Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*

CISM: Frequently Asked questions (FAQs)

CISM Exam is definitely an important milestone in a professional’s career. So it is natural to have concerns and questions about this exam. Here are some of the frequently asked questions regarding the exam which might help you if you are planning to take this certification test soon.

The date for 2019 Exam Registration: Looking forward to registering for the 2019 CISM exam? Registration for this exam has already started in February 2019. 18th May 2019 is the final registration deadline and 23rd May 2019 is the final scheduling deadline. You can easily register yourself by creating a login id for ISACA account. There you need to set up a profile and get a membership. After it is done you can move forward to a simple online registration process.

Cost to take the CISM exam: Registration fees till 18th May 2019 is $575 for members and $760 for non-members. Payment can be done online through credit card or by cheque or wire. Exam registration fees are non- refundable and non-transferable.

Locations for the exams: ISACA administers all CISM Exams at PSI testing locations and kiosks.  More locations are constantly being included in this list. To know more about the location and what to expect on the exam day, it is suggested to watch a video on

PSI Test Center:

PSI Kiosks:

How much should be scored to pass the exam?

CISM test uses a 200-800 scaled scoring method. This is how the performance of comparison among the candidates is done. 450 out of 800 is the passing score that has been set by the Certification Working Group through a process known as “cut score.” CISM exam has four domains and all the domains have individually applied weights. You will be scored in each domain on the basis of your performance in each area. A candidate who doesn’t score 450 or more is considered unable to pass the exam. Such candidates can schedule a retake in the next testing window by registering again and paying through the automated system. ISACA gives a result with proper analyzation of the overall score. This helps in identifying the weak area and to make efforts for improvement.

What are the topics included in each domain of the CISM exam?

Four different infosec management areas are covered under the CISM exam syllabus.

Domain I: Information Security Governance / applied weight 24%

The alignment between the infosec strategy and certain organizational goals and objectives is the main focus of this domain. It directs and controls the assignment of authority to make certain decisions and it also ensures that the IT governance framework adheres to business objectives along with applicable laws and regulations.

Domain II: Information Risk Management / applied weight 30 %

This domain deals with the extent of accepted risk an organization is willing to take in order to meet its goals and objectives. Candidates are expected to understand the policies, procedures, and technology in order to reduce threats around unprotected data and increase security.

Domain III: Information Security Program Development and Management / applied weighted 27 %

Development and maintenance of an infosec program to identify, manage, and protect an organization’s assets along with maintaining effective security are dealt with in this domain. Thus, here areas like a chain of command, corporate culture, existing functions, the current state of security, and industry standards for infosec are explored.

Domain IV: Information Security Incident Management / applied weight 19 %

To do well in this domain, candidates must have good knowledge of how to detect, investigate, respond to, and recover from infosec incidents and security breaches. It also covers detecting and correcting problem areas, gathering forensic evidence, or improving the overall strength of risk treatments.

When to expect the exam result?

Candidates receive a preliminary pass/fail score at the testing center after they finish the exam. The official documented result is sent within 10days of the chosen exam date on the candidate’s email id. Therefore, it is suggested to notify ISACA if there is any change in the candidates shared profile. The result is not issued over telephone or fax.

Is it possible to take CISA, CISM, CGEIT, and CRISC exams in the same exam window?

Candidates are allowed to take each of these exams within the same window. But it is not possible to retake the same exam more than once during a single exam time.

What are the continuing requirements for the CISM exam?

It is important to follow the ISACA code of professional ethics. It includes both personal and professional behavioral expectations. If a candidate fails to adhere to the code of professional ethics he/she may even lose the certification. Besides sticking to the ethics code, education maintenance fee along with the proof of at least five years experience in the infosec field and at least 120 CPE hours earned within the fixed three-year certification cycle are other criteria.

Sweta Choudhary
Writer And Editor
Sweta Choudhary is a writer and editor for last 10 years. After completing her journalism from Delhi, she started her career with ‘The Pioneer’ Newspaper in 2003. She has also worked with other esteemed organisations like and Algerian Embassy. She has written various articles on wide range of topics like mainstream news, lifestyle, fashion, travel blogs, book reviews, Management courses, Information Technology, Workplace Organisation Methodologies (5S) and many more. Her work can be read on the websites of multiple organisation, magazines and Quora.