Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

CISM: Certified Information Security Manager

Best Information Security Certifications For 2017
By

The Certified Information Security Manager (CISM) is a top credential for IT professionals responsible for managing, developing and overseeing information security systems in enterprise-level applications, or for developing best organizational security practices. The CISM credential was introduced to security professionals in 2003 by the Information Systems Audit and Control Association (ISACA).

ISACA's organizational goals are specifically geared toward IT professionals interested in the highest quality standards with respect to audit, control and security of information systems. The CISM credential targets the needs of IT security professionals with enterprise-level security management responsibilities. Credential holders possess advanced and proven skills in security risk management, program development and management, governance, and incident management and response.

Designed for experienced security professionals, CISM credential holders must agree to ISACA's Code of Professional Ethics, pass a comprehensive examination, possess at least five years of security experience, comply with the Continuing Education Policy and submit a written application. Some combinations of education and experience may be substituted to meet the experience requirement.

ISACA members who register early pay $450 for the exam; nonmembers pay $635 for early registration. Regular registration fee for members is $500 and $685 for nonmembers. The CISM credential is valid for three years, and credential holders must pay an annual maintenance fee of $45 (ISACA members) or $85 (nonmembers). Credential holders are also required to obtain a minimum of 120 continuing professional education (CPE) credits over the three-year term to maintain the credential. At least 20 CPEs must be earned every year.

CISM Facts & Figures

Certification Name
Certified Information Security Manager (CISM)
Prerequisites & Required Courses
To obtain the CISM credential, candidates must do the following:

  1. Pass the CISM exam.

  2. Agree to the ISACA Code of Professional Ethics.

  3. Possess a minimum of five years of information security work experience, including at least three years of work experience in information security management in three or more of the job practice analysis areas. Experience must be verifiable and obtained in the preceding 10-year period prior to the application date or within five years after passing the exam. There are some exceptions to this requirement depending on current credentials held.

  4. Submit an application for CISM certification (processing fee is $50). Credential must be obtained within five years of passing the exam.

  5. Agree to the CISM Continuing Education Policy.
Number of Exams
One (only offered in June, September and December; candidates are encouraged to register early)
Cost of Exam
Online early registration: member $450, nonmember $63

Mailed/faxed early registration fee: member $525, nonmember $710

Online final registration deadline fee: member $500, nonmember $685

Mailed/faxed final registration deadline fee: member $575, nonmember $760
URL
http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx
Self-Study Materials
Training and study materials in various languages, information on Job Practice Areas, primary references, publications, articles, the ISACA Journal, review courses, exam prep community, terminology lists, a glossary and more are available at ISACA.org.

ISACA Certification Program

In addition to the CISM, ISACA offers numerous certifications for those interested in information security and best practices. Other credentials worth considering include the following:

  • Certified Information Systems Auditor (CISA)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified in Risk and Information Systems Control (CRISC)

The CISA designation was created for professionals working with information systems auditing, control or security. The CGEIT credential targets IT professionals working in enterprise IT management, governance, strategic alignment, value delivery and risk, and resource and performance management. IT professionals seeking careers in all aspects of risk management will find the CRISC credential nicely meets their needs.



MORE: ISACA Certs & Career Paths

Certified Information Security Manager (CISM) Training

360training.com offers an online course covering the CISM exam that's just over 14 hours long. The course features video lessons, hands-on demonstrations and a student workbook, and it covers all of the CISM exam domains. Topics include information security governance, concepts and technologies, how to create and implement an information security strategy, and risk and incident management.