The CISM® designation focuses on information security, or those who manage an information security programme enterprise wide, and certifies that they have the experience and knowledge necessary to provide effective management and consulting services. CISM defines the core competencies and international performance standards that those who have information security responsibilities are expected to master.
“When I advise organisations on the competency model and job profile they should look for when they are searching for a chief security officer, I always recommend they seek out individuals with the CISM certification. The CISM certification has become the leading credential for the business of information security. It differentiates itself from traditional information security certifications by focusing on the business and risk management issues associated with information security.”
John Pironti, CISM, CISA, CGEIT, Chief Information Risk Strategist, CompuCom, USA
Organisations employing a CISM can be assured they are getting a professional who has earned a credential that is known and respected around the world. More than 10,000 Information security professionals from 80-plus countries have earned their CISM designation.
The American National Standards Institute (ANSI) has accredited the CISA certification under ISO/IEC 17024. This standard specifies the requirements to be followed by
- organisations certifying individuals against specific PERSONNEL CERTIFICATION requirements and is expected to play a prominent role in facilitating global standardisation, public safety and protecting consumers. Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for openness, balance, consensus and due process.
- Distinguished himself or herself from other industry or certified professionals
- Followed a career path to demonstrate information security management knowledge and skill
- Committed to maintaining skills through ongoing professional development
The CISM programme requires certified individuals to:
- Acquire five years (three as an information security manager) of experience in information and security
- Pass a rigorous exam
Comply with annual requirements for continuing professional education