The Certified Information Security Manager (CISM) certification is a globally recognized credential that signifies expertise in information security management. CISM-certified professionals are in high demand by organizations of all sizes that need to protect their information assets.
If you are interested in a career in information security, or if you are already working in the field and want to take your career to the next level, then the CISM certification is the right choice for you.
CISM is a difficult exam to clear. It is very important that you understand CISM prerequisites before you decide to take the exam. In this blog, we elaborate on all the required prerequisites for the CISM exam.
In this article –
- CISM Prerequisites
- Maintaining CISM certification
- CISM Exam-related information
- CISM domains
- Free CISM exam practice test
Getting CISM certification is a separate activity from passing the CISM exam.
CISM exam is open for all with no prerequisites as such, other than the examination fee. But after passing the exam, the candidate has to apply to ISACA for getting certification.
Below are the prerequisites for the CISM certification –
1. CISM examination
There are no requirements as such for taking the CISM exam. Anyone who is having an interest in the exam can register and take the exam.
You must prepare well and understand all four domains of the CISM exam.
We can divide the steps of taking the exam as below –
- Register for the exam
- Pay the examination fee
- Schedule the exam at your nearest center
- Prepare and clear the exam
All ISACA certification holders must agree to adhere to the ISACA code of professional ethics. Detail of those ethics can be found on the above link.
A member’s or certification holder’s conduct may be investigated as a result of a violation of this Code of Professional Ethics, which could lead to disciplinary action.
Anyone who observes a breach of the ISACA Code of Professional Ethics is able to file a complaint by following the procedure.
You have to pay annual maintenance fees and maintain a minimum of 20 contact hours of CPE.
CPE adherence is needed to guarantee that all CISMs maintain a sufficient level of current knowledge and proficiency, and maintain an individual’s competency.
Successful CISM who adhere to the CISM CPE Policy will be more qualified to manage, plan, monitor, and evaluate the information security of an organization.
4. Minimum work experience requirement
- CISM certification requires candidates to have a minimum of 5 years of professional experience in the Information security field
- This experience must be within the past 10-year period
Additionally, you can apply for a waiver of one year of experience if –
- You have one-year additional information systems management experience
- You have general security management experience
- Skill-based security certifications – GIAC, MCSE, Security+ etc.
5. Apply to Get Certified
Once you fulfill all the above requirements, you must apply for the CISM certification.
Before applying you must –
- Within the recent five years, have pass the CISM exam.
- Have the relevant full-time work experience
- Submit the CISM Certification Application including the application processing fee.
Maintaining CISM certification
Achieving CPE hours across an annual and three-year certification period is required by the CISM CPE policy.
CISM professionals must follow below to maintain their certification:
- Earn and report an annual minimum of 20 CPE hours.
- A minimum of 120 CPE hours must be accrued and reported over a three-year reporting cycle.
- CISM’s annual maintenance cost is $85 for non-members and $45 for members.
- Comply with the annual CPE audit if selected
- Comply with ISACA’s Code of Professional Ethics
CISM Exam related information
|Number of questions||150|
|Exam format||Multiple choice|
|Passing marks||450 out of 800|
CISM exam constitutes of following four domains. The table below also shows what percentage of exam questions will come from each domain.
|1||Information Security Governance||17|
|2||Information Risk Management||20|
|3||Information Security Program Development and Management||33|
|4||Information Security Incident Management||30|
More on CISM :
Prepare for CISM: