ISACA’s CISM Certification Celebrates 20 Years with Increased Focus on Security Program Management and Incident Management

Launching CISM Exam Updates on June 1

SCHAUMBURG, Ill., April 14, 2022–(BUSINESS WIRE)–In a challenging landscape marked by the global pandemic and increasing threats, many companies and boards have learned the hard way about the importance of risk management, governance, business continuity and resilience planning. Certified Information Security Officer® (CISM®) certification from ISACA, celebrating its 20and anniversary this year, has updated its exam content to reflect the evolving areas of interest of information security practitioners.

The enhanced CISM exam content reflects changes in practitioner needs to include emerging technologies, as well as incident containment and eradication. The main changes are related to domain weighting, the format of the exam content outline itself, and the incident response phases in the incident management area. The updated CISM exam will be launched on June 1, 2022 and the deadline to take the current exam is May 31, 2022.

The areas remain the same: 1) Information Security Governance, 2) Information Security Risk Management, 3) Information Security Program, and 4) Incident Management. However, they are now weighted at 17%, 20%, 33% and 30% respectively, with greater emphasis on the information security program (both development and management), as well as incident management.

The new exam content presentation format has also been revised to reflect subtopic statements as opposed to task statements, which reflect the knowledge associated with the current practice of information security professionals, as well as as supporting task statements that reflect activities or actions that apply knowledge in a given area. A key difference from the content of the previous exam is in the area of ​​incident management, which now highlights the phases of incident response as specific knowledge topics such as investigation, containment, eradication and recovery, and incident response communications.

“Since the introduction of CISM 20 years ago, ISACA has continuously examined the changing role of information security practitioners and the changing dynamics and responsibilities they face as a result of emerging technologies and security threats,” said Kim Cohen, ISACA Senior Director, Credentialing. “As a thought leader in digital trust, ISACA is committed to providing information security professionals around the world with industry-leading credentials, training and resources at every stage of their journey. professional, and as part of that commitment, we continuously adjust the questions asked on our CISM certification exam to ensure candidates are assessed on the most relevant information security practices.”

New exam preparation is now available, including the CISM Revision Manual, 16and Print Edition and e-Book, The CISM Online Review Course, The CISM Review, Questions, Answers and Explanations Handbook, 10and Print edition and online database, and a free CISM practice quiz. Current exam prep materials are still available for purchase until May 31, 2022, but do not grant access to new exam prep materials at a later date.

CISM certification celebrates its 20th anniversaryand anniversary this year, and more than 65,000 professionals have earned the title since its inception. Since then, CISM has been the globally recognized benchmark that ensures alignment between an organization’s information security program and its broader strategic objectives. Management-focused CISM is also the globally accepted achievement for people who develop, build, and manage enterprise information security programs. CISM Certification won the SC 2020 award for “Best Professional Certification Program”, marking the second time in three years that CISM has received this recognition. The certification also ranks sixth among the fifteen highest-paying IT certifications based on the 2021 IT Skills and Salary Report by Global Knowledge, with an average salary in the United States of $149,246.

“As an information security manager, I believe the guidance and resources to understand the alignment of business value and information technology strategy has helped increase awareness of taking risk-based decision for reduced risk,” says Marilyn Moux, CISM holder and technology specialist. consultant. “It also helped us understand the tools needed to help the business and its security professionals develop strategies to help organizations protect against cyber adversaries.”

To learn more about CISM and to apply for certification, visit

Read here how CISM holders view the evolution of the profession over the past two decades.


For more than 50 years, ISACA® ( has empowered individuals with the knowledge, credentials, education and community to advance their careers and transform their organizations, and empowered businesses to train and building quality teams. ISACA leverages the expertise of more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through through technology. It is present in 188 countries, including more than 220 chapters. In 2020, ISACA launched One In Tech, a philanthropic foundation.

See the source version on


Emily Van Camp, [email protected], +1.847.385.7223
Kristen Kessinger, [email protected], +1.847.660.5512

Comments are closed.