CISM exam details and process [Updated 2022]
Organizations have massive amounts of sensitive and confidential data that must be monitored closely to ensure data integrity and safety. The Certified Information Security Manager (CISM) certification has been designed for information security managers, supervisors and any other employees who have information security management responsibilities and need to ensure the continued safety of data storage and security. It is focused primarily on security management related to IS roles, and professionals involved in this sphere will find exceptional value in this certification.
What is the goal of the CISM exam?
Earning the CISM certification requires knowledge of the various disciplines within the realm of information security. This certification will open new avenues for career-minded security professionals who want to showcase their skills as information security specialists. There are four CISM domains of knowledge covered by the CISM certification exam:
- Information security governance (17%)
- Information security risk management (20%)
- Information security program (33%)
- Incident management (30%)
Once you have demonstrated your proficiency in these areas by obtaining the CISM certification, you will have little trouble showing prospective employers how much value you can bring to the organization.
CISM exam schedule, duration and format
The CISM certification examination is computer-based, which is becoming more common in the certification testing world. You can take the exam at an in-person testing site or remotely via remote proctoring (more on this later).
The exam takes four hours and consists of 150 questions. While the examination uses a multiple-choice format, there are some caveats that you need to be aware of. The first is that some questions will have more than one correct answer. You must then decide which answer is the most correct, based on your knowledge of the examination requirements.
The CISM is currently available in the following languages: Chinese Simplified, English, Japanese, Korean, and Spanish.
Booking and taking the exam
To book the exam, you must follow a few easy steps and ensure you satisfy all of the requirements.
- You must ensure that a test site is available in your area on the date you plan to take the exam before booking.
- Once you have verified that the testing site is available on the date and in the desired location, you can register for the exam.
- You can pay for the exam at the same time as registration or later. Payment must be made before scheduling the exam.
- Once you have registered and paid, you can schedule the exam.
What are the identification requirements for testing?
You will only be admitted to the test center if you have a valid form of photo identification. This identification must be current and valid, with your name as it appears on the notification of schedule email.
Acceptable forms of identification are:
- Driver’s license
- State identity card (non-driver’s license)
- Passport card
- Military ID
- Green card, alien registration or permanent resident card
- National identification card
The testing center reserves the right to ask for additional identification if they are not satisfied with the ID provided, so it is a good idea to take two forms of ID with you. If your ID is rejected, you will be considered a no-show, you will forfeit your exam fees, and you will have to pay again if you wish to retake the exam.
Arrival time for the exam
If you fail to show up, arrive more than 15 minutes late for their exam, or have ID issues and are denied entry, you will be considered absent. This means you will forfeit your examination fees and lose your seat in the examination. It is highly recommended that you familiarize yourself with the location of their preferred examination center.
ISACA offers you to take the exam via remote proctoring. This means you can do it from the comfort of your home or favorite place of study. Here are details on the CSIM remote proctoring process.
Policies on rescheduling, late arrivals and cancellations
All cancellations and rescheduling must be done at least 48 hours before the originally scheduled session. After this point, you must either sit for the exam or forfeit your registration fee. Arriving more than 15 minutes late may also result in not being able to write the exam, thereby forfeiting your examination fee.
Scheduling your exam
You must prepare thoroughly before registering, paying for, and scheduling the exam. You should schedule well in advance to have enough time to prepare for exam day. Some successful CISM examination candidates have reported that they took as long as three months to prepare for the exam and stuck to their originally scheduled date to be focused and prepared for the big day.
You failed the test — When can you retake it?
ISACA’s CISM certification exam is computer-based and administered globally at authorized PSI testing centers. Exam registration is continuous so that you can register at any time. You can schedule a testing appointment as early as 48 hours after payment of exam registration fees. If you need to take the exam more than once, your subsequent attempts must follow the schedule below:
- Retake 1: You must wait 30 days after the first attempt
- Retake 2: You must wait 90 days after the date of the second attempt
- Retake 3: You must wait 90 days after the date of the third attempt
What does it cost to take the CISM exam?
Registration is USD $575 for ISACA members and USD $760 for non-ISACA members.
Exam scoring: What does it take to pass the CISM exam?
The CISM exam contains 150 questions and the maximum allotted time to complete it is four hours. ISACA uses a 200- to 800-point scale, and a scaled score of 450 is the passing score. This converted raw score is aligned to a scale and not to a percentage or arithmetic average. This is achieved largely by having questions with multiple correct answers. However, some answers will be fractionally more correct than others. This added layer of complexity is what makes this certification so valuable.
The CISM is a vital certification for anyone who wants to get into the managerial end of information security. The certification shows that you can consider all of your employer’s security concerns and build policies and protocols around them. Technical knowledge in this field is essential, and the examination does a great job of separating the good from the great.
Want to know more about the CISM certification exam? If so, please visit Infosec’s CISM hub.