The Certified Information Security Manager (CISM) designation was founded in 2002 by ISACA. It is a specialist certification within Information Security. The CISM designation is for those who work in a managerial position with Information Security. The certification needs to be renewed every third year and is accredited by American National Standards Institute (ANSI) according to ISO 17024. The exam consists of 200 questions to be answered in 4 hours.

 Eligibility to get CISM certification

1. Pass the CISM exam successfully.
2. Adhere to ISACA's Code of Professional Ethics.
3. Agree to continue training.
4. 5 years of information security work experience.
5. 3 years of information security management work experience, in more then 3 of the job practice analysis areas.
   The work experience must be within the previous ten-year period before the application date for certification or within five years from the date of passing the exam.
   CISA-, CISSP certification or some university studies may replace 2 years of work experience.
   Certain certifiecations may replace 1 year information security management work experience.

Areas of knowledge tested on the exam

• 23% Information Security Governance
• 22% Information Risk Management
• 17% Information Security Program Development
• 24% Information Security Program Management
• 14% Incident Management and Response

Re- certification requirements, every third year.

1. 120 credits Continuing Professional Education (CPE)
2. Adhere to ISACA's Code of Professional Ethics

Please contact Security Manager or visit www.isaca.org for more information.