The Certified Information Security Manager (CISM) certification has become a leading credential for the management side of information security, with more than 38,000 such credentials awarded. The CISM recognizes individuals who design, develop and oversee an enterprise's information security.
The exam focuses on topics such as information security governance, information risk management and compliance, information security incident management, and information security program development and management.
To achieve CISM certification, candidates must pass a 200-question exam, then provide proof of work experience (a minimum of five years of professional-level information security; three years must be as a security manager in at least three of the job practice areas) and complete the application. Reported experience must be current (within 5 years of passing the exam or within 10 years preceding the application date).
The exam covers four job practice areas:
Domain 1—Information Security Governance (24%)
Domain 2—Information Risk Management (30%)
Domain 3—Information Security Program Development and Management (27%)
Domain 4—Information Security Incident Management (19%)
If you're short on the information security work experience requirement, a current CISA, Certified Information Systems Security Professional (CISSP) or postgraduate degree substitutes for two years of experience. The SANS Global Information Assurance Certification (GIAC), CompTIA Security+, Microsoft Certified Systems Engineer (MCSE), Disaster Recovery Institute Certified Business Continuity Professional (CBCP) or ESL IT Security Manager credentials count as one year of experience. Other substitutions also apply.
Who is it for?
Practicing and Prospective Accountants, Auditors, Internal Control officers, IS Security Officers, IT professionals, Bankers, Quality assurance Officers, Business Administrators, Risk managers.