I wanted to share my thoughts on the new CISM curriculum, which is what you will be tested on after June 1st 2022.

The CISM curriculum changes are minor:

  • Some topics moved from one domain to another.
  • Domain weight changes.
  • Slightly more technical.
  • A little more focus on management/tactical and less on Governance.
  • A few new topics like DevSecOps and NIST Cybersecurity framework.

 

CISM Domain weight before June 1st 2022:

Domain 1 — Information Security Governance – (24%) 36 Questions

Domain 2 — Information Risk Management – (30%) 45 Questions

Domain 3 — Information Security Program Dev. and Mgmt. – (27%) 40 Questions

Domain 4 — Information Security Incident Management – (19%) 29 Questions

CISM Domain weight after June 1st 2022:

Domain 1 — Information Security Governance – (17% -7%) 25 Questions

Domain 2 — Information Security Risk Management – (20% -10%) 30 Questions

Domain 3 — Information Security Program – (33% +6%) 50 Questions

Domain 4 — Incident Management – (30% +11%) 45 Questions

 

What stays the same on the CISM exam after June 1st 2022?

  • 150 questions on the exam.
  • 4 hours.
  • You can still review questions.
  • You can take the test both in-person in a test center or remote proctored.
  • All questions are multi-choice questions with 4 answer options.