ISACA, formerly the Information Systems Audit and Control Association, currently has more than 100,000 members in over 180 countries worldwide. The organization is dedicated to information systems security and management professionals and offers four distinct certifications for those looking to validate their skills and experience. One such ISACA certification provides the designation of Certified Information Security Manager (CISM).
Overview of CISM Certification
The CISM certification is for information technology (IT) professionals who design, assess and manage information security systems. It covers the following four knowledge domains:
- Information Security Governance
- Information Risk Management and Compliance
- Information Security Program Development and Management
- Information Security Incident Management
In order to qualify for certification, candidates must meet a number of requirements:
- Gain a minimum of five years of work experience in information security.
- Pass the CISM certification exam.
- Abide by the terms of the ISACA Code of Professional Ethics.
- Meet Continuing Professional Education (CPE) requirements.
At least three years of professional experience must involve three or more CISM knowledge domains. Certain substitutions (e.g., other types of work experience, additional education achievements) can count for up to two of the five total years of required experience. For more information about qualifying substitutions, see the How to Become CISM Certified page on the ISACA website.
Candidates have up to five years after passing the certification exam to gain the required amount of professional experience, and they cannot become certified until they have completed those five years.
CISM Certification Exam Details
The exam consists of 200 multiple-choice questions for test takers to complete in four hours. The contents of the exam are based on the four CISM knowledge domains. The following is an estimated percentage of how much exam material is devoted to each domain:
- Information Security Governance (24%)
- Information Risk Management and Compliance (33%)
- Information Security Program Development and Management (25%)
- Information Security Incident Management (18%)
The exam is scored on a sliding scale of 200 (worst) to 800 (best). Candidates need at least a 450 to pass. Candidates typically receive their results within five weeks of taking the test.
The CISM certification exam is only offered twice per calendar year. The registration deadline is two months prior to the exam date. The ISACA Certification Department Registration manages exam admissions.
Renewing the CISM Certification
The CISM certification is valid for three years. CISM holders must fulfill the following requirements during each three-year certification period:
- Earn and provide evidence of 120 Continuing Professional Education (CPE) hours per year, with no less than 20 CPE hours earned in any given year.
- Pay the annual CPE maintenance fees.
- Continue to comply with the ISACA Code of Professional Ethics.
To earn a "CPE Hour," a CISM holder must log fifty minutes of participation in a qualifying ISACA professional education meeting and/or event. For more information about CPE Hours, individuals can visit the Maintain Your CISM page on the ISACA website.
By earning a CISM certification, professionals can demonstrate their proficiency in information security, particularly in development and management of information security programs. They can also help affirm their value to potential and current employers.
How to Become CISM Certified, ISACA, http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/How-to-Become-Certified/Pages/default.aspx
ISACA Fact Sheet, ISACA, http://www.isaca.org/About-ISACA/Press-room/Pages/ISACA-Fact-Sheet.aspx
Job Practice Areas, ISACA, http://www.isaca.org/CERTIFICATION/CISM-CERTIFIED-INFORMATION-SECURITY-MANAGER/JOB-PRACTICE-AREAS/Pages/default.aspx
Maintain Your CISA, ISACA, http://www.isaca.org/CERTIFICATION/CISM-CERTIFIED-INFORMATION-SECURITY-MANAGER/MAINTAIN-YOUR-CISM/Pages/default.aspx
Prepare for the CISA Exam, ISACA, http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Prepare-for-the-Exam/Pages/default.aspx
The Benefits of CISM, ISACA, http://www.isaca.org/CERTIFICATION/CISM-CERTIFIED-INFORMATION-SECURITY-MANAGER/WHAT-IS-CISM/Pages/default.aspx