CISM
What is CISM?
CISMAn ISACA management-level certification for information security managers covering governance, risk, program development, and incident management across four domains.
The Certified Information Security Manager (CISM) is issued by ISACA and is designed for security managers, program leads, and aspiring CISOs who need to align security with business strategy. The exam covers four domains: Information Security Governance, Information Security Risk Management, Information Security Program, and Incident Management. Candidates answer 150 multiple-choice questions over four hours and must score at least 450 on a 200 to 800 scale. CISM requires five years of work experience in information security management, with at least three years in three or more of the domains and the experience to be earned within the ten years prior to application or within five years of passing.
● Examples
- 01
A CISO uses CISM to demonstrate alignment of security program metrics with board reporting.
- 02
A security manager pairs CISM with CRISC to lead risk and program governance.
● Frequently asked questions
What is CISM?
An ISACA management-level certification for information security managers covering governance, risk, program development, and incident management across four domains. It belongs to the Compliance & Frameworks category of cybersecurity.
What does CISM mean?
An ISACA management-level certification for information security managers covering governance, risk, program development, and incident management across four domains.
How does CISM work?
The Certified Information Security Manager (CISM) is issued by ISACA and is designed for security managers, program leads, and aspiring CISOs who need to align security with business strategy. The exam covers four domains: Information Security Governance, Information Security Risk Management, Information Security Program, and Incident Management. Candidates answer 150 multiple-choice questions over four hours and must score at least 450 on a 200 to 800 scale. CISM requires five years of work experience in information security management, with at least three years in three or more of the domains and the experience to be earned within the ten years prior to application or within five years of passing.
How do you defend against CISM?
Defences for CISM typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CISM?
Common alternative names include: Certified Information Security Manager.
● Related terms
- compliance№ 177
CISSP
A senior-level vendor-neutral security certification from ISC2 covering eight domains of the Common Body of Knowledge and requiring five years of paid work experience.
- compliance№ 236
CRISC
An ISACA certification for IT risk and control professionals covering governance, IT risk assessment, response, reporting, and control selection across four domains.
- compliance№ 175
CISA
An ISACA certification for information systems auditors covering audit process, governance, acquisition, operations, and protection of information assets across five domains.
- compliance№ 150
CCSP
An ISC2 cloud security certification covering architecture, data protection, platform and infrastructure security, operations, and legal compliance across major cloud providers.
- compliance№ 442
GIAC Certifications
A family of role-based cybersecurity certifications issued by GIAC and aligned with SANS Institute training, covering operations, incident response, forensics, and penetration testing.
● See also
- № 205CompTIA Security+
- № 735NIST SP 800-30
- № 738NIST SP 800-61
- № 736NIST SP 800-37