CISM certification cost and requirements (2024): Your complete preparation guide
The Certified Information Security Manager (CISM) is one of the most popular management-level cybersecurity certifications. It validates the skills and experience of information security managers and offers a slew of potential benefits, including higher pay, on-the-job improvements and promotions or career advancement.
The CISM is not an entry-level certification, and costs can range from under $600 to several thousand dollars, depending on your membership level within ISACA and any CISM training materials or support.
We explore the CISM costs and requirements in more detail below.
$150,040 average salary
ISACA CISM is one of the industry's highest-paying cybersecurity certifications. Take your information security management career to new heights and enroll now to claim your Exam Pass Guarantee!
Understanding CISM certification
The CISM certification is an advanced exam that assesses your ability to assess risks, implement governance policies and respond to incidents and threats. New updates to the CISM also include leveraging securities around artificial intelligence and blockchain. Continuous updates to the CISM exam from ISACA keep this exam modern and relevant even as cybersecurity incidents and attacks get more sophisticated and advanced.
The CISM covers four specific domains, including security governance, risk management, information security program development and management and incident management.
Infosec instructor Leighton Johnson explains the most recent update to the CISM certification exam.
The CISM was created by the ISACA, an independent governing non-profit for IT professionals that creates and distributes globally recognized accreditation systems. This well-known organization provides critical knowledge, training and exams to validate real-world experience and other forms of education. According to ISACA, 90% of certification holders renew, and they’ve awarded 300,000 certifications to date.
For an overview of other popular management and ISACA certifications, download our free ebook, Cybersecurity certifications and skills: A roadmap for mid-career professionals.
Prerequisites for CISM certification
The CISM is an advanced certification for IT security professionals with several years of experience. However, even if you don’t meet the experience requirements, you can still take the exam without obtaining the official certification. You have five years to gain this experience and apply for the official certification.
The CISM requires at least five years of professional work experience within the distinct CISM job practice areas. It must be completed within 10 years before your application date for certification. Also, three of those years must be management experience. Candidates can augment these years of experience with other non-cybersecurity professional knowledge or some post-graduate degrees. However, double-check this before you sign up for the exam!
While there are several CISM certification requirements, meeting these prerequisites improves the likelihood that you’ll pass the CISM exam on the first try, and it properly sets you up for future job promotions and career development. The CISM is valuable foundational knowledge, especially if you want to specialize in a specific vendor like Amazon Web Services or a specific cybersecurity role like an application security engineer or a cyber insider threat analyst.
Breakdown of CISM certification costs
The CISM certification costs include:
- An application fee of $50 (for both members and non-members)
- An exam fee of $575 (for members) or $760 (for non-members)
- An annual maintenance fee of $45 (for members) or $85 (for non-members)
- Optional chapter dues (~$145 but varies based on location)
In addition, you might want to purchase on-demand or live training boot camps, study guides, practice exams and more to help you prepare for the exam. Infosec is an ISACA Accredited Elite+ Training Partner and works closely with them to provide up-to-date and approved CISM training courses throughout the year.
Maintaining your CISM certification
CISM certification holders need to maintain their official certification status. This includes going through the formal CISM renewal process every three years and paying the renewal fee.
You also must attain and report a minimum of 120 Continuing Professional Development (CPE) hours within the three-year reporting period.
Earn a $150,040 Salary with an ISACA CISM
The employment of information systems managers is projected to grow 16% by 2031. Get your ISACA CISM to launch into the field — backed with an Exam Pass Guarantee.
Preparing for the CISM exam
Proper preparation for the CISM is critical to passing. Depending on your learning style, you may utilize a combination of self-study materials, ISACA partner training boot camps, exam prep guides, question banks and more.
Your CISM certification is a significant investment of time and resources, so it’s good to plan how you will prepare for and pass the exam.
- We collected advice from instructors and students in a free guide, 5 mistakes to avoid when preparing for your exam, to help you effectively use your time.
- You may also want to watch our discussion with Infosec instructors on what to expect out of a certification boot camp if you’re considering any paid training options
- Lastly, if you’re interested in hearing more about the state of the industry, ISACA CEO Erik Prusch recently joined us for an in-depth discussion.
Value of CISM certification
According to ISACA, 70% of certified security managers experienced on-the-job improvements, and 42% received a pay boost. When analyzing the data of Infosec students, CISM certification holders were much more likely to receive a promotion than holders of other certifications.
The average CISM salary was also among the highest of those we analyzed, coming in at $156,420 (get our free Cybersecurity salary guide for more details). However, salary figures vary quite a bit based on location, industry and experience. CISM remains of the most in-demand certifications — and that demand has continued to grow over the past few years.
