ISACA Certifications – CISM® & CISA®

The Certified Information Security Manager (CISM®) and Certified Information Systems Auditor (CISA®) certifications by ISACA are globally recognized credentials for IT security, auditing, and governance professionals.

About ISACA and the Importance of CISM® & CISA®

ISACA is a global professional association focused on IT governance, security, risk, and assurance. Its certifications are trusted by enterprises and government agencies worldwide.

  • CISM®: Focuses on information security governance, risk management, and incident response.
  • CISA®: Specializes in auditing, monitoring, and assessing IT systems.
In simple terms:

CISA = IT Auditing & Compliance

CISM = IT Security Governance & Management

Both certifications complement each other and position professionals for leadership roles in cybersecurity and risk management.

Eligibility & Requirements

CISM Requirements

  • Five years of work experience in information security management.
  • Up to two years waived with academic qualifications or other certifications.
  • Must adhere to ISACA’s Code of Ethics and CPE policy.

CISA Requirements

  • Five years of experience in information systems auditing, control, or assurance.
  • Up to three years of experience waived with degrees or relevant certifications.

Certification Process

  1. Register for the Exam:
    • CISM Exam Fee: US $575 (ISACA Members) | US $760 (Non-Members)Same pricing as above. Registration is valid for 12 months from the date of purchase.
    • CISA Exam Fee: Same pricing as above. Registration is valid for 12 months from the date of purchase.
  2. Schedule the Exam:Conducted via PSI testing centers or remote proctoring for flexibility.
  3. Pass the Exam:
    • CISM Domains: Security governance, risk management, program development, incident response.
    • CISA Domains: T auditing, governance, acquisition, implementation, and protection of assets
  4. Submit Application for Certification: Demonstrate the required professional work experience. Pay a US$50 application processing fee. Agree to ISACA’s Code of Professional Ethics.

Key Features

  • Globally recognized by enterprises and government agencies.
  • Strong focus on information security governance and leadership.
  • Covers emerging technologies – AI, blockchain, and cloud security.
  • Equips professionals to handle data breaches, ransomware, and advanced threats.
  • Complements CISA®, offering a dual pathway for career advancement.

Skills Covered

CISM Skills

  • Information Security Governance & Risk Management
  • Enterprise Security Program Development & Management
  • Cybersecurity Incident Response & Recovery
  • Regulatory Compliance and Governance

CISA Skills

  • IT Auditing and Assurance Techniques
  • Risk Assessment & Internal Controls
  • IT Operations, Business Continuity & Resilience
  • Data Protection and Asset Security

Certification Maintenance

Maintaining both certifications requires ongoing professional development:

  • CISM Maintenance: 20 CPE credits annually and 120 over three years. Adherence to ISACA’s Code of Ethics and Security Standards.
  • CISA Maintenance: 20 CPE credits annually and 120 over three years. Compliance with ISACA’s Information Systems Auditing Standards.

This ensures that certified professionals stay updated on the latest IT governance, risk, and security practices.

Join Our Community

Enter your email address to register to our newsletter subscription delivered on regular basis!