How to Become a Certified Information Security Manager (CISM)

Take and pass the CISM examination. The examination consists of 200 multiple choice questions, and you are given 4 hours to complete it. It covers Information Security Governance (23%), Information Risk Management (22%), Information Security Program Development (17%), Information Security Program Management (24%), and Incident Management and Response (14%). After you pass the exam, you will have 5 years to complete the other requirements and attain your certification before having to repeat the exam.

Agree to the CISM code of ethics. You will need to agree to the ISACA Code of Professional Ethics to qualify for the CISM certification. This code of ethics outlines behaviors for both your professional and personal life.

Complete required continuing education. In an effort to keep everyone with the CISM credential current in their knowledge they have set for a continuing education policy. You will be required to complete at least 20 hours of continuing education each year. Additionally, 120 contact hours must be completed in any 3 year period.

Satisfy work experience requirements. You will need to be able to document 5 years of experience in information security. 3 years of this experience must be in information security management. This experience must be within 10 years of submitting your CISM application or 5 years of the time you passed your examination. Waving some of this experience is possible for holding approved certifications, post graduate education, or being employed as a full time college instructor teaching management of information security.

Complete and submit your CISM application for certification. After you have completed all the requirements for certification, you will need to complete and submit your application. You can submit it online, print it out online and mail it in, or request a paper application to be sent to you. Any of these options can be done from the ISACA website.