Certified Information Security Manager
|This article needs additional citations for verification. (June 2007)|
The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.
The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance.
To gain the certifications, individuals must pass a written examination and have at least five years of information security experience with a minimum three years of information security management work experience in particular fields.
The CISM certifications tends to be sought after by both CISA and CISSP certification communities. ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives.
In principle, the CISM certification is related in nature to the Information Systems Security Management Professional (ISSMP) certification from the International Information Systems Security Certification Consortium.
The CISM requires demonstrated knowledge in four functional areas of information security The updated current job practice analysis contains the following domains and percentages:
- Information Security Governance (24%)
- Information Risk Management and Compliance (33%)
- Information Security Program Development and Management (25%)
- Information Security Incident Management (18%)
The exam consists of two hundred multiple-choice questions and is administered tri-annually in June, September(in selected location) and December during a four-hour session.