Certifiably Secure: CISM
The Information Systems Audit and Control Association (ISACA) is the parent of a new information security certification: the Certified Information Systems Manager (CISM) certification. Certified Information Systems Auditor (CISA) certification is already well-known and well-regarded in the IT industry, and boasts nearly 27,000 certified professionals among its ranks. With the introduction of the CISM, ISACA moves directly into the infosec certification ranks (the CISA focuses on information security as one of several topics about which information systems auditors must be knowledgeable and aware, but the CISM focuses exclusively on day-to-day security policy design, implementation, management, and maintenance).
The CISM is intended to identify individuals who possess the required skills and knowledge to provide effective security management and consulting services to companies and organizations, from small businesses to global, multinational corporations or organizations. The CISM is a business oriented certification, in that it concentrates on assessing and managing information risks, while also covering information security, design, and technical issues at a conceptual level.
Requirements for this credential include:
- Passing an exam, scheduled to be offered on and after June, 2003
- Adherence to a professional and rigorous code of ethics
- Documented evidence of at least 5 years of information security work, with at least three years of information security management work in three or more of the certification’s “job practice analysis” areas
The conceptual domains for this exam include information security governance, risk management, information security program management, information security management, and response management. Together, these domains include a higher degree of coverage of infosec management processes and practices that other certifications do (for example, the SANS GIAC and CISSP certs), but their level of technical depth and coverage is otherwise pretty similar to these programs.
Given the high degree of participation in and acceptance of ISACA’s CISA certification, there’s every chance that the CISM could be equally well represented in IT professional ranks, once the program offers its first exams in mid-2003. As infosec certifications go, it’s one that certainly bears watching!
For more information, Click Here.