CISM Exam and Certification

There are number of certifications which can one can pursue and obtain in the field of Information Security. The main ones are 
           (a) CISSP  (Certified Information Security System Professional) from (ISC)2 -   -  Very technical and exhaustive.
           (b) CISM (Certified Information Security Manager) from ISACA  - Focused on Management aspects and covers various standards and less technical than CISSP           
           (c) GIAC Security Essentials  from SANS. - focused on basics           
           (d) Lead Auditor ISO 270001 - very broad and based on the ISO standard

 In this post I am going to give you a brief overview of CISM certification  in terms of eligibility, procedure and study material required for this exam. ISACA, the body which conducts the CISM exam is a non profit independent organisation involved in providing certifications for Information Systems (IS), Security, Enterprise governance and management of IT. It also develops IS auditing and control standards such as COBIT for IT governance and management. It has four certifications, exams for which are held twice a year in June and December :-
          (a) CISA    -     Most popular one focused on IS auditing.
          (b) CISM    -     Focused on Information Security.
          (c) CRISC   -     Focused on Risk Management.
          (d) CGEIT   -    Focused on IT Governance.

          The CISM credential targets the needs of IT security professionals with enterprise level security management responsibilities. Credential holders require to possess advanced and proven skills in security risk management, program development and management, governance, and incident management and response to such incidents. This certification demonstrates competence in Information Security Manager Role. The CISM exam is held by ISACA twice a year in June and December. ISACA requires the applicant to have 5 years of relevant experience in the field of Information Security with 3 years in the role of Information Security Manager.

The procedure for obtaining the CISM designation is :-
(a)   Check if you meet the eligibility criteria for the exam  from ISACA website.
(b)  Register for the exam by paying the online fees. 350 to 450 $
(c)  Purchase the CISM Review Manual ($85) for studying for the exam  

Once you have passed the exam, you get the CISM credential by doing the following : -
(a)   Agree to ISACA code of Professional Ethics
(b)   Agree to comply with the CISM continuing education policy.
(c)   Submit verified evidence of five (5) years of work experience in the field of information security.
It is advisable to become an ISACA member as it gets you discounts on the exam as well as the study material.

The CISM exam tests your knowledge of Information Security management principles in role of Info Sec Manager in the four domains in the percentages listed below :-
(a)  Information Security Governance  (24% )
(b)   Information Risk Management and Compliance (23% )
(c)   Information Security Program Development and Management (25% )
(d)   Information Security Incident Management ( 18% )

The main sources for study for the exam are the following
(a)   CISM Review Manual 2012 - The manual is available for $85 ($110 for non member) plus $26 for international shipping from the ISACA website. www.isaca.org/cismbooks. It takes a week to 10 days to deliver to India.
(b)     CISM Practice Question Database v12 - This can be purchased from the ISACA website and is available as a software download.  If you feel you need additional material to prepare you can procure these questions from ISACA at a cost of $110.

Unfortunately, no other material is available from independent publishers for this exam. Majority of the applicants study from this manual  and question bank to clear the exam. More on the actual exam in a later post.

Comments

  1. UnknownDecember 14, 2014 at 11:29 PM

    nice blog !! i was looking for blogs related of iso certification india . then i found this blog from search engine and came to know about information security of india. this blog is really nice and knowledgeable.

    ReplyDelete
  2. UnknownJanuary 14, 2016 at 10:39 PM

    The things which I noted in this post are really marvelous… Exam Simulator

    ReplyDelete

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more