ISACA CISM - Certified Information Security Manager


The Certified Information Security Manager (CISM) examination is a globally recognized information security management certification The CISM exam is tailored for individuals aiming to validate their expertise in information security governance, risk management, incident response, and the alignment of security programs with business goals.

Here's a breakdown of the main domains covered in the CISM exam:

Information Security Governance:

  • Establish and maintain an information security governance framework and supporting processes.
  • Integrate information security governance into corporate governance.
  • Ensure that the information security strategy aligns with organizational goals and objectives.
  • Establish and maintain information security policies.
  • Develop a business case for information security.
  • Identify internal and external influences to the organization.
  • Obtain management commitment.
  • Define roles and responsibilities.
  • Establish reporting and communication channels.
  • Information Risk Management:

  • Establish a process for information asset classification and ownership.
  • Conduct ongoing threat and vulnerability assessments.
  • Determine the potential impact of business disruptions.
  • Integrate information risk management into business and IT processes.
  • Monitor existing risk.
  • Report noncompliance and other changes in information risk.
  • Information Security Program Development and Management:

  • Establish and manage the information security program.
  • Align the information security program with the operational objectives of other business functions.
  • Identify, acquire, manage, and define requirements for internal and external resources.
  • Establish and maintain information security architectures.
  • Establish, communicate, and maintain organizational information security standards, procedures, and guidelines.
  • Information Security Incident Management:

  • Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents.
  • Establish and maintain an incident response plan.
  • Develop and implement processes to ensure the timely identification of information security incidents.
  • Establish and maintain processes to investigate and document information security incidents.
  • Establish and maintain incident escalation and notification processes.
  • Organize, train, and equip teams to effectively respond to information security incidents.
  • Test and review the incident response plan periodically.
  • Establish and maintain communication plans and processes.
  • Conduct post-incident reviews.
  • Establish and maintain integration among the incident response plan, disaster recovery plan, and business continuity plan.
  • Why Choose the Certified Information Security Manager (CISM) Practice Test on Cybrary?

    1. Complementary to Cybrary's Course: This practice test is the perfect companion to the [Certified Information Security Manager (CISM)]( course available on Cybrary, ensuring a holistic preparation approach. 2. Build Confidence: The practice test is intended to help learners build confidence and familiarity with the exam format and question types. 3. Comprehensive Content: With hundreds of practice questions, detailed answers, and an extensive set of flashcards, you'll have all the resources you need to understand every aspect of the exam. 4. Exceptional Value: While the market value of these practice tests is $149/test, Cybrary subscribers get exclusive access as part of their subscription, offering unparalleled value.

    Certified Information Systems Auditor (CISA) Exam Details

    Number of Questions: The CISM exam consists of 150 questions, probing the depth of your knowledge in information security management. Duration: 240 minutes. Passing Score: The passing score is determined using a scaled scoring method, with scores ranging from 200 to 800. A score of 450 or higher is required to pass. Languages: The exam is available in multiple languages, catering to a global audience. Exam Format: Questions are multiple-choice, emphasizing real-world scenarios and challenges in information security management.

    Certified Information Security Manager (CISM) Frequently Asked Questions (FAQs)

  • Q: How long is the certification valid for?
  • A: The CISM certification remains valid for three years. To maintain the certification, holders must adhere to ISACA's continuing professional education (CPE) policy and earn CPE hours.
  • Q: What are the prerequisites for this certification?
  • A: Candidates should possess a minimum of five years of work experience in information security management across at least three of the CISM domains. Specific waivers and substitutions might be applicable.
  • Q: How should I optimally prepare for the exam?
  • A: Alongside this practice test, candidates are encouraged to complete the CISM course on Cybrary, review official ISACA documentation, and gain hands-on experience in information security management domains.
  • Q: How does this practice test compare to the actual exam?
  • A: This practice test is designed to closely mirror the format, difficulty, and content of the actual exam, ensuring that you are well-prepared for every aspect of the certification test.
  • Practice Test Specifications

    This Practice Test has a few options available to enhance your learning experience:
  • Customize your testing experience by configuring your practice test to suit your specific study needs. Select items by test objective, set study preferences and control how your answers are accessed.
  • Select preset tests. These tests are made to provide a testing experience similar to a real testing environment. They are timed and filter questions like the certification exam. This option will help you determine your readiness for the certification exam.
  • Flashcard review allows you to review concepts in a self-graded and unlimited environment. With hundreds of questions, these premade flashcards will help you understand concepts covered on the actual certification exam.
  • You'll receive immediate access to your practice test after purchase

    System Requirements


    Hardware and Software Minimum Requirements:

  • Processor: Min. 500MHz Processor, 128 MB RAM
  • Screen Resolution: Min. 1024x768
  • Note: Some courses may be better experienced by using a higher or lower screen resolution.


    Operating Systems:

    Supported System Platforms:
  • Windows 2000
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows Server 2003 (SP2 or later)
  • Windows Server 2008
  • Mac OS X v 10.4 or higher
  • Supported Browsers:

  • Microsoft IE 7
  • Microsoft IE 8
  • Microsoft IE 9
  • Mozilla Firefox
  • Safari
  • Note: The browser version you're running must support 128-bit encryption or secured pages will not display correctly.



  • A firewall is a system designed to prevent unauthorized access to or from a private network. If your computer is located behind a company firewall, you might not be able to access portions of the Practice Test from work. Company firewalls sometimes block JavaScript, or won't let you log in to a secure server.
  • If your company's firewall blocks JavaScript, you won't be able to enter the Practice Tests from your work computer.
  • If your company firewall allows JavaScript but doesn't allow access to a secure server, you won't be able to access the classrooms from work.

    Learning Partner