders have adapted technology to their business and sector. The CISM exam has a 4-hour time limit. At the end of the exam, candidates will see a preliminary score on the screen. There is no on-site printout of these results given to candidates. Within ten business days of the exam, candidates receive official results via email. Exam results will not be made available by phone or fax to protect privacy of results.

Experience, ethics, education, and exam are the four “e’s” necessary to become a CISM. The specifications are as follows:

Obtain a passing CISM exam score

The ISACA Code of Professional Ethics

And here to the Continuing Professional Education Policy with commitment

Submitting verified documentation demonstrating the possession of at least five years’ worth of information security work experience, with at least three years’ worth of that experience coming in three or more of the employment practice areas. If certain educational or certification requirements are completed, general information security work experience requirements may be waived.

The CISM is unique in the market for information security credentials because it was developed specifically and solely for those with prior experience leading an information security program. The CISM exam and experience requirements are based on the experience necessary to successfully perform the duties and responsibilities of an information security manager. Later, these standards, the tasks, and the knowledge that will be assessed were validated by information security managers and subject matter experts. Leaders in information security developed them. The requirements are meant to evaluate the managerial experience in information security situations, not general practitioner skills.

The exam passing score for ISACA is 450 on a scale of 200 to 800. A scaled score is the result of translating an exam’s raw score to a standard scale. It’s crucial to understand that the exam score is not computed using math or an average percentage. A scaled score of 200 is the lowest possible score and denotes that only a few questions were correctly answered; a scaled score of 800, for instance, you have to score all 150 questions answered correctly.

To pass the test, an applicant must obtain a scaled score of 450 or higher. A minimal consistent standard of knowledge, as determined for the exam by the official source the relevant ISACA Certification, is 450. A person must consent to abide by the CISM continuing professional education policy to join and remain a member of the organization. According to this policy, a person must complete a minimum of twenty (20) hours of continuing education each year and one hundred twenty (120) hours of continuing education every three years. It is also necessary to pay an annual maintenance fee of US $80 for nonmembers and the US $45 for ISACA members.

One year of experience in at least three of the four categories is the bare minimum that can be considered.

The CISM certification program, just like it does for people who have achieved a CISA, acknowledges the attainment of the CISSP credential as a baseline indication that an individual has gained general information security ability and knowledge. As a result, CISSPs qualify for a two-year waiver for general information security experience.