Loading exam details…
Loading exam details…
A current guide to ISACA CISM, including the 150-question PSI exam, current domain weights, scoring expectations, certification requirements, and the scheduled November 3, 2026 outline change.
CISM is built for information security leaders who manage governance, risk, security programs, and incident management. Preparation should focus on ISACA management judgment, business alignment, stakeholder communication, and controls that support enterprise objectives.
Use these points before buying prep materials, scheduling through PSI, or deciding whether to test before the November 2026 outline change.
ISACA lists the current CISM exam as 150 questions across four job practice domains.
ISACA certification exams are scheduled through PSI, with test-center and remote-proctoring options governed by ISACA and PSI rules.
The current domains are Governance 17%, Risk Management 20%, Information Security Program 33%, and Incident Management 30%.
ISACA states that the CISM Exam Content Outline changes on November 3, 2026.
ISACA certification exams use scaled scoring, with 450 or higher generally required to pass.
Passing the exam is one step; CISM certification also requires eligible work experience and the ISACA application process.
CISM is not a hands-on tool exam. It asks security managers to prioritize governance, risk ownership, business objectives, stakeholder communication, and accountable program decisions.
Information Security Program and Incident Management together account for 63% of the current outline. Governance and Risk Management still matter, but a study plan should reserve enough time for program management, controls, awareness, third parties, incident readiness, and incident operations.
ISACA has announced that a new CISM Exam Content Outline becomes effective on November 3, 2026. Candidates testing before that date should use the current outline; candidates testing on or after that date should review the updated outline and matching prep materials.
Passing the CISM exam does not automatically grant certification. Candidates still need to satisfy ISACA experience requirements, submit the certification application, follow the Code of Professional Ethics, and maintain continuing professional education after certification.
Use this CISM (Certified Information Security Manager) exam help page for exam-specific context, then compare the broader online exam help services page or contact HiraEdu if you need a direct handoff. This page stays focused on CISM (Certified Information Security Manager) while the linked service pages cover broader exam support options.
CISM is ISACA's Certified Information Security Manager certification for professionals who manage information security governance, risk, programs, and incidents. ISACA's current CISM exam consists of 150 questions across four job practice domains: Information Security Governance 17%, Information Security Risk Management 20%, Information Security Program 33%, and Incident Management 30%. ISACA also notes that a new CISM Exam Content Outline becomes effective on 3 November 2026, with updated prep material expected before that change. Candidates should prepare through the current outline for exams scheduled before that date and should review the updated outline if scheduling on or after 3 November 2026. ISACA exams are administered through PSI scheduling, with exam rules, score reporting, retake policy, and remote or test-center logistics governed by ISACA's candidate guide.
ISACA lists the current CISM exam as 150 questions covering four job practice domains.
The current ISACA weights are Information Security Governance 17%, Information Security Risk Management 20%, Information Security Program 33%, and Incident Management 30%.
ISACA states that a new CISM Exam Content Outline becomes effective on November 3, 2026. Candidates should align prep materials to their scheduled exam date.
ISACA certification exams are scheduled through PSI, with delivery rules and exam-day procedures covered in ISACA candidate guidance and PSI instructions.
Passing the exam is required, but CISM certification also requires meeting ISACA work-experience requirements, submitting the application, following ISACA ethics rules, and maintaining CPE after certification.
If testing before November 3, 2026, prepare from the current CISM outline. If testing on or after that date, use the updated outline and materials.
Build a study plan around Governance 17%, Risk Management 20%, Information Security Program 33%, and Incident Management 30%.
Work scenario questions that ask for the best governance action, risk response, control-management decision, incident escalation, or stakeholder communication.
Review ISACA experience rules, application timing, ethics requirements, and CPE obligations before assuming the exam alone completes certification.
Confirm ISACA registration, PSI scheduling, ID name match, remote or test-center rules, rescheduling windows, and exam-day instructions.
Use the guide to self-serve, or talk to a coordinator if you need help mapping timelines, official requirements, or troubleshooting day-of logistics.
CISSP (Certified Information Systems Security Professional)
Pearson VUE
View serviceCCSP (Certified Cloud Security Professional)
Pearson VUE
View serviceSSCP (Systems Security Certified Practitioner)
Pearson VUE
View serviceCC (Certified in Cybersecurity)
Pearson VUE
View serviceCGRC (Certified in Governance, Risk and Compliance)
Pearson VUE
View serviceCSSLP (Certified Secure Software Lifecycle Professional)
Pearson VUE
View service