• On completion of the CISM exam preparation course, delegates will:
• Ensure that an enterprise’s information is protected
• Have the expertise needed to reduce risk and protect the enterprise
• Design, develop, implement and manage an effective security management program
• Establish and maintain an IT governance framework aligned with business objectives
• Identify and manage information security risks
• Have an understanding of the format and structure of the CISM certification exam
• Have knowledge of the various topics and technical areas covered by the exam
• Practice with specific strategies, tips and techniques for taking and passing the exam

Duration: 5 Days

• Domain 1 – Information Security Governance Duration
• Domain 2 – Information Risk Management
• Domain 3 – Information Security Program Development and Management
• Domain 4 – Information Security Incident Management

Certification Requirements

After passing the CISM exam, Candidates must submit verified evidence that they have worked a minimum of 5 years in the field of information security, with a minimum of 3 years in information security management in at least three of the job practice analysis areas. This work experience has to be gained within the 10-year period, which precedes the application for certification, or within 5 years from the date of passing the exam. Some qualifications can act as a substitute for the full 5-years’ worth of work experience, and what follows are two separate scenarios that can lessen the requirements of the individual candidate, based on qualifications and work experience.

Two Years:

• Certified Information Systems Auditor (CISA) in good standing
• Certified Information Systems Security Professional (CISSP) in good standing
• Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

One Year:

• One full year of information systems management experience
• One full year of general security management experience
• Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
• Completion of an information security management program at an institution aligned with the Model Curriculum

Candidates must be aware that the experience substitutions that are listed above are not accepted as a replacement for any part of the 3-year information security management work experience. The only exception is two years’ worth of full-time university level instructor teaching information security management, which can substitute 1 year for every two years worked in such a role.

Some candidates take the CISM exam even though they don’t meet the experience requirements. This practice is acceptable but you will not be awarded the CISM designation until you meet all the requirements. Note that work experience for the certification must be gained within 10 years of applying for the certification or five years from the date of passing the CISM exam.

Exam Information

•  Continuous testing will be available beginning June 13, 2020.
• Course tuition includes an exam voucher and study materials from ISACA.
• ISACA offers continuous Computer-Based Testing (CBT). With ISACA CBT exams, candidates will now receive a preliminary score report at the conclusion of their exam. Official scores will be sent to candidates via email within 10 working days of their exam.
• The ISACA Exam Candidate Information Guide provides valuable information regarding exam day rules and information, as well as exam dates and deadlines. You can find the 2020 copy at www.isaca.org