CISM®

CISM certification is for the individual who manages, designs, oversees and / or assesses an enterprise’s information security (IS). The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services.

CISM is more than an entry-level certification. It is specifically developed for the information security professional who has acquired experience working on the front lines of information security or managing those who do. Individuals with five years or more of experience managing information security will find CISM tailored to their expertise and the increasing global demand for high standards of certified professionalism.

The five-day CISM Certification Preparation Course is to prepare information security managers and those who have information security management responsibilities to pass the Certified Information Security Manager (CISM) certification examination.

Learners need to register for the CISM exam with ISACA (www.isaca.org) and in order to take the official examination, which is offered by ISACA annually in June and December.

Prerequisites

Registration for the CISM exam must be completed through ISACA International. Please visit the ISACA CISM page for more information on the exam and certification.

Exam objectives

The CISM Certification Board oversees the development of the exam and ensures the currency of its content. Questions for the CISM exam are developed through a comprehensive process designed to ensure the ultimate quality of the exam. The process includes a Test Enhancement Committee. Members of which work with item writers to develop and review questions before they are submitted to the CISM Certification Board for review.

The exam consists of 200 questions and is administered biannually in June and December during a four-hour session. For a current list of languages, please visit www.isaca.org/cismterminology

Exam preparation

ISACA offers CISM candidates many study aid options including a review manual and sample review questions, answers and explanations.

See www.isaca.org/cismguide to view the ISACA study aids that can help you with your preparation of a successful study plan. Order early as delivery time can be from one to four weeks depending on geographic location and custom clearance practices. For current shipping information see www.isaca.org/shipping.

Exam Curriculum

The detailed job content areas serve as a syllabus for the CISM exam. These tasks and knowledge statements were developed by the CISM Certification Board, validated by subject matter experts, and serve as the blueprint for the CISM exam’s content and emphasis. They are intended to be a comprehensive list of tasks performed by information security managers and the knowledge needed to perform these tasks.

The current practice areas for the CISM exam are:

Information Security Governance (23%)
Information Risk Management (22%)
Information Security Program Development (17%)
Information Security Program Management (24%)
Incident Management and Response (14%)

Administration of the CISM Exam

ISACA has contracted with an internationally recognized professional testing agency. This not-for-profit corporation engages in the development and administration of credentialing exams for certification and licensing purposes. It assists ISACA in the construction, administration and scoring of the CISM exam.

Admission Ticket

Approximately two to three weeks prior to the CISM exam date, candidates will receive a physical admission ticket and an e-ticket from ISACA. Tickets will indicate the date, registration time and location of the exam, as well as a schedule of events for that day and a list of materials candidates must bring with them to take the CISM exam.