(Information taken from CISM Fact Sheet at www.isaca.org)

 

Background

Designed for experienced information security managers, the CISM designation is a groundbreaking credential earned by more than 6,000 professionals since it was established in 2002.  More than 3,000 professionals registered for the 2005 CISM exams.

To earn the CISM designation, candidates are required to:

• Successfully pass the CISM examination, which is offered twice annually in three languages
• Adhere to ISACA’s Code of Professional Ethics and agree to comply with a continuing professional education policy
• Submit proof of five years of work experience in the field of information security, with at least three years in the role of information security manager

CISM Recognition

• A 2006 study by the Foote Partners LLC named CISM one of the highest-paying IT certifications and a hot tech skill certification (indicating an annual growth of greater than 11 percent).
• “Information security governance is another focus area for organisations. This ensures that the efforts and direction of information security programmes are in line with the business goals of the organization. To this end, it is worth considering the CISM certificate from the Information Systems Audit and Control Association (ISACA).”  Source: Avinash Kadam, Computer Weekly, 16 May 2006
• The US Department of Defense includes the CISM certification in the list of approved certifications for its information assurance professionals.
• “CISM is designed for security professionals who manage, design, oversee and assess their enterprises’ information security systems. This certification does a good job of tying security practices and business practices together.” Source: Certification Magazine, November 2005
• "The CISSP certification long ago made the gold standard, but infosec execs are now wisely adding the new CISM certification. Why the push? The advanced-level CISM better addresses the interdependency between business needs and IT security by focusing on risk management and security organizational issues.  Who's needed? Three-quarters of pros who have earned CISM have CISSP or CISA. Over half of 2005 CISM exam takers have one or both." Source, David Foote of Foote Partners LLC, SC Magazine, July 2005
• “We look at what’s important to firms, and [CISM] matches perfectly,” David Foote, president and chief research officer of Foote Partners LLC, says in the 9 November 2004 edition of SC Magazine.
  

CISM in the Workplace

• More than 1,000 CISMs serve as CIOs, CEOs or IS security directors.
• More than 2,000 CISMs serve as an information security manager or in a related information security position.
• Nearly 1,000 CISMs are employed in security consulting or training positions.

More information about the CISM Exam

Certification Requirements
CISM Frequently Asked Questions

CISM Exam Reference Materials
CISM Bulletin of Information

CISM Exam Registration Form

CISM Continuing Education Requirement