Security Encyclopedia

CISM (Certified Information Systems Manager)

The CISM (Certified Information Systems Manager) is a professional certification sponsored by ISACA for those who oversee, or seek to oversee, an information security program.

The CISM is meant for existing or aspiring managers, and is growing in relevance as cybersecurity at the enterprise level increasingly is becoming a c-level and board initiative. The thinking behind this certification is that as programs and needs grow, professionals will require management credentials alongside the various technical certifications that exposure to a large enterprise cybersecurity operation would require.

The Information Systems Audit and Control Association, which is known only by its acronym ISACA, is an international professional association that sponsors the CISM. The certification requirements include five years experience in the field, a single exam consisting of 200 questions taken over four hours, and a fee.


“CISM certification is a specific personal credential that those seek when they are overseeing, or want to oversee, an enterprise security program.”