Certified Information Security Manager: Difference between revisions
No edit summary |
type |
||
Line 1: | Line 1: | ||
{{Refimprove|date=June 2007}} |
{{Refimprove|date=June 2007}} |
||
'''Certified Information Security Manager''' ('''CISM''') is a certification for [[information security management|information security managers]] awarded by the [[Information Systems Audit and Control Association]] (ISACA). To gain the certifications, |
'''Certified Information Security Manager''' ('''CISM''') is a certification for [[information security management|information security managers]] awarded by the [[Information Systems Audit and Control Association]] (ISACA). To gain the certifications, individuals must pass a written examination and have at least five years of [[information security]] experience with a minimum three years of [[information security management]] work experience in particular fields. |
||
The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on [[information risk management]] as the basis of information security. It also includes material on broader issues such as how to [[information security governance|govern information security]] as well as on practical issues such as developing and managing an information security program and [[incident management|managing incidents]]. |
The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on [[information risk management]] as the basis of information security. It also includes material on broader issues such as how to [[information security governance|govern information security]] as well as on practical issues such as developing and managing an information security program and [[incident management|managing incidents]]. |
Revision as of 02:40, 9 November 2007
This article needs additional citations for verification. (June 2007) |
Certified Information Security Manager (CISM) is a certification for information security managers awarded by the Information Systems Audit and Control Association (ISACA). To gain the certifications, individuals must pass a written examination and have at least five years of information security experience with a minimum three years of information security management work experience in particular fields.
The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.
The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance.
The CISM certifications tends to be sought after by both CISA and CISSP certification communities. ISACA deliberately created the CISM to help foster a better fusion between IT auditing and information security perspectives.
In principle, the CISM certification is related in nature to the Information Systems Security Management Professional certification from International Information Systems Security Certification Consortium.
In 2005, the United States Department of Defense listed CISM, CISA and CISSP as "approved" certifications for its "Information Assurance Workforce Improvement Program".[1]
Knowledge Domains
The CISM requires demonstrated knowledge in five functional areas of Information Security[2]:
- Information security governance
- Information risk management
- Information security program development
- Information security program management
- Incident management
See also
- Certified Information System Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Information Systems Security Management Professional (ISSMP)
- (ISC)²
- IT Governance Frameworks
References
- ^ http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf
- ^ Peltier, Thomas R., Peltier, Justin: Complete Guide to CISM Certification. Auerbach Publications, 2007. ISBN 0-8493-5356-4
External links
- CISM Certification - Information Systems Audit and Control Association
- CISM Training
- Free Resources from Shon Harris