In a world where enterprise success is increasingly dependent on information systems and information technology, the trust customers, clients, employees and other stakeholders have for an enterprise can quickly dissipate in the face of a data security breach.
As the growing number of high-profile breaches demonstrates, information security failures can result in significant damage to an enterprise’s bottom line as well as its reputation. Demand for skilled information security management professionals continues to rise, and the uniquely management-focused CISM certification is the globally accepted standard of achievement in this area.
More than 40,000 professionals have obtained ISACA®’s Certified Information Security Manager® (CISM®) certification since it was introduced in 2002. Named Best Professional Certification Program in the 2018 SC Media Awards*, the certification affirms the proven, multifaceted expertise of its holders, and their ability to understand and articulate complex and challenging security management issues that can significantly impact enterprise success.
The first step to becoming CISM certified is to take and pass the CISM certification exam, consisting of 150 questions covering 4 job practice domains:
- Information Security Governance – Affirms the expertise to establish and/or maintain an information security governance framework (and supporting processes) to ensure that the information security strategy is aligned with organizational goals and objectives. Domain 1 confirms your ability to develop and oversee an information security governance framework to guide activities that support the information security strategy.
- Managing Information Risk – proficiency in this key realm denotes advanced ability to manage information risk to an acceptable level, in accordance with organizational risk appetite, while facilitating the attainment of organizational goals and objectives. Domain 2 demonstrates expertise in classifying information assets to ensure measures taken to protect those assets are proportional to their business value
- Developing and Managing an Information Security Program – establishes ability to develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning with business goals. Domain 3 attests to ability to ensure the information security program adds value while supporting operational objectives of other business functions (human resources, accounting, procurement, IT, etc.)
Information Security Incident Management – validates capacity to plan, establish and manage detection, investigation, response and recovery from information security incidents in order to minimize business impact. Domain 4 establishes your skills in accurately classifying and categorizing information security incidents and developing plans to ensure timely and effective response.