QA is proud to be an official ISACA partner and offer you the official ISACA CISM Exam. CISM has been accepted as the universal standard to strive towards within the sphere of information security, thus depicting the qualification as a prominent representation of expertise and commitment. This causes CISM holders to be identified as the most certified professionals in the information security realm and means delegates can recognise the link between information security programs and the larger goals of the organisation.
Possession of the Certified Information Security Manager (CISM) certification displays precise knowledge, practice, and copious amounts of experience in the realm of information security management. This CISM training course takes into account practical issues, like the creation of information security programs, and incident management, whilst promoting security practices used globally. CISM teaches delegates how to tailor ever-changing technology to their enterprises. This enables the enterprises to emerge as a valuable organisation and may expand their client base due to their implementation of CISM certified individuals.
The examination is open to all individuals who have an interest in information security. A minimum of 5 years of professional information systems auditing, control or security work experience is required for the CISM certification.. You should have taken the QACISM training and be familiar with the CISM job practice domains before taking the exam.
The first step to becoming CISM certified is to take and pass the 4hr CISM certification exam, consisting of 150 questions, covering 4 job practice domains:
- Information Security Governance (24% of Exam)
- Affirms the expertise to establish and/or maintain an information security governance framework (and supporting processes) to ensure that the information security strategy is aligned with organizational goals and objectives.
- Domain 1 confirms your ability to develop and oversee an information security governance framework to guide activities that support the information security strategy.
- Managing Information Risk (30% of Exam)
- Proficiency in this key realm denotes advanced ability to manage information risk to an acceptable level, in accordance with organizational risk appetite, while facilitating the attainment of organizational goals and objectives.
- Domain 2 demonstrates expertise in classifying information assets to ensure measures taken to protect those assets are proportional to their business value.
- Developing and Managing an Information Security Program (27% of Exam)
- Establishes ability to develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning with business goals.
- Domain 3 attests to ability to ensure the information security program adds value while supporting operational objectives of other business functions (human resources, accounting, procurement, IT, etc.).
- Information Security Incident Management (19% of Exam)
- Validates capacity to plan, establish and manage detection, investigation, response and recovery from information security incidents in order to minimize business impact.
- Domain 4 establishes your skills in accurately classifying and categorizing information security incidents and developing plans to ensure timely and effective response.
ISACA exams are now administered all year round in what is known as Continuous Testing at PSI Centres. Exam candidates may register for the exam whenever they are ready to sit for the examination. There are no deadlines as to when an individual needs to register by.
When registering for Continuous Testing, exam candidates are provided with a 365-day exam eligibility period to sit for the examination. Individuals may schedule their examination for a location, date, and time that is most convenient to them (based on location and date availability). Individuals can schedule, and re-schedule, as many times as needed within their personal 365-day exam eligibility period. However, the only restriction is that you CANNOT reschedule within 48 hours of your original seat time. Individuals that do not reschedule 48-hours before their scheduled appointment, and cannot sit for the exam on the scheduled appointment day, will forfeit their exam registration fee. Because each registrant gets their own 365-day exam eligibility period, there is an increased chance you will find a seat time in a location and date that is most convenient to you.
Due to having 365 days to take the exam, exam candidates will be required to schedule and sit for their examination within their 365-day window. Individuals that do not sit for their exam before the end of their 365-day window will forfeit their exam registration fees.
Continuing Professional Education (CPE)
There is a Continuing Professional Education (CPE) policy in respect of qualified CISM professionals. The goal of this policy is to ensure that all CISMs maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control and security. CISMs who successfully comply with the ‘continuing professional education policy will be better trained to assess information systems and technology and provide leadership and value to their organisations’. The responsibility for setting the CPE requirements rests with the CISM Certification Board which oversees the process and requirements to ensure their applicability. Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours are required during a fixed three-year period.