PSI

CISM (Certified Information Security Manager) exam help guide

Official-policy-first prep, setup, readiness, and test-day guidance built for this exam.

CISM is ISACA's management-level information security certification. This current guide covers the 2026 ISACA rules, 150-question/4-hour format, 450 passing score, PSI delivery, fees, eligibility, November 2026 outline update, experience requirements, and a practical study plan.

Jump to master guide

CISM (Certified Information Security Manager) exam help coverage

May 10, 2026

Exam-specific guidance for CISM (Certified Information Security Manager), not generic study advice.
Official-policy-first workflow with explicit verification steps for unstable rules.
Clear setup, practice, readiness, and test-day execution checkpoints.

CISM (Certified Information Security Manager) exam help quick summary

Use this section for the shortest path through the guide before you dig into the full workflow below.

Format

Platform

PSI rules can change by delivery mode. Verify the official handbook and scheduler page before test day.

Focus

Use the guide below to map blueprint coverage, pacing checkpoints, and the operational issues that can derail an otherwise ready candidate.

Verify

Re-check dates, IDs, accommodations, devices, and reschedule rules shortly before the exam if any of those items are handled by a third party.

Exam Help

Get online exam help from coordinators who map official requirements, flag scheduling conflicts, and build a readiness timeline around your target date.

Prep Support

Help with online exam logistics including practice environment setup, proctoring dry-runs, and day-of contingency planning so nothing is left to chance.

take my exam for me

Use this CISM (Certified Information Security Manager) exam help page for exam-specific context, then compare the broader online exam help services page or contact HiraEdu if you need a direct handoff. This page stays focused on CISM (Certified Information Security Manager) while the linked service pages cover broader exam support options.

Full guide

CISM (Certified Information Security Manager) exam help guide

Category: Cybersecurity & IT Security

CISM Overview

CISM fact	Current guidance
Certification owner	ISACA
Full name	Certified Information Security Manager
Exam length	4 hours, 150 multiple-choice questions
Current score scale	200-800 scaled score
Passing score	450 or higher
Delivery	Authorized PSI testing centers or PSI remote proctoring
Current fees	ISACA lists US$575 member and US$760 nonmember exam registration fees
Application fee	ISACA lists a one-time US$50 certification application processing fee
Current outline status	Current outline effective 2022; ISACA says an updated CISM outline is effective 3 November 2026

CISM is a management certification for professionals who manage, design, oversee, or assess an enterprise information security function. It is not a hands-on penetration testing credential, not a purely technical engineering exam, and not an entry-level cybersecurity survey. The exam is built around leadership decisions: governance, risk management, security program management, and incident management.

What it measures. CISM tests whether a candidate can align information security with enterprise goals, build governance and strategy, manage information security risk, establish and operate a security program, and prepare/respond/recover from incidents. The questions are written with one best answer, often using management qualifiers such as BEST or MOST.

Where it is accepted. CISM is globally recognized by employers for information security manager, security governance, risk, compliance, program manager, incident manager, and security leadership roles. ISACA controls certification rules; employers and universities decide how they weigh it for hiring, promotion, scholarships, or admissions.

Decision	CISM is a strong fit when	Consider another route when
CISM vs CISSP	You lead or manage security programs and risk decisions	You need broader technical security architecture coverage
CISM vs CISA	You manage security rather than audit systems and controls	Your work is primarily IS audit and assurance
CISM vs CRISC	You own information security program/risk in a leadership context	Your role is primarily enterprise IT risk and control design
CISM vs technical cert	You need management credibility	You need hands-on cloud, network, forensics, or offensive skills

Sources: ISACA CISM certification page; ISACA CISM exam content outline; ISACA Certification Exam Candidate Guide 2026; ISACA CISM application requirements page.

