The Certified Information Systems Manager (CISM) credential is offered by ISACA and is roughly equivalent to the CISA IT Audit credential.
This is a certification for IT security administrators that, like CISA, focuses on information risk management, information security governance, incident management, and information security program development and management, and combines technical IT and business knowledge. We aim to achieve a balance of understanding.
A four-hour multiple-choice exam and five years of relevant experience in an information security management role are required, although some of this may be waived with other relevant experience. Holders can use the postnominal letters “CISM” and their status can be checked on the ISACA website.
How do I earn the CISM certification?
To qualify, you must do two things:pass multiple choice testshow relevance experience. As with other ISACA qualifications, he can receive a 1-2 year deferral from the experience requirements of the relevant degree or qualification. You also need to:
-
Comply with the Code of Professional Ethics. – I agree to abide by the ISACA Code of Professional Ethics, which sets standards for professional conduct and performance.
-
Submit the CISM application. – Once you pass the exam, verify your work experience and compliance with the Code of Professional Ethics and submit your CISM application.
-
Comply with continuing professional education (CPE) requirements. – Maintain your CISM certification by earning and reporting CPE hours each year and stay up to date with the latest developments in information security.
What is covered?
The syllabus is divided into four areas. To pass the exam, you need to do well in all areas, but just like CISA, some areas are more important than others.
-
Information security governance (17%)
This domain provides thorough insight into the culture, regulations, and structures involved in corporate governance, as well as the ability to analyze, plan, and develop information security strategies.
Extensive information security management experience and certifications such as SSCP or CISSP from ISC2 will be helpful in this task.
-
Information security risk management (20%)
This not only enables analysis and identification of potential information security risks, threats and vulnerabilities, but also provides all the information on information security risk identification and countermeasures that need to be carried out at the management level. The purpose is
Previous experience with operational risk or broader risk management certifications will be helpful here.
-
Information security program (33%)
This domain covers the management of information security programs, including security controls, testing, communication, reporting and implementation, as well as resources, asset classifications, and frameworks for information security.
-
Incident management (30%)
This domain provides in-depth training on risk management and preparedness, including how to prepare your company to respond to incidents and guide recovery. The second module covers tools for incident management, assessment, and containment methods.
This does not require any hands-on forensic experience. Incident management is important, not technical handling. However, if you have experience with security operations (SOC), incident response (CERT), or forensic processes, this will help.
Is it suitable for IT auditors and assurance professionals?
This is a great option for those who want to demonstrate their knowledge of information security, which is also included in 26% of the CISA qualification. This is also a great idea if you are considering moving from IT auditing to information security management or cyber security fields in the future. Although by no means necessary, CISA and his CISM are mutually reinforcing, which is why so many people get both. An alternative “addition” to CISA is his CISSP in ISC2. Many people, including myself, who transitioned from IT auditing to information security have CISA and CISSP. However, if you are considering taking CISM and CISSP, most people take her CISM first as it is considered easier. This is because the CISSP syllabus covers a wide range of technical fields.
How long does it take?
If you have previous non-audit management or information security experience, good IT knowledge, and a strong business background, you may find this job quite easy. However, the syllabus is very broad and distinctly different from CISA, so it would be unwise to become complacent. You can prepare for the exam over a few months by taking relevant courses and reading up on your weak areas.
If you do well on the question bank quizzes in all areas, you should be able to do well on the exam.
See the letters after your name?
Yes, you can use the letters CISM as long as you keep your certifications current.
Do I need to do CPD?
yes. Similar to CISA, you will need 20 hours of verifiable CPD per year, totaling 120 hours over three years. However, if you don't have time to attend a one-week course each year, ISACA chapters hold regular seminars where you can complete the seminars by answering quizzes published in the diary and participating in chapter activities. You can also take CPD.
How do I start earning my CISM certification?
Visit the CISM page on the ISACA website to register.
*** This is a Security Bloggers Network syndicated blog from Palmer on Cyber written by Matt Palmer. Read the original post: https://mattpalmer.net/palmeroncyber/isaca-cism-certified
