What's included for free?

All study guides, practice questions, and explanations are completely free. We also include 10 AI-powered questions daily. For unlimited AI assistance, you can upgrade to Pro.

Why is the content free?

OpenExamPrep was founded by Ran Chen, a CFP® who passed multiple financial exams and believes quality exam prep shouldn't cost hundreds of dollars. With AI, we can create quality content at scale and make it accessible to everyone.

Is the content up to date?

Yes. Our content is aligned with the latest exam outlines and updated regularly. Last update: January 2026.

CISM Study Guide

Exam

Current CISM Exam Facts The November 2026 Outline Change The Security Manager Mindset Scaled Score and Preliminary Status Registration Scheduling and Fees Certification After Passing

Organizational Culture and Governance Signals Legal Regulatory and Contractual Requirements Structures Roles and Responsibilities Information Security Strategy Development Governance Frameworks and Standards Strategic Planning Budgets and Business Cases

Emerging Risk and Threat Landscape Vulnerability and Control Deficiency Analysis Risk Assessment and Analysis Risk Treatment and Response Options Risk and Control Ownership Risk Monitoring and Reporting

Program Resources People Tools and Technologies Information Asset Identification and Classification Industry Standards and Frameworks Policies Procedures and Guidelines Information Security Program Metrics Program Alignment With Strategy

Security Control Design and Selection Control Implementation and Integration Control Testing and Evaluation Security Awareness and Training External Services and Supplier Management Program Communications and Reporting

Incident Response Plan Business Impact Analysis Business Continuity Plan Disaster Recovery Plan Incident Classification and Categorization Incident Training Testing and Evaluation

Incident Management Tools and Techniques Incident Investigation and Evaluation Incident Containment Methods Incident Response Communications Incident Eradication and Recovery Post-Incident Review Practices

Internal and External Influences Maintaining Security Strategy Governance Framework Maintenance Corporate Governance Integration Policy Direction and Standards Business Cases for Security Investment

Senior Leadership Commitment Responsibilities and Lines of Authority Program Effectiveness Reporting Risk Process Oversight Threat and Vulnerability Participation Risk Appetite and Treatment Decisions

Information Security Requirements in Contracts Monitoring External Parties Information Asset Lifecycle Thinking Cloud SaaS and Provider Risk AI Blockchain and Ransomware Context Compliance and Control Evidence

Domain-Weighted Study Allocation Management-Focused Answer Choices One-Best-Answer Elimination Timed Four-Hour Practice Using Domain Feedback Correctly Retake Rescore and Post-Exam Feedback

Two-Week Final Review Plan Exam Day Rules and Identification Remote Proctoring Readiness Preliminary Status Versus Official Score Application Window Experience and Ethics CPE Maintenance After Certification

Free Study Guide•Practice questions, flashcards, and related resources

Free CISM Exam Prep

ISACA Certified Information Security Manager (CISM)

Pass your CISM exam without spending hundreds on expensive prep courses. Free study guides, practice questions, flashcards, and related exam resources.

Quick Facts

Chapters

Sections

Our Cost

Updated January 2026

Start Chapter 1

CISM

Study Guide Practice Questions198 questions

2 blogs

Prepare for the ISACA Certified Information Security Manager Exam: CISM Review Manual

$19.99 · Buy on Amazon

Take courses on Udemy

Learning path on Pluralsight

Same family resources

Explore More ISACA Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

More From This Family

Videos and articles for deeper review.

ArticleCISM Exam Guide 2026: FREE ISACA Study Plan + Practice30 min read ArticleCISA Exam Guide 2026: FREE ISACA Study Plan + Practice28 min read ArticleCOBIT 2019 Foundation 2026: Governance-First Prep6 min read ArticleCRISC Exam Guide 2026: FREE ISACA Study Plan + Practice30 min read

Your Study Path

CISM ISACA Certifications License: Complete Roadmap

Follow this path to maximize your chances of passing on the first try

Phase 1: Governance and StrategyYou are here

Establish governance and strategic alignment fundamentals.

hours

Phase 2: Risk Management

Practice assessment, treatment, and risk communication scenarios.

hours

Phase 3: Security Program and Incidents

Cover program implementation and incident readiness/operations.

hours

Phase 4: Full Scenario Drills

Run timed management-oriented mixed-domain simulations.

hours

Estimated total study time

84 hours

That's about 9 weeks at 10 hours/week

Can You Take the CISM Exam?

Check if you meet the basic eligibility requirements

Age

Education

No degree required to sit the exam

Experience

5 years of professional information security management experience for certification (experience waivers available up to 2 years)

Additional Requirements

•Apply for certification within 5 years of passing
•Pay one-time CISM application processing fee
•Maintain certification with annual fees and CPE reporting

CISM Quick Facts

Time to Get Licensed

8-14 weeks for most candidates

From start to license in hand

Exam Provider

PSI

Remote Testing Available

Schedule Your Exam

Retake Policy

ISACA allows 4 attempts in a rolling 12-month period. Wait 30 days before attempt 2, then 90 days before attempts 3 and 4 after failed attempts.

Total Cost Breakdown

Exam Fee$575 member / $760 nonmember

Application Fee$50 (one-time certification application processing)

Total Estimated Cost$625-$810+ before ongoing annual maintenance

Why Choose Us

Free CISM Prep That Actually Works

The official pass rate is ISACA does not publish official CISM pass-rate statistics.. Our students do better.

198 Practice Questions

CISM-focused question bank across governance, risk, program, and incident domains.

AI-Powered Learning

Accelerate weak-domain remediation for managerial scenario questions.

2026 Updated

Aligned with the current CISM outline, 2026 ISACA candidate guide, and the 3 November 2026 outline update.

