The ISACA reference credential for security management. Four domains, the cert asked for in roughly 60% of CISO postings. Four-day cohort with one re-sit included.
For
Honest call
We'd rather you keep your money than buy the wrong path.
Outcomes
Public sessions
Open-enrolment cohorts. Pick a date and book your seat. Want a private cohort for your team instead? Request an in-house quote.
7 - 11 Sept 2026
5 days
€2,900
2 - 6 Nov 2026
5 days
€2,900
FAQ
Four hours, 150 multiple-choice questions, computer-based at a PSI testing centre. Scoring 200 to 800; passing mark is 450. Same format and venue as CISA and CRISC.
CISM is management-focused (governance, risk, programme, incident management). CISSP is broader and more technical (eight domains spanning architecture, engineering, identity, asset security and so on). CISM is the cert most asked for in CISO and deputy-CISO postings in Europe; CISSP is the universal floor in the United States.
Most senior practitioners hold both eventually. If you have to choose one for a management trajectory, CISM. For a technical-architect trajectory, CISSP.
CISM is a personal management credential; Lead Implementer is the implementation credential for the ISO 27001 standard. Many CISOs hold both: CISM for the programme-design vocabulary their board recognises, Lead Implementer for the operational discipline their ISO 27001 audit requires.
Yes. ISACA requires the experience attestation form, signed by your employer or supervisor, before certification is awarded. You can sit and pass the exam without the experience, but the certification itself is only granted once the five-year requirement is met (or substituted per ISACA policy).
Taught by a practicing CISO. Prices shown up front. Certified or refunded.