Eligibility & Requirements (Location-Specific)

Requirement	ISACA policy or practical rule
Sitting for the exam	ISACA allows candidates to sit before completing all experience requirements
Certification application	Candidate must pass the exam, pay the US$50 application fee, submit experience, follow ethics, and follow CPE policy
Work experience	Five or more years of professional information security management experience; ISACA states waivers are available for a maximum of two years
Experience window	ISACA says CISM work experience must be gained within the 10-year period before application
Application window	ISACA says candidates have five years from passing the exam to apply
Exam eligibility	Six months from registration, with one six-month extension available for US$75 under the 2026 guide
Name match	ISACA profile name must match government-issued ID

Location-specific checklist. Before registering, verify PSI test-site availability near you or remote-proctoring compatibility. ISACA registration is continuous, and candidates can schedule as early as 48 hours after paying exam registration fees, but appointments are only available 90 days in advance. Your country, ID type, device restrictions, time zone, and PSI availability can all change the best plan.

Accommodations. ISACA says special accommodations must be requested during registration, approved before scheduling, submitted with the required form completed by the candidate and healthcare professional, and submitted no later than four weeks before the preferred exam date. Do not schedule first and hope accommodations are added later.

Special cases:

Case	Guidance
Name changed	Update MyISACA before appointment day so profile and ID match
Eligibility expiring	Cancel any scheduled exam at least 48 hours before the date if you need to purchase an extension
Remote proctoring on work laptop	Use a personal computer when possible; ISACA warns employer-issued devices can create PSI software issues
International candidate	Verify local PSI centers, remote-proctoring support, ID, tax, and time zone
Not enough experience yet	Passing starts a five-year application clock; plan experience documentation early

Sources: ISACA Certification Exam Candidate Guide 2026; ISACA CISM certification page; ISACA CISM application requirements page; PSI/ISACA scheduling resources.

Exam Sections & Content Blueprint

Current CISM domain	Weight	What it tests
Information Security Governance	17%	Enterprise governance, legal/regulatory/contractual requirements, roles, strategy, frameworks, budgets, business cases
Information Security Risk Management	20%	Emerging risks, vulnerabilities, control deficiencies, risk assessment, risk treatment, risk ownership, monitoring/reporting
Information Security Program	33%	Resources, asset classification, standards/frameworks, policies/procedures, metrics, controls, awareness, third/fourth parties, communications
Incident Management	30%	IR plan, BIA, BCP, DRP, classification, testing, tools, investigation, containment, notification, eradication, recovery, post-incident review

Outline update warning. ISACA states the CISM Exam Content Outline will be updated effective 3 November 2026, with updated preparation material available for purchase in September 2026. If your appointment is before 3 November 2026, verify the current effective outline. If it is on or after 3 November 2026, use the new ISACA outline and updated materials.

Question archetypes, described without reproducing protected items:

Archetype	What it asks	Trap pattern
Governance priority	Choose the best management action aligned to enterprise goals	Picking a technical control before governance alignment
Risk ownership	Determine who owns, accepts, treats, or reports risk	Confusing security team responsibility with business ownership
Program metric	Select useful metrics or reporting approach	Reporting tool activity instead of business risk or program effectiveness
Third-party management	Decide contract/control/monitoring action	Treating supplier risk as only procurement or IT issue
Incident readiness	Choose planning/testing/classification action	Jumping to response before readiness exists
Incident response	Select escalation, containment, notification, recovery, or review step	Choosing a dramatic action that breaks policy, law, or communication plan

Sources: ISACA CISM exam content outline; ISACA Certification Exam Candidate Guide 2026.

Exam Format, Timing & Delivery

Format item	Current ISACA guidance
Questions	150 multiple-choice questions
Time	4 hours, 240 minutes
Delivery	Computer-based through PSI test centers or remotely proctored exams
Breaks	ISACA guide allows two proctor-approved breaks of up to 10 minutes each; exam time does not stop
Question style	One best answer from four options; some scenarios may support multiple questions
Wrong-answer penalty	ISACA says no penalties for incorrect answers; answer every question

PSI test-center check-in. Locate the address, confirm start time, plan arrival at least 30 minutes early, bring valid ID matching MyISACA, and plan to store personal belongings. Testing rooms may include other candidates and normal noise.

