Q. What is the CISM exam?
A. The Certified Information Security Manager (CISM) certification is a distinctive management focused certification that has been earned by numerous professionals. The CISM certification is for those candidates who manage, design, oversee, and assess an enterprise’s information security program. CISM defines the core competencies and international performance standards that those who have information security management responsibilities must master.
Q. What are the prerequisites of the CISM exam?
A. Candidates for the CISM certification must pass the examination, agree to adhere to ISACA’s Code of Professional Ethics, and submit evidence of five years work experience in the field of information security. Work experience must be gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the exam. Three of the five years of work experience must be gained performing the role of an information security manager.
Q. What are the benefits of becoming CISM certified?
A. The benefits of becoming CISM certified are as follows:
- Recognition of attainment of advanced job skills as required for an information security professional
- Worldwide recognition as an information security manager
- Opportunity to build upon existing certifications/credentials already earned
- Provides tangible evidence of career growth
- Provides a business and technology orientation to risk management
- Potential for a salary increase and/or promotion
Q. What certificate does it provide?
A. It provides CISM certification.
Q. How many questions are asked in the test?
A. User will be required to attempt approximately 200 questions.
Q. What is the duration of the test?
A. Users are required to attempt all questions in 4 hours.
Q. Which type of test is it? (Adaptive/Linear)
A. Linear
Q. What is the passing score?
A. 450 out of 800
Q. What is the test retake policy?
A. A candidate receiving a score of less than 450 has not passed and can retake the exam during any future exam administration. To assist with future study, the results letter each candidate receives will include a score analysis by content area. There are no limits to the number of times a candidate can take the exam.
Q. What can I expect in the CISM exam?
A. An examinee should practice the following areas to pass the CISM certification:
- Information security governance
- Information risk management
- Information security program development
- Information security program management
- Incident management and response
Q. What skills are measured in the CISM exam?
A. The skills measured in the CISM certification exam are as follows:
- Developing an information security strategy aligned with business goals and objectives
- Planning the budgetary strategies and reporting methods
- Establishing reporting and communication channels throughout an organization
- Establishing a process for information asset classification and ownership
- Identifying and evaluating the information security controls and countermeasures to mitigate risk to acceptable levels
- Identifying the factors used to determine risk reporting frequency and requirements
- Understanding of baseline modeling and its relationship to risk-based assessments of control requirements and information security controls
- Implementation of gap analysis to assess generally accepted standards of good practice for information security management against current state
- Implementation of information security architectures and their deployment
- Developing the life cycle methodologies, activities, and processes for incorporating security requirements into contracts
- Implementing and interpreting the information security policies and information security administrative processes and procedures
- Developing and implementing processes for detecting, identifying, analyzing, and responding to information security incidents
- Understanding of disaster recovery testing for infrastructure and critical business applications
- Identifying and managing security incidents and the understanding of crisis communications