What is CISM?
CISM means higher earning potential and career advancement. Recent independent studies consistently rank CISM as one of the highest paying and sought after IT certifications.
Enhance your competitive advantage
Demonstrate your information security management expertise.
The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages, designs, and oversees and assesses an enterprise’s information security.
The Benefits of CISM
Get the certification that distinguishes you as having knowledge and experience in the development and management of an information security program.
CISM Impacts Your Career and Your Organization
The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area.
CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.
Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives
Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program
Puts you in an elite peer network
Is considered essential to ongoing education, career progression and value delivery to enterprises.
Why Employers Hire CISMs?
Enterprises and government agencies increasingly recognize, require and expect their IS and IT professionals to hold CISM certification. .
Identify critical issues and customize company-specific practices to support the governance of information and related technologies
Bring credibility to the enterprise for which they are employed
Take a comprehensive view of information systems security management and their relationship to organizational success
Demonstrate to enterprise customers their commitment to compliance, security and integrity; ultimately contributing to the attraction and retention of customers
Ensure that there is improved alignment between the organization’s information security program and its broader goals and objectives
Provide the enterprise with a certification for Information security management that is recognized by multinational clients and enterprises, lending credibility to the enterprise
How to Become CISM Certified
The CISM designation is awarded to individuals with an interest in security management who meet the following requirements:
Successfully pass the CISM exam.
Adhere to ISACA’s Code of Professional Ethics.
Agree to comply with the Continuing Education Policy.
Work experience in the field of information security.
Submit an Application for CISM Certification.
1. Successfully Pass the CISM Exam
Score a passing grade on the CISM exam. A passing score on the CISM examination, without completing the required work experience as outlined below, will only be valid for 5 years. If the applicant does not meet the CISM certification requirements within the five year period, the passing score will be voided.
2. The Code of Professional Ethics
Members of ISACA and/or holders of the CISM designation agree to a Code of Professional Ethics to guide professional and personal conduct.
3. Continuing Education Policy
The objectives of the continuing education program are to:
Maintain an individual’s competency to ensure that all CISMs maintain an adequate level of current knowledge and proficiency. CISMs who successfully comply with the CISM CPE policy will be better equipped to manage, design, oversee and assess an enterprise’s information security.
Provide a means to differentiate between qualified CISMs and those who have not met the requirements for continuation of their certification.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.
View the complete CISM Continuing Education Policy, available in English, Spanish, Japanese and Korean.
4. Work Experience
Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.
The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.
Certified Information Systems Auditor (CISA) in good standing
Certified Information Systems Security Professional (CISSP) in good standing
Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)
One full year of information systems management experience
One full year of general security management experience
Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
Completion of an information security management program at an institution aligned with the Model Curriculum
The experience substitutions will not satisfy any portion of the 3-year information security management work experience requirement.
Exception: Two years as a full-time university instructor teaching the management of information security can be substituted for every 1 year of information security experience.
5. Submit an Application for CISM Certification
Once a CISM candidate has passed the CISM certification exam and has met the work experience requirements, the final step is to complete the CISM Application for Certification. There are three ways to obtain the CISM application:
Complete and print an online application;
Download application in PDF format (150K); or
Request an application (sent in postal mail).