The Certified Information Security Manager

The Certified Information Security Manager (CISM) is a top credential for IT professionals responsible for managing, developing, and overseeing information security systems in enterprise level applications, or for developing best organizational security practices.

The CISM credential was introduced to security professionals in 2003 by ISACA, also known as the Information Systems Audit and Control Association. ISACA’s organizational goals are specifically geared to IT professionals interested in the highest quality standards with respect to audit, control, and security of information systems.

The CISM credential targets the needs of IT security professionals with enterprise level security management responsibilities. Credential holders possess advanced and proven skills in security risk management, program development and management, governance, and incident management and response to such incidents.

Designed for experienced security professionals, CISM credential holders must agree to the CISM Code of Professional Ethics, pass a comprehensive examination, possess at least five years’ security experience, and submit a written application to qualify. Some combinations of education and experience may be substituted to meet the experience requirement.

The exam is relatively inexpensive. ISACA members who register early can take the exam for as little as $425. Non-members can expect to pay around $615 USD for the exam.

The CISM credential is valid for three years. Credential holders must pay annual maintenance fees of $40 for ISACA members while non-members pay $85 annually. Credential holders are also required to obtain a minimum of 120 Continuing Professional Education, or CPE, credits over the three year term to maintain the credential. At least 20 CPEs must be earned each year.

ISACA also offers numerous other certifications for those interested in best practices and information security.  Other credentials worth considering include Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control certification (CRISC).

The CISA designation was created for professionals working in information systems auditing, control or security. The CGEIT credential targets IT professionals working with IT Enterprise in management, governance, strategic alignment, value delivery, and risk, resource and performance management. IT professionals seeking careers in all aspects of risk management will find that the CRISC credential nicely meets their needs.

For more information on CISM and other ISACA credentials, visit the ISACA Web site at http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/What-is-CISM/Pages/default.aspx.