CISO life

CISM: Certified Information Security Manager

The ISACA reference credential for security management. Four domains, the cert asked for in roughly 60% of CISO postings. Four-day cohort with one re-sit included.

ISACAManager4 daysLiveSelf-pacedIn-house
  • Practitioner-led, taught by a working CISO
  • Exam & certificate included
  • Re-sit covered if needed

Right fit if you are.

  • Aspiring CISOs and deputy CISOs.
  • Security architects moving into people-management roles.
  • IT directors taking on the security portfolio.
  • Consultants advising on security programme design.

NOT for. When to skip it.

We'd rather you keep your money than buy the wrong path.

  • Hands-on security engineers with no management ambition. CISSP or specialised technical credentials fit better.
  • IS auditors with no operational interest. CISA stays the primary credential.
  • Junior security analysts under three years of experience.

What you'll be able to do

  • 1Design and govern an information-security programme aligned with business strategy.
  • 2Run an information risk management process feeding board-level decisions.
  • 3Build and operate the security programme (resourcing, architecture, awareness, vendor risk).
  • 4Lead incident management, from preparation through lessons learned.
  • 5Translate technical security posture into board narrative without losing precision.

Upcoming public sessions

Open-enrolment cohorts. Pick a date and book your seat. Want a private cohort for your team instead? Request an in-house quote.

Buyers always ask

How long is the CISM exam?+

Four hours, 150 multiple-choice questions, computer-based at a PSI testing centre. Scoring 200 to 800; passing mark is 450. Same format and venue as CISA and CRISC.

CISM or CISSP?+

CISM is management-focused (governance, risk, programme, incident management). CISSP is broader and more technical (eight domains spanning architecture, engineering, identity, asset security and so on). CISM is the cert most asked for in CISO and deputy-CISO postings in Europe; CISSP is the universal floor in the United States.

Most senior practitioners hold both eventually. If you have to choose one for a management trajectory, CISM. For a technical-architect trajectory, CISSP.

How does CISM map to ISO 27001 Lead Implementer?+

CISM is a personal management credential; Lead Implementer is the implementation credential for the ISO 27001 standard. Many CISOs hold both: CISM for the programme-design vocabulary their board recognises, Lead Implementer for the operational discipline their ISO 27001 audit requires.

Is the work experience requirement enforced?+

Yes. ISACA requires the experience attestation form, signed by your employer or supervisor, before certification is awarded. You can sit and pass the exam without the experience, but the certification itself is only granted once the five-year requirement is met (or substituted per ISACA policy).

Ready to get certified?

Taught by a practicing CISO. Prices shown up front. Certified or refunded.