The CISM is a critical pillar of professional development and can help lead to the highest levels of leadership, like the Chief Information Security Officer (CISO) or Chief Information Officers (CIOs).
Comparing CISM with other cybersecurity certifications
In the cybersecurity world, there are dozens of certification exams, from broad knowledge assessment to specialized, vendor-specific training. As you advance in your career, here are how a few certifications stack up against the CISM.
CISM vs. CISSP
The Certified Information Systems Security Professional (CISSP) is another advanced-level certification often considered as an alternative, or in addition to, the CISM. The CISSP assesses more day-to-day security operations, while the CISM is more ideal for leadership positions and IT governance. In terms of pay impact, the average CISSP salary came in at $151,860.
CISM vs. CEH
The Certified Ethical Hacker (CEH) assesses more practical skills around penetration testing, security consulting and hacking versus management. Plus, the CEH exam prerequisites are much simpler, only requiring two years of work experience in information security or completing an EC-Council-approved training course, like the Infosec Ethical Hacking Boot Camp. This can lead to a job as a penetration tester, with an average salary of $134,217, according to our analysis.
CISM vs. CompTIA Security+
The CompTIA Security+ is the most popular entry-level cybersecurity certification available. It covers broader topics like identity management, cryptography and threat management. It also requires significantly fewer prerequisites and work experience than the CISM, so it is excellent for job titles like network administrator or security specialist. The most common job role for a Security+ holder is a security administrator, with an average salary of $99,446.
CISM vs. CRISC
The Certified in Risk and Information Systems Control (CRISC) is more specialized than the CISM, honing in on everything related to risk management. It dives deep into risk assessment, response and monitoring and is ideal for job titles like risk control manager or security risk manager. The CRISC is associated with some of the highest-paying roles and has an average salary of $160,083.
CISM certification guide
The CISM certification demonstrates a high level of expertise and real-world practical experience with information security. Ideal for those focusing on career development and promotion, the CISM is an excellent secondary certification for senior-level professionals.
Not only is it one of the highest-paying IT certifications, but CISM-certified professionals are in high demand and will only keep growing with the changing security landscape. The CISM certification process is a time and money commitment, so ensure you have adequate time to prepare and study. Check out the CISM certification hub for more details on the exam, domains, prerequisites, changes, study materials and more.
Earn a $150,040 Salary with an ISACA CISM
The employment of information systems managers is projected to grow 16% by 2031. Get your ISACA CISM to launch into the field — backed with an Exam Pass Guarantee.
FAQs
Look at a few frequently asked questions about the CISM exam below.
What are the ongoing maintenance requirements and costs for keeping the CISM certification active?
The CISM certification cost includes your initial application, exam and annual membership fee ($45 or $85, depending on membership status. Maintenance requirements include 120 continuous learning hours, and a formal recertification process every three years. The annual fee is reduced for those holding multiple ISACA certifications.
How does CISM certification compare to other cybersecurity certifications in terms of ROI?
In terms of return on your investment, the CISM is one of the most globally recognized and valuable cybersecurity certifications. It even offers one of the top-paying average salaries of $156,420 annually. In most cases, the ROI is well worth the training investment.
Can work experience in non-cybersecurity roles count towards the CISM prerequisites?
Non-cybersecurity roles can count towards the CISM prerequisites, but they must reside in one of the four job practice domain areas, like risk management. Other security certifications, like the Certified Information Systems Auditor (CISA) or a post-graduate degree in information security, can also count towards the prerequisites.
- Live expert CISM instruction
- Exam Pass Guarantee
- CISM exam voucher
In this Series
- CISM certification cost and requirements (2024): Your complete preparation guide
- CISM certification: What should your salary be in 2024
- The best resources for information security managers
- CISM Domain 2: Information Risk Management (IRM) [2022 update]
- CISM domain 1: Information security governance [Updated 2022]
- CISM: Overview of domains [updated 2022]
- CISM Domain 4: Information Security Incident Management (ISIM) [2022 update]
- Maintaining your CISM certification: Renewal requirements
- CISM exam details and process [Updated 2022]
- Common CISM job titles [updated 2022]
- How to earn CISM CPE credits [updated 2022]
- CISM domain 3: Information security program development and management [2022 update]
- CISM certification: Overview and career path [Updated 2022]
- 9 tips for CISM exam success [updated 2022]
- How to become CISM certified – certification requirements [updated 2022]
- CISM frequently asked questions (FAQ)
- CISM Domain – Information Security Program Development
