Certified Information Security Manager
Encyclopedia
Certified Information Security Manager (CISM) is a certification for information security managers
awarded by ISACA (formerly the Information Systems Audit and Control Association). To gain the certifications, individuals must pass a written examination and have at least five years of information security
experience with a minimum three years of information security management
work experience in particular fields.
The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security
as well as on practical issues such as developing and managing an information security program and managing incidents
.
The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance
.
The CISM certifications tends to be sought after by both CISA
and CISSP certification communities. ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives.
In principle, the CISM certification is related in nature to the Information Systems Security Management Professional certification from the International Information Systems Security Certification Consortium.
In 2005, the United States Department of Defense
listed CISM, CISA and CISSP as "approved" certifications for its "Information Assurance Workforce Improvement Program".
:
Information Security Management
Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage...
awarded by ISACA (formerly the Information Systems Audit and Control Association). To gain the certifications, individuals must pass a written examination and have at least five years of information security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
experience with a minimum three years of information security management
Information Security Management
Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage...
work experience in particular fields.
The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security
Information Security Governance
Information Security Governance, Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management.- Applicable Frameworks :*- See also :...
as well as on practical issues such as developing and managing an information security program and managing incidents
Incident management
Incident Management refers to the activities of an organization to identify, analyze and correct hazards. For instance, a fire in a factory would be a risk that realized, or an incident that happened...
.
The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance
Corporate governance
Corporate governance is a number of processes, customs, policies, laws, and institutions which have impact on the way a company is controlled...
.
The CISM certifications tends to be sought after by both CISA
Certified Information System Auditor
Certified Information Systems Auditor is a professional certification for Information Technology Audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association...
and CISSP certification communities. ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives.
In principle, the CISM certification is related in nature to the Information Systems Security Management Professional certification from the International Information Systems Security Certification Consortium.
In 2005, the United States Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
listed CISM, CISA and CISSP as "approved" certifications for its "Information Assurance Workforce Improvement Program".
Knowledge Domains
The CISM requires demonstrated knowledge in five functional areas of Information SecurityInformation security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
:
- Information Security GovernanceInformation Security GovernanceInformation Security Governance, Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management.- Applicable Frameworks :*- See also :...
- Information risk management
- Information security program development
- Information security program management
- Incident management