CISM Exam Pass Rate

consultmoiconsultmoi Member Posts: 6 ■□□□□□□□□□
I wonder what the pass rate is for CISM's that take the exam 50% or more or less I would think ?


  • Options
    badrottiebadrottie Member Posts: 116
    Much like the CISSP, I would wager the actual pass rate is somewhere between 50-70% for first time exam writers, but those figures are based upon second-hand information and are not official. I personally feel ISACA would have their work cut out for themselves to convince people to take an exam where the likelihood of passing approaches true randomness (which may be one reason why they do not release that statistic).
  • Options
    paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    I think there may have even been a similar thread on the topic before. I had looked at it a while back out of curiousity.

    My own estimate was to extrapolate the pass rate based on information in the ISACA annual reports.

    For CISM for the last 3 years:


    Total # CISM

    # Exam Takers










    If we assume that a large number of CISMs renewed (more than 99%) each year - we get:

    2011 - 61% passed
    2012 - 65% passed

    And if we assume that some percentage of the people that failed the exam, re-took it the next year, I think that an estimate of around 55%-60% is a good estimate for first-time exam-taker pass-rate.
  • Options
    scoparscopar Registered Users Posts: 3 ■□□□□□□□□□
    One thing to keep in mind is that exams like the CISM and CISA do not have any requirements to sit the exam. As such, the pass rate will tend to be lower as you can have a lot of low quality candidates (i.e. people who have not studied or do not have relevant experience) sitting the exam at any given time.

    So a 50% pass rate may not be indicative of how hard the exam really is, especially if you compare it to a program which has requirements/courses for sitting the final exam.
  • Options
    paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    That is certainly an interesting premise. But I think its unlikely, there are very few certification exams that that have such requirements. In fact, I cannot think of any. And I do not imagine that too many people would expend the dollars to pay for an exam if they do not meet the minimum professional experience to earn the ISACA designations.
  • Options
    JDMurrayJDMurray Admin Posts: 13,041 Admin
    The DoD has created a reason--if not a necessity--to pass the CISSP exam long before an exam candidate has the requisite experience to obtain the full certification. It's called "Meet DoDD 8570.01 or lose your job."

    One vendor of a desirable InfoSec cert (once again, thanks to the DoD) has a two-year professional experience requirement before you can take their exam, but a $100 "application fee" will get anybody around that requirement toot sweet.

    And once upon a time, TE had a very prominent member who had no problem with paying to take a bunch of certification exams that he wasn't professionally qualified for so he could legitimately put those cert keywords on his resume (along with full certification pending) to market himself as a consultant.

    It happens...
Sign In or Register to comment.