Remote-proctoring check-in. Run the PSI compatibility check before exam day. ISACA recommends a personal computer, administrative permission if using a work device, the latest Chrome browser, and a stable connection. You may need to download the PSI Secure Browser. Remote check-in includes a room scan and mirror/mobile-phone blind-spot check, then the phone must be removed from the testing area.

Common failure points:

Failure point	Prevention
Name mismatch	Update MyISACA before scheduling
Work computer blocks PSI	Use a personal computer or test center
Late launch	ISACA says more than 15 minutes late can forfeit the fee
Workspace violation	Clear materials, devices, food/drink, notes, calculators, and extra monitors
Speaking or reading aloud	Practice silent reading and note-free reasoning

Sources: ISACA Certification Exam Candidate Guide 2026; ISACA CISM certification page; PSI remote proctoring resources.

Scoring & Interpretation

Scoring topic	Current ISACA guidance
Preliminary status	Displayed on screen immediately after completion
Official score	Emailed and available online within 10 working days
Scale	200 to 800 scaled score
Passing score	450 or higher
Pretest items	ISACA says exams include scored and pretest items; pretest items do not calculate scores
Domain results	Informational only; the exam score is based on total items answered correctly
Rescore	Failed candidates may request a PSI rescore within 30 days; ISACA lists a US$75 fee

Percentiles. ISACA does not publish percentile rankings like admissions tests. A 450 is the minimum standard of knowledge on ISACA's scaled score, not a percentage correct. Domain-level feedback is diagnostic, not a requirement to pass each domain separately.

How organizations evaluate CISM. Employers usually read CISM as evidence of security management judgment, not just memorized frameworks. It is strongest when paired with work evidence: risk registers, governance reporting, policy ownership, program metrics, incident tabletop leadership, third-party controls, and executive communication.

Retake decision framework:

Result pattern	Best next step
430-449 scaled score	Retake after targeted domain repair and timed practice
Weak Domain 3 or 4	Spend more time on program management or incident management because they are heavily weighted
Broad weakness	Delay retake and rebuild concepts from official outline
Passed	Start certification application and experience documentation
Severe exam-day issue	Contact ISACA within 48 hours with details as the candidate guide instructs

Sources: ISACA Certification Exam Candidate Guide 2026; ISACA CISM certification page.

Registration & Scheduling (Step-by-Step)

Step	Action	Checkpoint
1	Create/log into MyISACA	Legal name matches government ID
2	Verify PSI center or remote compatibility	Delivery option is realistic
3	Register and pay exam fee	Member/nonmember fee confirmed
4	Wait for Notification to Schedule	ISACA says within one business day after registration/payment
5	Open Certification & CPE Management	Access PSI dashboard
6	Schedule exam	Appointment available within 90-day window
7	Save confirmation	Time zone, ID, rules, and reschedule deadline saved
8	Prepare application documentation	Work experience and verifier plan started

Date strategy. Choose a date based on outline timing. If testing before 3 November 2026, use the current outline. If testing on/after 3 November 2026, wait for ISACA's updated materials. Schedule early enough to allow the 30/90/90-day retake policy if a deadline matters.

Rescheduling. ISACA says candidates can reschedule without penalty during eligibility if done at least 48 hours before the appointment. Inside 48 hours, the candidate must sit or forfeit the fee.

Common registration mistakes:

Mistake	Fix
Registering before checking PSI availability	Check test center or device compatibility first
Ignoring the six-month eligibility clock	Schedule and study backward from expiration
Missing outline update date	Match materials to appointment date
Forgetting experience requirement	Start verifier documentation before passing
Assuming fees are refundable	ISACA says fees are nonrefundable and nontransferable

Sources: ISACA Certification Exam Candidate Guide 2026; ISACA CISM certification page; ISACA exam candidate guides page.

