CONTACT

Certified Information Security Manager (CISM)

Overview

The Certified Information Security Manager (CISM) certification, offered by ISACA, is a globally recognized credential designed for information security professionals who manage, design, oversee, and assess an enterprise’s information security program. 

The CISM certification validates an individual’s expertise in information security governance, risk management, program development and management, and incident management. It demonstrates the ability to align information security initiatives with organizational goals and objectives, manage information security risks effectively, and establish and maintain a robust information security program.

 

Target Audience

The CISM certification is ideal for experienced information security managers, IT managers, security consultants, and other professionals responsible for managing and overseeing information security within their organizations.

 

Objectives

These domains and their associated objectives provide a comprehensive framework for managing information security within an organization and preparing for the CISM certification exam. Candidates are expected to demonstrate proficiency in each domain to successfully pass the exam and earn the CISM certification.

  • Domain 1: Information Security Governance
    • Establish and maintain an information security governance framework and supporting processes to ensure that the information security strategy aligns with organizational goals and objectives.
    • Develop and maintain an information security strategy and roadmap based on organizational priorities and risk appetite.
    • Establish and maintain information security policies, standards, procedures, and guidelines to ensure compliance with regulatory and contractual requirements.
    • Define roles and responsibilities for information security within the organization and ensure accountability for information security management.
  • Domain 2: Information Risk Management
    • Identify, assess, and prioritize information security risks to the organization’s assets, including people, processes, and technology.
    • Develop and implement risk treatment plans to mitigate, transfer, accept, or avoid identified risks.
    • Monitor and report on information security risks and compliance with risk management policies and procedures.
    • Integrate information risk management into the organization’s overall risk management process to ensure alignment with business objectives and risk tolerance.
  • Domain 3: Information Security Program Development and Management
    • Develop, implement, and manage an information security program that aligns with the organization’s business objectives and risk management strategy.
    • Establish and maintain information security policies, standards, procedures, and guidelines to protect the confidentiality, integrity, and availability of information assets.
    • Develop and implement security awareness and training programs to educate employees and contractors about their roles and responsibilities in safeguarding information assets.
    • Monitor and evaluate the effectiveness of the information security program and make improvements based on lessons learned and emerging threats.
  • Domain 4: Information Security Incident Management
    • Develop and implement an incident response plan to detect, respond to, and recover from information security incidents.
    • Establish and maintain incident response procedures and guidelines to ensure a timely and effective response to incidents.
    • Coordinate incident response activities with internal and external stakeholders, including IT, legal, human resources, and law enforcement agencies.
    • Conduct post-incident reviews to identify root causes, lessons learned, and opportunities for improvement in the incident response process.

 

Benefits

  • Global Recognition: The CISM certification is widely recognized and respected by employers, government agencies, and industry professionals worldwide as a benchmark for excellence in information security management.
  • Career Advancement: Holding the CISM certification can enhance career opportunities and advancement prospects for information security professionals. It demonstrates a high level of expertise and competence in information security management, making certified individuals highly sought after by employers.
  • Increased Credibility: The CISM certification validates an individual’s knowledge, skills, and experience in information security management, enhancing their credibility and reputation within the industry.
  • Professional Development: Earning the CISM certification requires candidates to acquire and demonstrate proficiency in key areas of information security management, providing opportunities for continuous professional development and growth.
  • Networking Opportunities: CISM certification holders become part of a global community of information security professionals, providing networking opportunities, collaboration possibilities, and access to resources and insights within the industry.
  • Higher Earning Potential: CISM certification holders typically command higher salaries compared to their non-certified counterparts. The certification demonstrates expertise in a specialized and in-demand field, leading to better compensation packages and career advancement opportunities.
  • Overall, the CISM certification is an essential credential for information security professionals seeking to advance their careers, demonstrate their expertise in information security management, and contribute effectively to their organizations’ security posture and resilience.

 

Prerequisites

  • Experience: Candidates must have a minimum of five years of experience in information security management, with a minimum of three years of experience in three or more of the following CISM domains:
    • Information Security Governance
    • Information Risk Management
    • Information Security Program Development and Management
    • Information Security Incident Management
  • Adherence to Code of Professional Ethics: Candidates must agree to adhere to ISACA’s Code of Professional Ethics, which outlines the ethical standards and principles that govern the behavior and conduct of certified professionals.
  • It’s important to note that meeting these prerequisites is necessary to become eligible to take the CISM certification exam. Additionally, candidates should ensure that they meet these requirements before applying for the certification to avoid any complications during the application process.
  • ISACA periodically reviews and updates its certification requirements, so it’s a good idea to check the official ISACA website or contact ISACA directly for the most up-to-date information regarding CISM certification prerequisites.

 

Exam Details

To earn the CISM certification, candidates must pass a single exam covering four domains:

  • 4 hours (240 minutes)
  • 150 multiple choice questions
  • Domain 1 – Information Security
    Governance (17%)
  • Domain 2 – Information Security
    Risk Management
    (20%)
  • Domain 3 – Information Security
    Program (33%)
  • Domain 4 – Incident Management
    (30%)

 

Class Duration

4 days

 

Certified Information Security Manager (CISM)

$1,995.00

Upcoming Classes

January 7, 2025 - January 11, 2025

Related products

Facebook X-twitter Youtube Linkedin
© 2024 SteppingStone Solutions, Inc.  –  All Rights Reserved