Practice
Learn at your own pace. Answer questions one at a time with instant feedback and explanations.
Start practiceThe Certified Information Security Manager (CISM) is ISACA's management-focused certification for professionals who design and manage an enterprise information security program. The 2022 job practice spans four domains: information security governance, risk management, security program, and incident management.
Learn at your own pace. Answer questions one at a time with instant feedback and explanations.
Start practiceSimulate the real thing. Take a timed, full-length test and review your score and weak areas.
Sign up to startStudy your way: beyond Practice and Mock exam, choose adaptive, hard mode, ready review, objective coverage, or retry-your-misses — and set your own question count, timer, and pass mark.
CISM is the leading credential for information security management, validating the ability to govern, design, and manage an enterprise security program aligned to business goals. Aligned to ISACA's 2022 CISM job practice, it covers four domains: Information Security Governance (17%), Information Security Risk Management (20%), Information Security Program (33%), and Incident Management (30%).
Information security managers, aspiring managers, IT consultants, and security leaders responsible for managing, designing, or overseeing enterprise information security. CISM requires five years of information security work experience, including three years in information security management across three or more job practice areas (with possible waivers).
CISM is highly valued for security management and leadership roles and commands strong salaries. It demonstrates the ability to bridge security and business objectives and to lead a security program and incident response.
Study the ISACA CISM Review Manual and job practice, and practice scenario-based questions emphasizing the manager's perspective across governance, risk, program management, and incident response. Focus on aligning security with business goals, risk treatment, program metrics, and incident response lifecycle.
No. These are original practice questions written to match the exam objectives, each with an explanation so you actually learn the material — not exam dumps.
You answer questions one at a time with instant feedback and explanations. Over time the app adapts, prioritizing the objectives and questions you struggle with most.
A timed, full-length simulation that holds feedback until the end, then shows your score, pass/fail result, and a breakdown by objective.
Yes. Pick the study mode that fits — adaptive practice, hard mode, ready-for-review, objective coverage, or retrying questions you've missed — and set your own question count, timer, and passing score for each session.
You can try free questions for this exam without signing in. Create a free account to save your progress, track weak objectives, and unlock the full question bank.