Costs, Fees & Budgeting

Cost item	Current planning amount
Exam registration, ISACA member	US$575
Exam registration, nonmember	US$760
Certification application fee	US$50
Eligibility extension	US$75 for one six-month extension, under guide conditions
Rescore request	US$75 if requested within 30 days after failed result
Retake	Full registration fee required for each attempt
Prep materials/training	Varies by ISACA membership, QAE access, review manual, course, chapter, or provider

Budget decision guidance:

Candidate profile	Budget approach
Employer-funded manager	Use official ISACA materials, QAE, review course, exam fee, and application fee
Self-funded experienced security leader	Official outline, targeted QAE, focused review manual, one exam fee plus retake buffer
Career changer	Build experience and management concepts before buying expensive prep
Testing near November 2026	Avoid buying outdated material if your appointment will use the new outline

Hidden costs. Include membership if it reduces total spend, application fee, possible extension, possible retake, travel/parking, quiet testing setup, and time for experience-verifier follow-up.

Sources: ISACA CISM certification page; ISACA Certification Exam Candidate Guide 2026; ISACA CISM application requirements page.

Prep Strategy (Beginner -> Elite)

Phase	Goal	Evidence to move on
Diagnostic	Measure domain readiness	Score and error list by domain
Concept build	Learn ISACA management logic	You can explain why the best answer is best
Scenario practice	Apply governance/risk/program/incident judgment	Errors show fewer priority traps
Timed practice	Build 4-hour stamina	150-question pacing is stable
Final review	Repair repeated misses	Error log shows no repeated root causes

2-week plan. Use only for experienced security managers. Day 1 diagnostic. Days 2-3 governance. Days 4-5 risk management. Days 6-8 security program. Days 9-10 incident management. Days 11-12 mixed timed practice. Day 13 error repair. Day 14 logistics and light review.

4-week plan. Week 1 governance and risk. Week 2 program management. Week 3 incident management. Week 4 mixed practice, weak domains, and test-day rehearsal.

8-week plan. Weeks 1-2 governance/risk foundation. Weeks 3-4 program management. Weeks 5-6 incident management and scenario judgment. Week 7 full timed practice. Week 8 error-log repair and logistics.

12-week+ plan. Best for candidates moving from technical roles into management. Spend 3 weeks on governance and enterprise strategy, 3 weeks on risk and controls, 3 weeks on program management, 2 weeks on incident readiness/operations, and 1-2 weeks on timed practice.

Daily schedules:

Time/day	Structure
30 minutes	10 minutes flash review, 15 minutes scenario set, 5 minutes error log
60 minutes	20 minutes domain reading, 25 minutes questions, 15 minutes explanation review
120 minutes	35 minutes concept, 50 minutes timed questions, 25 minutes deep review, 10 minutes summary

Error-log fields: domain, task, question qualifier, tempting wrong answer, correct management principle, source section, next drill, and retest date. Plateau breaker: stop asking "what is the right answer?" and ask "what would a security manager do first for business-aligned risk?"

Sources: ISACA CISM exam content outline; ISACA Certification Exam Candidate Guide 2026; ISACA official prep resources page.

Section-by-Section High-ROI Strategies

Domain	High-ROI strategy
Governance	Think enterprise alignment, authority, accountability, strategy, and executive reporting
Risk Management	Anchor decisions in risk appetite, ownership, treatment, monitoring, and reporting
Security Program	Focus on operating the program through policies, controls, resources, metrics, suppliers, and awareness
Incident Management	Separate readiness from operations: prepare, classify, respond, communicate, recover, improve

Governance. The best answer is often the one that establishes authority, aligns with business objectives, defines roles, gains senior leadership support, or sets policy/framework direction before tool-level action.

Risk management. CISM is not asking you to eliminate all risk. It is asking whether risk is identified, assessed, owned, treated, monitored, and reported according to appetite and business impact.

Security program. Domain 3 is the largest current domain. Build strong mental models for asset classification, policy hierarchy, control design and testing, external-party management, metrics, awareness, and program communications.

Incident management. Domain 4 is also heavily weighted. Know the difference between BIA, BCP, DRP, IR plan, classification, containment, notification, eradication, recovery, and post-incident review.

