The Certified Information Security Manager (CISM) exam is designed to test a candidate's knowledge and understanding of information security management concepts and practices. The exam covers four main domains:
- Information Security Governance
- Information Risk Management and Compliance
- Information Security Program Development and Management
- Information Security Incident Management
Each of these domains is further broken down into specific topics, which are outlined in the CISM Exam Content Outline provided by ISACA. Candidates should be familiar with all topics in each domain to perform well on the exam.
There are a number of books that can help candidates prepare for the CISM exam. Some recommended titles include:
- CISM Review Manual, 15th Edition
- CISM Certified Information Security Manager All-in-One Exam Guide, 3rd Edition
- The Effective CISM: How to Pass the Certified Information Security Manager Exam
- CISM Practice Questions Exam Cram, 4th Edition
The CISM exam is a four-hour exam consisting of 150 multiple-choice questions. The exam is computer-based and is offered at various testing centers around the world. The cost of the exam varies depending on the candidate's location, but generally ranges from $600 to $760 for ISACA members and $760 to $970 for non-members.
The passing score for the exam is 450 out of a possible 800 points. Candidates should aim to answer at least 80% of the questions correctly to achieve a passing score.
The exam is delivered in English, Japanese, Spanish, Chinese (Simplified), Korean, French, and German. Candidates should choose the language that they are most comfortable with to ensure that they can understand the questions and instructions clearly.
The exam format is multiple-choice, with each question having four possible answers. Candidates must select the best answer for each question. There is no penalty for guessing, so candidates should answer all questions even if they are unsure of the correct answer.
Before the exam, candidates should ensure that they have a good understanding of the exam content outline and have studied all of the relevant topics. They should also take practice exams to get a feel for the format of the exam and to identify areas where they need to improve their knowledge.
On the day of the exam, candidates should arrive at the testing center early and bring a government-issued ID. They should also bring any necessary materials, such as pencils and scratch paper, as these will not be provided at the testing center.
After the exam, candidates will receive a score report indicating whether they passed or failed the exam. Those who pass will receive a certificate indicating that they are now Certified Information Security Managers.