The Certified Information Security Manager (CISM) certification from ISACA targets security professionals who manage, design, and oversee enterprise information security programs. Unlike the more technical CISSP (which our CISSP books post covers), CISM focuses on governance, risk management, and aligning security with business objectives. Peter H. Gregory dominates the study material space for this exam.
Last reviewed: March 2026. All links and availability verified.
CISM Certified Information Security Manager All-in-One Exam Guide, 2nd Edition
Peter H. Gregory’s McGraw Hill guide (October 2022) covers 100% of CISM exam domains: information security governance, information risk management, information security program development and management, and information security incident management. Gregory holds CISM, CISA, CRISC, and CISSP certifications and has authored over 50 books on information security, which shows in the practical depth of the exam prep material. Each chapter includes practice questions, exam tips, and real-world scenarios that mirror the thought process the exam tests.
This is the primary study resource for CISM candidates. The All-in-One format gives you everything in a single book.
- Author: Peter H. Gregory
- Published: October 2022 (McGraw Hill, 2nd Edition)
- Best for: Primary CISM exam study guide
- Amazon: Buy on Amazon
CISM Certified Information Security Manager Practice Exams
The companion practice exam book, also by Gregory. Hundreds of practice questions aligned to CISM exam domains with detailed answer explanations that explain why the correct answer is correct and why the wrong answers are wrong. The CISM exam tests your ability to make governance and risk management decisions, not recall technical facts. Drilling through practice questions builds the decision-making pattern recognition that the exam requires.
- Author: Peter H. Gregory
- Published: McGraw Hill
- Best for: Practice question drilling, answer analysis
- Amazon: Buy on Amazon
CISM Bundle (Best Value)
Gregory’s bundle combines the All-in-One Exam Guide and Practice Exams at a lower combined price. If you plan to buy both (and you should for serious exam prep), the bundle is the most cost-effective option.
- Author: Peter H. Gregory
- Includes: All-in-One Exam Guide, 2nd Ed + Practice Exams
- Amazon: Buy on Amazon
Study approach
| Your approach | What to buy |
|---|---|
| Complete preparation | CISM Bundle (study guide + practice exams) |
| Study guide only | All-in-One Exam Guide, 2nd Ed |
| Already studied, need practice | Practice Exams only |
CISM requires 5 years of information security management experience (with some waivers available). The exam tests managerial decision-making, not technical skills. When studying, focus on understanding why answers are correct from a governance and business perspective, not just a security perspective.
