I wanted to share my thoughts on the new CISM curriculum, which is what you will be tested on after June 1st 2022.
The CISM curriculum changes are minor:
- Some topics moved from one domain to another.
- Domain weight changes.
- Slightly more technical.
- A little more focus on management/tactical and less on Governance.
- A few new topics like DevSecOps and NIST Cybersecurity framework.
CISM Domain weight before June 1st 2022:
Domain 1 — Information Security Governance – (24%) 36 Questions
Domain 2 — Information Risk Management – (30%) 45 Questions
Domain 3 — Information Security Program Dev. and Mgmt. – (27%) 40 Questions
Domain 4 — Information Security Incident Management – (19%) 29 Questions
CISM Domain weight after June 1st 2022:
Domain 1 — Information Security Governance – (17% -7%) 25 Questions
Domain 2 — Information Security Risk Management – (20% -10%) 30 Questions
Domain 3 — Information Security Program – (33% +6%) 50 Questions
Domain 4 — Incident Management – (30% +11%) 45 Questions
What stays the same on the CISM exam after June 1st 2022?
- 150 questions on the exam.
- 4 hours.
- You can still review questions.
- You can take the test both in-person in a test center or remote proctored.
- All questions are multi-choice questions with 4 answer options.