Certified Information Security Manager

Certified Information Security Manager

Certified Information Security Manager (CISM) is a certification for information security managers awarded by ISACA (formerly the Information Systems Audit and Control Association). To gain the certifications, individuals must pass a written examination and have at least five years of information security experience with a minimum three years of information security management work experience in particular fields.

The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.

The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance.

The CISM certifications tends to be sought after by both CISA and CISSP certification communities. ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives.

In principle, the CISM certification is related in nature to the Information Systems Security Management Professional certification from the International Information Systems Security Certification Consortium.

In 2005, the United States Department of Defense listed CISM, CISA and CISSP as "approved" certifications for its "Information Assurance Workforce Improvement Program".[1]


Knowledge Domains

The CISM requires demonstrated knowledge in five functional areas of Information Security[2]:

  • Information Security Governance
  • Information risk management
  • Information security program development
  • Information security program management
  • Incident management

See also

  • IT Governance Frameworks


  1. ^ DoD 8570.01-M, December 19, 2005
  2. ^ Peltier, Thomas R., Peltier, Justin: Complete Guide to CISM Certification. Auerbach Publications, 2007. ISBN 0-8493-5356-4

External links

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Certified Information Security Manager — (CISM) est une certification professionnelle pour les managers en sécurité de l information délivrée par Information Systems Audit and Control Association (ISACA). Sommaire 1 Sujets 2 Voir aussi 3 Références …   Wikipédia en Français

  • Certified Information Security Manager — CISM (Certified Information Security Manager) ist eine IT Sicherheits Zertifizierung. Es soll erfahrenen Führungs und Fachkräften die Möglichkeit gegeben werden, ihre Qualifikation hinsichtlich der Planung, der Umsetzung sowie der Steuerung und… …   Deutsch Wikipedia

  • Information security professionalism — is the set of knowledge that people working in Information security and similar fields (Information Assurance and Computer security) should have and eventually demonstrate through certifications from well respected organizations. It also… …   Wikipedia

  • Information Security Governance — Information Security Governance, Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management. Applicable Frameworks *… …   Wikipedia

  • Information Security Management — Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) are controls that… …   Wikipedia

  • Certified Information Systems Auditor — [1] Certified Information Systems Auditor (CISA) is a professional certification for Information Technology Audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association. Candidates for the certification… …   Wikipedia

  • Certified Information Systems Auditor — Der Certified Information Systems Auditor (CISA) ist eine weltweit anerkannte Zertifizierung im Bereich Revision, Kontrolle und Sicherheit von Informationssystemen. Seit der Einführung 1978 wurden mehr als 75.000 Personen in 160 Ländern als CISA… …   Deutsch Wikipedia

  • Certified Information Systems Security Professional — CISSP (en anglais : Certified Information Systems Security Professional), est une certification professionnelle internationale et commercialement indépendante en sécurité des systèmes d information. Le programme de certification est géré par …   Wikipédia en Français

  • Certified Payment-Card Industry Security Manager — (CPISM) is an independent payments industry certification governed by the Society of Payment Security Professionals (commonly known as the SPSP). The CPISM is the de facto certification for payment security professionals. This certification is… …   Wikipedia

  • Information Systems Audit And Control Association — L Information Systems Audit and Control Association (ISACA) est une association internationale dont l objectif est d améliorer les processus et méthodologie des audits informatiques. Elle est aussi l organisme promoteur de la méthode COBIT et est …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”