ISACA · Official Blueprint
CISM Exam Domains & Blueprint
The official ISACA CISM exam covers 4 domains. Domain weights tell you exactly how much of the exam each topic represents — and where to invest your study time.
CISM Domain Weight Summary
Detailed Domain Breakdown
Domain 1: Information Security Governance
Covers the core concepts, terminology, and skills tested under the Information Security Governance section of the official exam blueprint.
Domain 2: Information Security Risk Management
Covers the core concepts, terminology, and skills tested under the Information Security Risk Management section of the official exam blueprint.
Domain 3: Information Security Program
Covers the core concepts, terminology, and skills tested under the Information Security Program section of the official exam blueprint.
Domain 4: Incident Management
Covers the core concepts, terminology, and skills tested under the Incident Management section of the official exam blueprint.
How to Use Domain Weights in Your Study Plan
The heaviest domain on the CISM is "Information Security Governance" at null%. Start here and return to it regularly.
Allocate study time proportional to domain weight — a 25% domain deserves roughly 25% of your prep hours.
Never skip a low-weight domain. A 10% domain still represents 5–7 exam questions — enough to make the difference between pass and fail.
Use JT Exams domain analytics to track your accuracy per domain automatically. The system routes extra questions to your weak areas.
Practice every CISM domain
JT Exams tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.
No credit card · Cancel anytime