The new CISM (Certified Information Security Manager)…What do you need to know?

Rajesh Laskary
5 min readJul 25, 2021

If you think I am going to tell you that there are now only 150 questions in new CISM to be answered in 240 minutes, No that’s not what I am talking about here. This information is already out there on the ISACA website and on many other websites too. Then what do I need to know?

In the past few years, more cybersecurity breaches have started making headlines worldwide, attack methods have become more sophisticated and the number of attacks has significantly increased. There is a need for organizations to be more proactive in protecting information assets. Hence an information security manager, even though he may be an expert in a particular domain of security, is expected to be able to see the security landscape of an organization holistically.

This is the very reason you’ll find many of the questions in these exams are more practical and based on the latest trends and happenings in the domain of information security than they used to be earlier.

I receive a lot of messages on some of the common topics which I have tried to summarize in my own language for those who are planning to appear or are already preparing for CISM.

While in the exam you just have to use and apply what you have known, understood, and learned till today. There are no braindumps available and even if there are, those will be of no use no matter how many QnA you solve and I think that’s the beauty of any certification exam conducted by ISACA or ISC2 and many other such organizations in the cybersecurity space. So just understand the concepts and basics of information security- The CIA triad, threat management, vulnerability management, risk management, etc. There is nothing to remember or to memorize in CISM

What additional resources do I need now?

  • Just the CISM book is not enough I would say. ISACA has a lot of information available for free on their website in form of articles, blogs, whitepapers, online forums, journals, etc.
  • Devote at least 15–20 mins of your time every day to go through these for 2–3 months before you appear for the exam.
  • If you have any ‘CISSP’ book available, I would suggest going through a few chapters of that book on…



Rajesh Laskary

Author, Cybersecurity, Cloud, Blockchain Professional(CISSP, CRISC, CISM, CCAK, CIAM, CIST, CEH, COBIT, CBSP, CBE, ISO27001 LA, ISO27005 RM, PMP, PMI-ACP)