What is a Certified Information Security Manager?

The Certified Information Security Manager (CISM) designation indicates a person’s expertise in information security governance, program development and management, and incident management and risk management. The CISM credential demonstrates technical knowledge and business strategy around overall data security.

Why is CISM Certification Important?

The CISM is consistently recognized as one of the top cybersecurity certifications worldwide. The CISM has proven their expertise in assessing, designing, managing and overseeing information security environments at the enterprise level. The CISM provides organization’s with expertise in information security governance, information risk management, information security program development and management, and information security incident management. 

Who Needs a CISM Credential?

The CISM certification is designed primarily for information security managers but is also common for IT/IS consultants, CIO’s and risk management professionals working with information security program management at the enterprise-level. According to ISACA, there are more than 32,000 CISM credential holders worldwide. 

How to Get CISM Certified

To qualify for the exam, ISACA requires a minimum of five years of information security work experience within 10 years of your certification, and at least three of those five years needs to be in a management or leadership role.

Who is the Certifying Association

The Certified Information Security Manager (CISM) certification is administered by an organization known as ISACA. CISM certification is accredited by the American National Standards Institute (ANSI) under ISO/IEC 17024:2003. CISM is a DoD Approved 8570 Baseline Certification and meets DoD 8140/8570 training requirements. 

Requirements to Stay Certified

The CISM policy requires the attainment of CPE hours over an annual and three-year certification period. CISMs must earn and report an annual minimum of twenty (20) CPE hours.