Top 25 mistakes and fixes:

Mistake	Fix
Answering like an engineer	Answer like an information security manager
Ignoring business objectives	Tie every decision to enterprise goals
Treating risk as security-owned	Remember business owners own risk
Skipping governance before controls	Establish policy, authority, and accountability first
Memorizing frameworks only	Practice when to use them
Weak Domain 3	Spend extra time on program metrics, controls, suppliers, and awareness
Weak Domain 4	Drill readiness vs response operations
Forgetting BIA/BCP/DRP differences	Build a comparison table
Overvaluing technical fixes	Pick management action when the question asks for management priority
Missing qualifiers	Underline BEST, FIRST, MOST, PRIMARY mentally
Rushing scenario stems	Identify role, objective, risk, and constraint
Leaving blanks	ISACA says no penalty for incorrect answers
Not pacing 150 questions	Practice checkpoint timing
Ignoring November 2026 update	Match materials to exam date
Buying outdated prep	Verify outline effective date
Studying only notes	Use questions and deep review
No error log	Track wrong-answer pattern
Retaking too quickly	Respect ISACA wait periods and fix causes
Forgetting experience application	Prepare documentation and verifiers
Overlooking CPE	Know maintenance requirements after certification
Misreading domain weights	Prioritize Domains 3 and 4 without neglecting 1 and 2
Depending on unofficial pass percentages	Use ISACA's scaled score facts
Using work laptop remotely without testing	Run PSI compatibility checks early
Ignoring ID name match	Fix MyISACA before test day
Not reporting exam issues quickly	ISACA says administration concerns should be sent within 48 hours

Sources: ISACA CISM exam content outline; ISACA Certification Exam Candidate Guide 2026; ISACA CISM application requirements page.

Official Resources & High-Quality Prep

Resource	Use it for	Freshness check
ISACA CISM exam content outline	Domains, weights, tasks	Confirm whether current or post-3-Nov-2026 outline applies
ISACA Certification Exam Candidate Guide 2026	Registration, PSI, rules, scoring, retakes	Use the latest guide from ISACA
ISACA CISM page	Fees, registration, schedule steps, outline update notice	Verify current member/nonmember price
ISACA QAE/review manual	Official-style practice and explanations	Match purchase to exam date/outline
PSI/ISACA scheduling guide	Appointment logistics	Confirm local availability

How to identify outdated prep. Be cautious if a source ignores the November 3, 2026 outline update, lists old fees, says the exam has a percentage passing score, treats CISM as a technical hacking exam, or teaches only definitions without management scenarios.

Prep red flags:

Red flag	Risk
Claims exact live items	Violates exam integrity
No ISACA outline date	May be outdated
Technical-only content	Misses management logic
No rationale review	Does not teach best-answer thinking
No PSI logistics	Leaves avoidable test-day risk

Sources: ISACA CISM exam content outline; ISACA Certification Exam Candidate Guide 2026; ISACA CISM certification page.

Test-Day Strategy & Anxiety Control

Moment	Action
Night before	Confirm ID, appointment, PSI rules, room/route, and outline notes
30 minutes before	Arrive at center or prepare remote launch/check-in
First pass	Answer every question; mark uncertain items if allowed
Mid-exam	Check pace, take approved break only if worth the timer cost
Final review	Revisit marked items through management principles

Pacing math. 240 minutes for 150 questions gives 1.6 minutes per question. A practical target is 50 questions per 75-80 minutes, leaving review time. Scenario clusters may take longer; simple recall items should be faster.

Guessing strategy. Eliminate answers that jump to tools, ignore business ownership, skip governance, violate communication plans, or treat risk without stakeholder authority. If two answers look correct, choose the one that best fits the role and qualifier.

Psychological reset. Use a short loop: role, objective, risk, authority, best next action. CISM rewards management judgment under uncertainty, not perfect recall of every phrase.

If technology fails. For remote exams, use PSI/proctor live chat and document the issue. ISACA says administration concerns should be sent to ISACA support within 48 hours of the exam conclusion with ISACA ID, site/location if applicable, date/time, and relevant details.

Sources: ISACA Certification Exam Candidate Guide 2026; PSI remote proctoring resources; ISACA exam day rules.