Free Access

Start CISM exam prep free with domain-based progression.

Compare:

Kaplan $300+•Achievable $200+•OpenExamPrep $0

What You'll Study

12 chapters covering everything you need to pass

Chapter 1: CISM Orientation and 2026 Exam Facts

6 sections

Chapter 2: Information Security Governance

6 sections

Chapter 3: Information Security Risk Management

6 sections

Chapter 4: Information Security Program Development

6 sections

Chapter 5: Program Management and Control Execution

6 sections

Chapter 6: Incident Management Readiness

6 sections

Chapter 7: Incident Management Operations

6 sections

Chapter 8: Supporting Governance Tasks

6 sections

Chapter 9: Cross-Domain Risk and Program Decisions

6 sections

Chapter 10: External Parties Data and Emerging Technology

6 sections

Chapter 11: CISM Practice Strategy

6 sections

Chapter 12: Final Review and Exam Day Readiness

6 sections

CISM Exam Details

ISACA Certified Information Security Manager (CISM)

Administered by ISACA

Official Source

450/800 scaled score

Passing Score

150

Questions

Hours

$575 (ISACA member) / $760 (nonmember)

Exam Fee

Study time: No official study-hour requirement; certification eligibility is based on experience criteria and exam performance.

Prerequisites: Exam is open to anyone; certification requires 5 years of professional information security management experience and application approval

Valid for: Ongoing with annual maintenance and 120 CPE hours per 3-year reporting cycle

Exam Content Breakdown

Based on the official ISACA content outline

Information Security Governance17%

Governance structure, strategy alignment, and compliance obligations.

Information Security Risk Management20%

Risk identification, analysis, response options, and risk ownership.

Information Security Program33%

Program development, control implementation, and program management.

Incident Management30%

Readiness, incident operations, recovery, and post-incident improvement.

What's Included

12 Chapters

Complete exam coverage

Practice Quizzes

With detailed explanations

Free to Start

No credit card required

CFP®

Why It's Free

Quality Exam Prep Shouldn't Cost Hundreds

I'm Ran Chen, an engineer with 20+ years of coding experience. I passed my Life Insurance license, EA exam, SIE, Series 6, 63, 65, and finally the CFP® exam.

Through all these exams, one thing became clear: exam prep is expensive. But with AI, we can change that. Quality preparation can now be free for everyone.

Connect with Ran

What's Next After the CISM?

After passing the CISM, you can pursue these career paths

CISSP

Broaden management focus into deeper multi-domain technical and architectural scope.

CISA

Add formal IS audit and control assurance coverage to management credentials.

CCSP

Layer cloud security architecture specialization onto security management expertise.

Coming Soon

CISM Exam FAQ

Official ISACA Resources

Verify information with these official sources

ISACA CISM Certification Page CISM Exam Content Outline ISACA Certification Exam Candidate Guide (2026)CISM Certification Requirements

More Free Resources

Spotify YouTube Blog & Newsletter

No Credit Card Required

Ready to Start Your Free CISM Prep?

Join thousands of candidates who passed their exams using our free study materials.

Start Chapter 1 Free

CISM Study Guide

1Chapter 1: CISM Orientation and 2026 Exam Facts

2Chapter 2: Information Security Governance

3Chapter 3: Information Security Risk Management

4Chapter 4: Information Security Program Development

5Chapter 5: Program Management and Control Execution

6Chapter 6: Incident Management Readiness

7Chapter 7: Incident Management Operations

8Chapter 8: Supporting Governance Tasks

9Chapter 9: Cross-Domain Risk and Program Decisions

10Chapter 10: External Parties Data and Emerging Technology

11Chapter 11: CISM Practice Strategy

12Chapter 12: Final Review and Exam Day Readiness

Free CISM Exam Prep

Quick Facts

CISM

Explore More ISACA Certifications

CISA

CRISC Certified in Risk and Information Systems Control

ISACA COBIT 2019 Foundation

ISACA Certified Cybersecurity Operations Analyst (CCOA)

ISACA CGEIT Certified in Governance of Enterprise IT

ISACA Information Technology Certified Associate (ITCA)

More From This Family

CISM ISACA Certifications License: Complete Roadmap

Phase 1: Governance and StrategyYou are here

Phase 2: Risk Management

Phase 3: Security Program and Incidents

Phase 4: Full Scenario Drills

Can You Take the CISM Exam?

CISM Quick Facts

Time to Get Licensed

Exam Provider

Retake Policy

Total Cost Breakdown

Free CISM Prep That Actually Works

198 Practice Questions

AI-Powered Learning

2026 Updated

Free Access

What You'll Study

Chapter 1: CISM Orientation and 2026 Exam Facts

Chapter 2: Information Security Governance

Chapter 3: Information Security Risk Management

Chapter 4: Information Security Program Development

Chapter 5: Program Management and Control Execution

Chapter 6: Incident Management Readiness

Chapter 7: Incident Management Operations

Chapter 8: Supporting Governance Tasks

Chapter 9: Cross-Domain Risk and Program Decisions

Chapter 10: External Parties Data and Emerging Technology

Chapter 11: CISM Practice Strategy

Chapter 12: Final Review and Exam Day Readiness

CISM Exam Details

ISACA Certified Information Security Manager (CISM)

Exam Content Breakdown

What's Included

12 Chapters

Practice Quizzes

Free to Start

Quality Exam Prep Shouldn't Cost Hundreds

What's Next After the CISM?

CISSP

CISA

CCSP

CISM Exam FAQ

What's included for free?

Why is the content free?

Is the content up to date?

Official ISACA Resources

More Free Resources

Ready to Start Your Free CISM Prep?