ISACA · 2026 Edition
A complete preparation guide written by ISACA-certified engineers. Covers the exam format, all 4 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
2–4 months
Prep time
Intermediate
Difficulty
150
Exam questions
450/1000
Pass mark
Exam code
CISM
Full name
CISM
Vendor
ISACA
Duration
240 minutes
Questions
~150 items
Passing score
450 / 1000 (scaled)
Domains covered
4 blueprint domains
Recommended experience
Foundational IT knowledge recommended
Typical prep time
2–4 months
Official ISACA blueprint weights — study time should roughly match these percentages.
Phase 1
Information Security Governance
Tip: Study the official exam objectives for this domain before practising questions.
Phase 2
Information Security Risk Management
Tip: Study the official exam objectives for this domain before practising questions.
Phase 3
Information Security Program
Tip: Study the official exam objectives for this domain before practising questions.
Phase 4
Incident Management
Tip: Study the official exam objectives for this domain before practising questions.
Study the official exam blueprint — weight percentages tell you exactly where to invest prep time.
Practise scenario-based questions regularly — every modern cert exam is scenario-heavy.
Use spaced repetition to retain what you've learned (Courseiva does this automatically).
Book your exam date once you're scoring 80%+ consistently on practice tests.
Review explanations for every wrong answer, not just the question — the 'why' is what makes it stick.
Apply everything in this guide with adaptive practice questions, AI explanations, and domain analytics.
Deep-dive explanations of the key topics tested on CISM — with exam key points and common misconceptions.