Contact

ISACA CISM Exam Update: What’s Changed

Published
29 Jul 2022
Read time
3 min read
Category
Privacy, Security, Security Practice, Training

The ISACA updates the content of its curriculum and exams around every five years. The CISM Exam has recently been revised, and the changes came into effect on 1 June 2022.  Here’s what changed in the most recent CISM Exam Content Outline update.  

What Does the CISM Exam Cover?  

The content outline for the 2022 CISM Exam is as follows:  

Domain 1 – Information Security Governance 

  1. Enterprise governance 
    1. Organisational culture 
    2. Legal, regulator, and contractual requirements 
    3. Organisational structures, roles, and responsibilities 
  2. Information Security Strategy 
    1. Information security strategy development 
    2. Information governance frameworks and standards 
    3. Strategic planning 

Domain 2 – Information Security Risk Management 

  1. Information security risk assessment 
    1. Emerging risk and threat landscape 
    2. Vulnerability and control deficiency analysis 
    3. Risk assessment and analysis 
  2. Information Security risk response 
    1. Risk treatment/risk response options 
    2. Risk and control ownership 
    3. Risk monitoring and reporting 

Domain 3 – Information Security Program 

  1. Information security program development 
    1. Information security program resources 
    2. Information asset identification and classification 
    3. Industry standards and frameworks for information security 
    4. Information security policies, procedures, and guidelines 
    5. Information security program metrics 
  2. Information security program management 
    1. Information security control design and selection 
    2. Information security control implementation and integrations 
    3. Information security control testing and evaluation 
    4. Information security awareness and training 
    5. Management of external services 
    6. Information security program communications and reporting 

Domain 4 – Incident Management 

  1. Incident management readiness  
    1. Incident response plan 
    2. Business impact analysis 
    3. Business continuity plan 
    4. Disaster recovery plan 
    5. Incident classification/categorisation 
    6. Incident management training, testing, and evaluation 
  2. Incident management operations 
    1. Incident management tools and techniques 
    2. Incident investigation and evaluation 
    3. Incident containment methods 
    4. Incident response communications 
    5. Incident eradication and recovery 
    6. Post-incident review practices.  

In addition to the knowledge contained in these domains, there are 37 supporting tasks that make up the curriculum for the 2022 CISM. 

What Changed in the 2022 CISM Exam Update? 

The most significant change to the CISM exam content outline in 2022 is the weight of each domain in the exam material. 

In the 2022 CISM exam update the weight is as follows:  

  • Domain 1: Information Security Governance is worth 17% 
  • Domain 2: Information Security Risk Management is worth 20%  
  • Domain 3: Information Security Program is worth 33% 
  • Domain 4: Incident Management is worth 30%.  

Prior to the 2022 CISM Exam update, domain 1 was worth 24%, domain 2 was worth 30%, domain 3 was worth 27% and domain 4 was worth 19%.  

As you can see, the exam now places much more weight on domains 3 and 4.  

These domains cover more of the technical and practical elements of information security management and incident management. There is less of a focus on governance in the updated CISM exam content.  

CISM Exam Content Updates in 2022 

The domains remain largely the same in the 2022 CISM exam update, with some minor changes to the language. For instance, Domain 4 is now called Incident Management instead of Information Security Incident Management.  

CISM Exam Format Updates in 2022 

The exam format has not changed for 2022. There will still be 150 multiple-choice questions that you must answer within 4 hours. The exam is still difficult and will involve you considering and selecting which answer is the ‘most right’ or ‘least incorrect’.  

Read the CISM Exam Guide here. 

CISM Exam Resources 

View the 2022 CISM Exam Content Outline. 

See the ISACA CISM Exam Prep Guide. 

You can also:  

For more information about the CISM training courses, contact us! 

Ready to turn insight into action?
Connect with Privacy 108.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Privacy 108 collects your name and contact details to respond to your enquiry and communicate with you about it. If you do not provide this information, we may be unable to respond. We do not disclose this information to third parties. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Talk to us?
Looking to take your business to the next level? Speak with our experts today!
Contact us
Related articles
  • 1300 41 20 50
  • Level 3, 240 Queen St, Brisbane QLD 4000
  • Ground Floor Reception, 3 Spring St, Sydney NSW 2000
  • PO Box 3295, Yeronga QLD 4104
  • Follow us on LinkedIn
Services
Privacy Risk Management Privacy Impact Assessments AI Governance Privacy Legal Services Research and Policy
Company
About Privacy 108 Our Team Careers Insights Contact Us Privacy Policy Terms & Conditions
Subscribe to our newsletter
Subscribe
Privacy 108 Consulting Pty Ltd ABN 52 600 425 885 is an incorporated legal practice registered with the Queensland Law Society. Liability limited by a scheme approved under Professional Standards Legislation.
We respectfully acknowledge the Traditional Owners of the land we work on and pay our respects to their Elders past, present and future in maintaining the culture, country and their spiritual connection to the land.
© 2026 by Privacy 108 Consulting Pty Ltd. ABN 52 600 425 885
Website by DeeperLook
Subscribe to our Newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.