[IT] CISM Exam Content Areas

CISM: Certified Information Security Manager


Information Security Governance (21%)

Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

Risk Management (21%)

Identify and manage information security risks to achieve business objectives.

Information Security Program(me) Management (21%)

Design, develop and manage an information security program(me) to implement the information security governance framework.

Information Security Management (24%)

Oversee and direct information security activities to execute the information security program(me).

Response Management (13%)

Develop and manage a capability to respond to and recover from disruptive and destructive information security events.