ISACA · Official Blueprint · Last reviewed May 2026
The official ISACA CISM exam covers 4 domains. The vendor does not publish percentage weights for these domains — treat each as an equal part of the exam blueprint.
Covers the topics, concepts, and applied skills examined under the Information Security Program domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Information Security Program questionsCovers the topics, concepts, and applied skills examined under the Information Security Risk Management domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Information Security Risk Management questionsCovers the topics, concepts, and applied skills examined under the Information Security Governance domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Information Security Governance questionsCovers the topics, concepts, and applied skills examined under the Incident Management domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Incident Management questionsThe vendor does not currently publish percentage weights for these domains, so Courseiva does not rank them by weight.
Work through each domain systematically — cover fundamentals first, then applied and scenario-based topics.
Never skip a domain regardless of perceived importance. Full coverage is required to pass.
Use Courseiva domain analytics to track your accuracy per domain and route extra questions to your weak areas.
Courseiva tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.