Certified Information Security Manager

What Does Certified Information Security Manager Mean?

Certified Information Security Manager (CISM) is a vendor-neutral security management certification granted by ISACA. This advanced certification provides employers and business partners with documentation that the certificate holder has the work experience and knowledge to manage an organization’s information and communication technology (ICT).

The exam for this certification is multiple-choice, has 150 questions and takes four hours to complete. Candidates for this advanced certification are encouraged to have a college degree or successfully complete an information security bootcamp before taking the exam, which evaluates knowledge in the following areas:

• Information security incident management
• Information risk management
• Information security governance
• Information security program development and management

Techopedia Explains Certified Information Security Manager

ISACA’s Certified Information Security Manager (CISM) certification is intended for information technology professionals who have work experience in security and want to move into a managerial role.

While both CISSP and CISM certifications are geared toward information security professionals, CISM is often considered to be a more advanced certification because it requires the candidate to demonstrate their knowledge of cybersecurity best practices from an international, business point of view.

CISM certification is valid for five years if the recipient does the following:

• Completes a minimum of 120 hours of continuing education within a three-year period, with a minimum of 20 hours of continuing professional education each year.
• Submits verification of three or more years work experience management in infosec within five years of passing the exam. At least one year’s work has to focus on security management, one year has to focus on risk management and one year has to focus on information security program development.
• Honors ISACA’s annual maintenance fees.

CISM certifications verify the certificate owner’s working knowledge of risk management, incident management, program development and information governance.