Sep 1, 2022

CISM guide for Cybersecurity

The Certified Information Security Manager (CISM) certification is designed for information security professionals with some existing experience and expertise. The certification is geared toward proving your skills in one or more of the following four areas: 

  • Information security incident management

  • Information risk management

  • Information security governance

  • Information security program development and management

There are more than 48,000 CISM-certified professionals worldwide, according to ISACA, the global association that offers the credential [1].

What is CISM certification?

Earning a  CISM certification may help demonstrate your proficiency in information security and your advanced skills and knowledge of how security fits into business goals. As a CISM-certified professional, you'll be able to design, implement, and manage an organization's security network. You'll also be tasked with identifying possible threats and reducing damage in case of security breaches.

Benefits of CISM certification

When you’re weighing your options, it helps to keep your eyes on the future and the potential benefits that this certification offers. One of the biggest benefits is that it puts you among a community of elite information security professionals. 

Because this certification may be challenging to get, it shows your commitment to your career and in information security. Two additional benefits include increased job opportunities and higher potential earning power. 

Job potential

Cybercrime costs an estimated $7 trillion in damages worldwide in 2022, according to Cybersecurity Ventures [3]. The skyrocketing costs of cybercrime may drive steady demand for knowledgeable and skilled information security professionals. Cybersecurity Ventures also projects that the cybersecurity market will grow by 12 to 15 percent through 2025, with increased cybersecurity spending from small businesses to huge enterprises to governments shoring up their defenses against security breaches [4].

The job outlook varies depending on the role you’re in or interested in pursuing. Indeed notes that becoming CISM certified can help give you a competitive edge for IT positions at every level. 

Salary outlook

The average salary of CISM holders in the United States is more than $149,000, with a salary increase of 42 percent for managerial roles [1]. The average salary range for CISM certified professionals goes up to $232,000, according to InfoSec [5].

Requirements for CISM certification

To get certified, you’ll need to meet five criteria, starting with passing the CISM certification exam. This test covers four topics: 

  • Information security incident management

  • Information security program development and management

  • Information risk management

  • Information security governance

The test is multiple-choice with 150 questions that you'll have four hours to complete. If you don't meet the following four requirements, your score will be voided. Additionally, you need to apply for certification within five years of passing the exam. Other criteria include:

  • Complying with ISACA's "Code of Professional Ethics," requiring you to maintain strict standards and your information systems proficiency

  • Completing 20 hours or more of continuing professional education every year, and 120 hours or more within a three-year period [6]

  • Verification of your work experience from your employer. You need at least five years in the information security field, including three or more years in information security management within five years of the day you pass your certification exam.

  • Submitting your CISM application and paying the application fee. ISACA will confirm all of your information before awarding you the certification.

Required work experience

You need to have five or more years of work experience in information security. At least three of those years need to be in a minimum of three job practice areas, with one year or more in each. These areas include:

  • Information security management

  • Information risk management

  • Information security program development

  • Information security governance

There are several qualifying factors that may reduce the amount of work experience required. For example, holding CISA certification reduces it by two years, and each skill-based security certification, such as CBCP or GIAC, reduces it by one year.

Complete continuing education.

There’s a reason CISM certified professionals have a high regard because they’re held to a stringent standard. You’ll have to adhere to proper conduct and also keep up with the latest issues, techniques, and information security threats. 

You'll have many opportunities to meet the requirements, by attending corporate training, vendor sales presentations, and university classes. ISACA also hosts professional education meetings and activities that can go toward the continuing education requirement. You can also self-study courses that provide a completion certificate with the number of CPE hours earned for each course. 


1.ISACA. “CISM,” Accessed September 23, 2022.


ISACA. “Why ISACA,” Accessed September 23, 2022.


Cybercrime Magazine. "Boardroom Cybersecurity 2022 Report," Accessed September 23, 2022.


Cybercrime Magazine. “Cybercrime To Cost The World $10.5 Trillion Annually By 2025,” Accessed September 23, 2022.


InfoSec. “Average CISM salary,” Accessed September 23, 2022.


Indeed, “Guide To Certified Information Security Manager (CISM) Certification,” Accessed September 23, 2022.


ISACA. “Maintain CISM Certification,” Accessed September 23, 2022.

No comments:

Post a Comment