There are now a vast number of courses and qualifications available for IT and cyber security professionals. Some are achievable over only a few days, whilst some may take years to complete. In terms of Information Security, there are a great deal of courses and qualifications out there, but one of the best-known and highly regarded is the Certified Information Security Manager (CISM) qualification, which is awarded by ISACA (the organisation previously known as the Information Systems Audit and Control Association).
The Certified Information Security Manager qualification was first launched in 2002 and is now a globally accepted qualification amongst the IT community.
The CISM is for IT professionals with a specific interest in IT security. It is awarded to individuals who meet the following requirements:
One of the criteria for certification is passing the main exam. The exam covers the four CISM areas outlined below:
The exam consists of 150 multiple-choice questions covering the areas above. Candidates have four hours in which to complete the exam.
Since 2017, the exam can now be taken via computer-based testing (CBT) at a number of registered exam centres. This also means that the candidate’s exam score can be displayed straight away.
In order to register for the exam, candidates must first register online with the ISACA, find a testing centre nearby, and pay for the examination in advance.
The fees for this exam are $575 USD (approx. £475) for SACA Members and $760 USD (approx. £625) for non-members.
Those who wish to become qualified must possess a minimum of five years of relevant work experience. This experience must be verified and include at least three years of information security management work in three or more of the specified areas. This experience must have been gained in the 10-year period prior to the application date, or within 5 years from when the exam was originally passed.
There are, however, several certifications and types of experience that can be used towards the 5-year information security work experience requirements (but not toward the 3-year specific requirements).
Certifications and experience that count for two years of the five include:
Certifications and experience that count for one year of the five include:
A key element in obtaining certification is that the candidate agrees to follow the Continuing Professional Education (CPE) policy. This policy is there to ensure that all certified candidates keep their knowledge current and maintain proficiency in the field. Staying up-to-date means that individuals are better able to provide leadership and value to their organisations. At least 20 hours of CPE are required each year in order to maintain the CISM certification.
Professionals who pass the CISM qualification can go into a wide range of roles including (but not limited to):
According to the website IT Jobs Watch, the average (median) annual salary for an ISACA Certified Information Security Manager is £65,000. You can find out more about other cyber security job salaries in this article on our sister site, Cyber Security Jobs.