After the CISM: Certification and Career Strategy

Outcome	Next step
Pass	Wait for official score, pay application fee, submit experience application
Preliminary pass but no experience yet	Track the five-year application window and build qualifying experience
Fail narrowly	Use domain feedback, wait 30 days, repair weak domains
Broad fail	Rebuild management concepts before retake
Certified	Maintain CPE: 120 CPE over three years and minimum 20 per year under ISACA rules

Application strategy. Passing is only step one. Prepare verifier contact information, map experience to at least three of the four CISM domains as required by ISACA, document dates and responsibilities, and account for any waivers.

Career positioning. CISM is strongest for security manager, GRC/security governance, security program manager, risk/security leadership, incident management leadership, and senior security advisory roles. Pair it with evidence: governance roadmaps, risk reporting, policy updates, incident exercise reports, supplier risk plans, and metrics dashboards.

Retake strategy. ISACA allows four attempts in a rolling 12-month period, with 30 days after the first failed attempt, 90 days after the second, and 90 days after the third. Each attempt requires full registration fee.

Sources: ISACA CISM application requirements page; ISACA CISM maintenance page; ISACA Certification Exam Candidate Guide 2026.

Comprehensive CISM FAQs

FAQ	Answer
What is CISM?	ISACA's Certified Information Security Manager credential for information security management and leadership.
How many questions are on CISM?	ISACA lists 150 multiple-choice questions.
How long is the CISM exam?	4 hours, 240 minutes.
What score do I need?	450 or higher on ISACA's 200-800 scaled score.
Is 450 a percent?	No. It is a scaled score, not percent correct.
Do I need to pass each domain?	ISACA says the score is based on total items answered correctly; domain results are informational.
When do I get results?	Preliminary status appears immediately; official score is emailed and online within 10 working days.
What does it cost?	ISACA lists US$575 for members and US$760 for nonmembers.
Is there an application fee?	Yes, ISACA lists US$50.
Can I sit before meeting experience?	Yes, but you must meet experience before certification is awarded.
How much experience is required?	Five or more years of information security management experience, with limited waivers up to two years.
How long do I have to apply after passing?	ISACA says five years from passing.
What are the domains?	Governance 17%, Risk Management 20%, Security Program 33%, Incident Management 30%.
Is the outline changing?	Yes. ISACA says a new CISM outline is effective 3 November 2026.
Should I wait for the new outline?	If your exam is after 3 November 2026, use the new outline and updated materials.
Who should take CISM?	Security managers, program leaders, risk/security governance professionals, incident leaders, and senior advisors.
Is CISM technical?	It requires security knowledge but tests management judgment more than hands-on configuration.
CISM or CISSP first?	Choose CISM first for management/security program leadership; choose CISSP first for broader security body-of-knowledge coverage.
CISM or CISA?	Choose CISM for security management; choose CISA for audit and assurance.
Can I test remotely?	ISACA offers PSI remote proctoring subject to device, room, and compatibility rules.
Can I test at a center?	Yes, ISACA exams are administered at authorized PSI testing centers globally.
How early can I schedule after payment?	ISACA says as early as 48 hours after payment.
How far out are appointments shown?	ISACA says appointments are available 90 days in advance.
How long is eligibility?	Six months from registration.
Can I extend eligibility?	ISACA guide lists one six-month extension for US$75 under stated conditions.
Can I reschedule?	Yes, at least 48 hours before the appointment without penalty during eligibility.
Are breaks allowed?	ISACA guide allows two approved breaks up to 10 minutes each; timer does not stop.
Are wrong answers penalized?	ISACA says no; answer every question.
What if I fail?	Wait 30 days for attempt 2, then 90 days after attempts 2 and 3.
How many attempts are allowed?	Four attempts in a rolling 12-month period.
Can I retake after passing?	ISACA restricts passing candidates from retaking the same exam within the five-year application period.
Can certified holders retake?	ISACA says certification holders are restricted while certified.
Is remote proctor chat in every language?	ISACA says remote proctors communicate in English using live chat.
What ID do I need?	Valid government-issued photo ID matching your ISACA profile name.
What if my name changed?	Update MyISACA before the appointment.
Can I use a work laptop?	ISACA warns employer-issued computers may block PSI software; test compatibility early.
What should I study most?	Domain 3 and Domain 4 are largest, but all four domains matter.
Is COBIT useful?	COBIT can support governance thinking, but study from the CISM outline.
Are unauthorized item dumps safe?	No. Use official and ethical materials.
How do I maintain CISM?	ISACA requires CPE compliance, including 120 CPE over three years and at least 20 per year.
Can CISM help scholarships or admissions?	Institutions decide independently; CISM can support a security leadership profile but does not replace required admissions exams.

