Professional Documents
Culture Documents
Table of Contents
Overview ......................................................................................................................................... 3
Notices .......................................................................................................................................... 11
Page 1 of 11
Certified Information Security Manager (CISM)
Certified Information
Security Manager (CISM)
CISM_Intro.pptx
Page 2 of 11
Overview
Overview
Requirements for Certification
About the Exam
After the Exam
CISM Domains
Page 3 of 11
CISM Certification Requirements -1
Page 4 of 11
Adhere to ISACA's Code of
Professional Ethics and other
requirements; and to adhere, like
with all ISACA certifications, to agree
or comply with the continuing
education policy-- which is the
maintenance fees associated with it,
and a minimum of 20 continuing
professional education hours required
annually. But you also have to have
a minimum of 120 hours during a
fixed three-year period. So you have
to do more than the bare minimum.
You just have to have 20 per year
but you need to do more within three
years to stay current.
Page 5 of 11
CISM Certification Requirements -2
Page 6 of 11
About the Exam
• December Exam
— Early Registration: August
Twenty-four percent of it is
information security governance; how
to set up an information security
program; information risk
management and compliance, which
is part of your information security
management.
Page 7 of 11
And the last part, which is a lot of the
information that's new this year for
2013, is information security incident
management, with 18 percent.
Page 8 of 11
CISM Domains -1
CISM Domains -1
Candidate must have a thorough understanding of task and
knowledge statements in order to pass the CISM exam.
Domain 1 - Information Security (IS) Governance
• Establish and maintain a framework to provide assurance that IS
strategies are aligned with business objectives and consistent with
applicable laws and regulations.
Domain 2 - Information Risk Management and Compliance
• Identify and manage IS risks to achieve business objectives.
Page 9 of 11
recurring theme throughout all the
domains that everything we do in
information security management has
to be aligned with business
objectives; and we'll talk about this
numerous times.
CISM Domains -2
CISM Domains -2
Domain 3 - IS Program Development and Management
• Create and maintain a program to implement the IS strategy.
Page 10 of 11
As you'll notice in just describing the
four domains there's a lot of
crossover; and you'll see a lot of
repeated themes throughout.
Notices
Notices
© 2014 Carnegie Mellon University
This material is distributed by the Software Engineering Institute (SEI) only to course attendees for their
own individual study.
Except for the U.S. government purposes described below, this material SHALL NOT be reproduced or
used in any other manner without requesting formal permission from the Software Engineering Institute at
permission@sei.cmu.edu.
This material was created in the performance of Federal Government Contract Number FA8721-05-C-0003
with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded
research and development center. The U.S. government's rights to use, modify, reproduce, release,
perform, display, or disclose this material are restricted by the Rights in Technical Data-Noncommercial
Items clauses (DFAR 252-227.7013 and DFAR 252-227.7013 Alternate I) contained in the above identified
contract. Any reproduction of this material or portions thereof marked with this legend must also reproduce
the disclaimers contained on this slide.
Although the rights granted by contract do not require course attendance to use this material for U.S.
government purposes, the SEI recommends attendance to ensure proper understanding.
THE MATERIAL IS PROVIDED ON AN “AS IS” BASIS, AND CARNEGIE MELLON DISCLAIMS ANY AND
ALL WARRANTIES, IMPLIED OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO, WARRANTY OF
FITNESS FOR A PARTICULAR PURPOSE, RESULTS OBTAINED FROM USE OF THE MATERIAL,
MERCHANTABILITY, AND/OR NON-INFRINGEMENT).
Page 11 of 11