Certified Information Security Manager, otherwise known as the CISM
, is considered a certification for advanced IT professionals who wish to demonstrate that they could be developing and managing an infosec program at the enterprise level. It is being offered by ISACA, a nonprofit professional association focused on IT governance, as well as focusing on four core areas:
• Information risk management and compliance
• Information security incident management
• Information security management
• Information security program development and management
CISM requirements and prerequisites
There are certain things that you require to be certified with CISM. Let's have a look:
• You are required to pass the CISM exam, and
• You are required to demonstrate a minimum required amount of work experience
You would have about five years of experience in information security and that too within the decade to meet that second requirement, before you apply for the certification, with three years of management experience in three or more of the core areas that are listed above, which ISACA would be referring to as job practice areas. There would be some twist room here: Certain lower-level certifications could stand in for years of experience, as well as time spent teaching infosec at the university level could substitute as well. But clearly, this isn't a certification for beginners: you are required to have been around the block a while and have worked in management for some time.
One of the interesting facets of this prerequisite would be that you wouldn't require to fulfilling the entire job experience required for beginning the process of getting your CISM certification
. You would be able to take the exam even if you wouldn't possess enough professional experience for qualifying for the certificate. If you clear it, you could apply for the certification once you have gained the required expertise within the next five years. ISACA considers this practice acceptable and conveys that it is common.
The CISM exam is considered to be at the heart of the certification. It would consist of all four of the job practice areas outlined above, more or less equally. There would be a comprehensive breakdown of the critical domains, subtopics, as well as tasks on which you would be tested on ISACA's website. You would require creating an account with ISACA for accessing that link, but don't worry, as it is free of charge. Ammar Hasayen, a blogger, has a pretty good breakdown of what sort of real-world topics you could be expected under the umbrellas of each of those domains. For example, information security governance questions would be focused on observing how you would have developed both an infosec strategy and a framework that would guide organizational activities for supporting that strategy.
The CISM exam could be taken either online or physically, consists of 200 questions, and, like the SAT, would be scored on a scale of 200 to 800, with 450 being a score to pass. If you don't give, you would be able to retake the exam as often as four times a year. Also, like the SAT, the CISM exam
is considered to be multiple choice exams.
Now that you have got everything you know about CISM's essential qualification, you must be looking forward to gaining it in a single attempt; you must go for CISM Practice Exams offered by the SPOTO. CISM questions and answers
provided by the SPOTO are considered your best bet of clearing the same in a single attempt.
Recommend CISM exam study materials:
CISM vs. CISSP: What’s the true value?
Is it possible to get CISM certified without any security-related work experience?
Which would be the best online source to get CISM Dumps?
How to pass the CISM exam in the first attempt?
What study material should I use for CISM certification?
What Would Be the Advantages of Having a CISM Certification?