CISM® Certified Information Security Manager
The CISM® (Certified Information Security Manager) certification is the primary certification for information security professionals who oversee, manage, design and/or assess an enterprise's information security.
A One-of-a-Kind Credential
The management-focused CISM is a unique certification for individuals who design, build and manage enterprise information security programs. The CISM certification promotes international practices and individuals earning the CISM become part of an elite peer network, attaining a one-of-a-kind credential.In comparison to other certifications, CISM covers a wide body of knowledge and is recommended by the sponsoring organization, ISACA, that those sitting for the CISM certification attend a CISM training session.
For those subject to DoD 8570.01-M "Information Assurance Workforce Improvement Program," ISACA's Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications are among those approved for DoD information assurance (IA) professionals.
Security University's offers an intensive5 day boot camp CISM reviewfor those wishing to prepare for the CISM exam.Our bootcamp is specifically designed to cover the new material that is on the 2010 exams. Each student progresses through a number of skill checks to ensure knowledge is retained. The CISM instructors are certified with the CISM designation, and serve on local ISACA boards.
Worldwide RecognitionAlthough certification may not be mandatory for you at this time, a growing number of organizations are recommending that employees become certified. To help ensure success in the global marketplace, it is vital to select a certification program based on universally accepted technical practices.
The CISM exam is offered annually during the months of June and December. register online
How to Earn Your CISM
To learn more about obtaining your CISM, click on the steps below.
- Step 1: Register for the Exam »
- Step 2: Prepare for the Exam »
- Step 3: Take the Exam »
- Step 4: Apply for Certification »
- Step 5: Maintain a Certification »
Exam Registration Fees
|Early registration received on or before 17 August||US $425||US $565|
|Final registrations received by 5 October||US $475||US $615|
*Register Online and save US $50 off the Mail/Fax rate! The online registration process will enable you to register for an exam, and purchase study aids and an ISACA membership, which will immediately provide significant exam-related discounts. The final step of the process will enable you to pay online using a credit card, or indicate that payment will follow by check or wire.
Note: Registration form and payment must be received on or before 17 August 2011 to qualify for the early registration rate.
- Register for the CISM Exam
- Exam Registration Information (Bulletin of Information)
- CISM Exam Candidate's Guide
- Exam Center Locations
- Exam Preparation
- Glossary (PDF, 72)
- Terminology Lists
- Frequently Asked Questions
Security University's CISM course...
|Time:||9am - 5pm|
|Location:||May 9-13 check schedule|
|CPE Credits:||40 CPE's|
|Instructor:||Mr. Ken Cutler|
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
This 5-day course is structured to follow the CISM review manual and examination flow. A full day is provided for each of the core competencies and associated task and knowledge statements, thereby ensuring a detailed and thorough coverage of all areas that will be tested The fundamental thrust of examination is on understanding the concepts and critical thinking, not on memorizing facts. As a result, the course will be presented in an interactive manner to ensure the underlying concepts are understood and examination questions can be analyzed properly to achieve the best answer.
1 Information Security Governance & Strategy
Information Security Governance Overview
Effective Information Security Governance
Information Security Concepts
Information Security Manager
Scope and Charter of IS Governance
Information Security Governance Metrics
Information Security Strategy Overview
Developing an Information Security Strategy
Information Security Strategy Objectives
Determining Current State of Security
Information Security Strategy
Action Plan for Strategy
Implementing Security Governance
Action Plan Intermediate Goals
2 Risk Management
Risk Management Overview
Risk Management Strategy
Effective IS Risk Management
IS Risk Management Concepts
Implementing Risk Management
Risk Assessment and Analysis Methodologies
Controls and Countermeasures
Information Resource Valuation
Recovery Time Objectives
Integration With Life Cycle Processes
Security Control Baselines
Risk Monitoring and Communication
Training and Awareness
3 Information Security Program Development
IS Program Development Overview
Effective IS Program Development
IS Program Development Concepts
Information Security Manager
Scope and Charter of IS Program Development
IS Program Development Objectives
Defining an IS Program Development Road Map
IS Program Resources
Implementing an IS Program
Information Infrastructure and Architecture
Physical and Environmental Controls
IS Program Integration
IS Program Development Metric
4 Information Security Program Management
IS Management Overview
Organizational Roles and Responsibilities
The IS Management Framework
Measuring IS Management Performance
Common IS Management Challenges
Determining the State of IS Management
IS Management Resources
Other IS Management Considerations
Implementing IS Management
5 Incident Management and Response
Incident Management and Response Overview
Incident Management Concepts
Scope and Charter of Incident Management
Information Security Manager
Incident Management Objectives
Incident Management Metrics and Indicators
Defining Incident Management Procedures
Incident Management Resources
Current State of Incident Response Capability
Developing an Incident Response Plan
Developing Response and Recovery Plans
Testing Response and Recovery Plans
Executing Response and Recovery Plans
Post event Reviews
Review Questions, Review of Practice Questions,Reference Materials and Glossary.
