The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

ISACA to Update CISM Certification Job Practice

Rolling Meadows, IL, USA (13 December 2016) — Global business technology and information security association ISACA has updated its Certified Information Security Manager certification exam based on refreshed expert input pinpointing the most relevant knowledge and experience needed in the profession.


ISACA’s CISM certification promotes international security practices and recognizes individuals who manage, design and oversee an enterprise’s information security. Since 2002, more than 33,000 individuals have earned the CISM designation.


While the four CISM job practice domains remain similar, the exam weighting will shift slightly. The new weighting is as follows:


Domain 1—Information Security Governance: Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives. (24 percent)


Domain 2—Information Risk Management: Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives. (30 percent)


Domain 3—Information Security Program Development and Management: Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture. (27 percent)


Domain 4—Information Security Incident Management: Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. (19 percent)


“As the CISM certification marks its 15th anniversary in 2017, this updated job practice will ensure that the credential reflects the most current knowledge and experience that information security managers need to thrive in this critically important and in-demand field,” said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s Board of Directors and group director of Information Security for INTRALOT.


ISACA conducts a job practice analysis every five years, at a minimum, to keep pace with industry demands and changes. The CISM Practice Analysis Task Force recently completed a nine-month assessment that resulted in the revised job practice. The CISM Practice Analysis Task Force was composed of eight CISM task force members, and the collective opinions of more than 1,400 information security professionals from around the world also helped to validate the revised job practice.


Effective with the first 2017 exam administration, the CISM exam will contain 150 questions testing the new job practice. For more information about the 2017 CISM job practice, visit


The CISM certification recently was named a finalist among top professional certification programs in the 2017 SC Magazine Awards.


ISACA’s CISA, CISM, CRISC and CGEIT certifications will be offered in 2017 during three eight-week testing windows through computer-based testing. The first window will be 1 May-30 June, with registration available on ISACA’s website.


More information regarding ISACA certifications can be found at



ISACA ( helps professionals around the globe realize the positive potential of technology in an evolving digital world. By offering industry-leading knowledge, standards, credentialing and education, ISACA enables professionals to apply technology in ways that instill confidence, address threats, drive innovation and create positive momentum for their organizations. Established in 1969, ISACA is a global association with more than 140,000 members and certification holders in 187 countries. ISACA is the creator of the COBIT framework, which helps organizations effectively govern and manage their information and technology. Through its Cybersecurity Nexus (CSX), ISACA helps organizations develop skilled cyber workforces and enables individuals to grow and advance their cyber careers.