Sources: ISACA CISM exam content outline; ISACA CISM certification page; ISACA Certification Exam Candidate Guide 2026; ISACA CISM application and maintenance pages.

Location Guide

Information to collect	Why it matters
Country and city	Determines PSI center availability, remote-proctoring support, time zone, and ID expectations
Target role	Determines whether CISM, CISSP, CISA, CRISC, or a technical cert is best
Deadline	Determines current vs November 2026 outline and retake buffer
Experience status	Determines certification application timing
Baseline	Determines study length and domain priority

Ask before scheduling: What country and city are you testing from? Is your target role security manager, GRC leader, incident manager, CISO-track, auditor, or technical engineer? Is your exam date before or after 3 November 2026? Do you already have five years of information security management experience? What is your baseline by domain?

Exact pages to verify before paying: ISACA CISM certification page; ISACA CISM exam content outline; ISACA Certification Exam Candidate Guide 2026; ISACA CISM application requirements page; ISACA CISM maintenance page; PSI scheduling and remote-proctoring guides.

Verification checklist:

Check	Done
Exam date is matched to correct CISM outline
PSI center or remote compatibility verified
ISACA profile name matches ID
Fee and membership status confirmed
Six-month eligibility deadline saved
Reschedule deadline saved
Accommodation request submitted early if needed
Study plan covers all four domains by weight
Retake buffer fits deadline
Certification application experience plan prepared

Sources: ISACA CISM certification page; ISACA CISM exam content outline; ISACA Certification Exam Candidate Guide 2026; PSI/ISACA scheduling resources.

Quick facts

Vendor / platform: PSI
Category: Cybersecurity & IT Security
Last updated: May 10, 2026

Start your CISM (Certified Information Security Manager) exam help plan

Verify Rules

Confirm the current handbook, scheduler rules, and ID requirements before you commit to a study or booking plan.

Map Weaknesses

Use the official blueprint and a timed baseline to decide what needs review, drilling, or remediation first.

Simulate Timing

Run timed sets or full-length practice under the same delivery conditions you expect on exam day whenever possible.

Make the Call

Decide whether to sit CISM (Certified Information Security Manager) now, delay briefly, or rebuild fundamentals based on measurable readiness instead of hope.

Jump to guide

CISM Overview
Eligibility & Requirements (Location-Specific)
Exam Sections & Content Blueprint
Exam Format, Timing & Delivery
Scoring & Interpretation
Registration & Scheduling (Step-by-Step)
Costs, Fees & Budgeting
Prep Strategy (Beginner -> Elite)
Section-by-Section High-ROI Strategies
Official Resources & High-Quality Prep
Test-Day Strategy & Anxiety Control
After the CISM: Certification and Career Strategy

CISM (Certified Information Security Manager) exam help next steps

Use the guide to self-serve, or talk to a coordinator if you need help mapping timelines, official requirements, or troubleshooting day-of logistics.

Call +1 (206) 821-1164 View all exam services

More exam help options

Related Cybersecurity & IT Security exam help

CISSP (Certified Information Systems Security Professional)
Pearson VUE
View service
CCSP (Certified Cloud Security Professional)
Pearson VUE
View service
SSCP (Systems Security Certified Practitioner)
Pearson VUE
View service
CC (Certified in Cybersecurity)
Pearson VUE
View service
CGRC (Certified in Governance, Risk and Compliance)
Pearson VUE
View service
CSSLP (Certified Secure Software Lifecycle Professional)
Pearson VUE
View service

Loading exam details…