Requirements to Become a Certified Information Security Manager
To become a Certified Information Security Manager (CISM), an applicant must:
- Score a passing grade on the CISM exam. A passing score on the CISM exam, without completing the required work experience as outlined below, will only be valid for five years. If the applicant does not meet the CISM certification requirements within the five year period, the passing score will be voided.
- Submit payment for the CISM application processing fee of US $50 onine at www.isaca.org/cismpay . (For applications submitted after 1 June 2012.)
- Submit verified evidence of five (5) years of work experience in the field of information security. Three (3) of the five (5) years of work experience must be gained performing the role of an information security manager. In addition, this work experience must be broad and gained in three of the four job practice areas (see Verification of Work Experience form). The management portion of this experience must be earned while in an information security management position with responsibility for information security management programs or processes, or while working as an information security management consultant (where the CISM candidate has been actively engaged in the development and/or management of information security programs or processes for the client organization(s). Please note that in most cases work performed while in an IT audit or similar assurance role outside of the information security function cannot be considered as security management experience. Work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of initially passing the exam.
Substitutions for work performed in the role of an information security manager are not allowed. However, a maximum of two (2) years for general work experience in the field of information security may be substituted as follows:
• Two years of general work experience may be substituted for currently holding one of the following broad security-related certifications or a post-graduate degree:
– Certified Information Systems Auditor (CISA) in good standing or
– Certified Information Systems Security Professional (CISSP) in good standing or
– Post-graduate degree in information security or a related field (for example: business administration, information systems, information assurance)
• A maximum of one year of general information security work experience may be substituted for one of the following:
– One full year of information systems management experience or
– One full year of general security management experience
– Currently holding a skill-based or general security certification [(e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security+ CE , Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager].
For example, an applicant holding either a CISA or CISSP will qualify for two years of general information security experience substitution. However, the applicant also must possess a minimum of three years information security management work experience in three of the four job practice areas.
– Completion of an information security management program at an institution aligned with the Model Curriculum.
Exception: Two years as a full-time university instructor teaching the management of information security can be substituted for every one year of information security management experience.
- Agree to abide by the ISACA Code of Professional Ethics.
- Agree to abide by the CISM Continuing Education Policy which can be viewed at www.isaca.org/cismcpepolicy.
2. What is the date of the next CISM exam? www.isaca.org/examlocations .
3. When does registration begin for the next exam? You can register for the exam at www.isaca.org/examreg .
4. What is the registration deadline of the next exam and what are the fees?
Please visit www.isaca.org/cismboi for more details, including fees. Candidates can save US $50 on the exam registration fee by registering online .
5. Can I take the CISA, CISM, CGEIT and CRISC exams on the same day?
The CISA, CISM, CGEIT and CRISC exams are given simultaneously in a 4 hour time frame. It is not possible to take multiple exams on the same day .
6. Can I change my exam site or language?
Yes, changes to the exam site, language, exam type or name changes are permitted u
For name, exam site, language or exam type changes, please send an email to firstname.lastname@example.org . These changes do not include deferrals .
7. Can I defer my exam?
Candidates unable to take the exam can request a deferral of their registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit www.isaca.org/examdefer