CISM Overview Crib Sheet

What is CISM?

  • Stands for Certified Information Security Manager.
  • A globally recognized certification by ISACA for professionals managing and overseeing enterprise information security.
  • Focuses on managing and aligning security programs with business goals.

What Does CISM Cover?

  1. Information Security Governance:

    • Culture, legal and reg requirements, structures and responsibilities.
    • Establishing and managing an information security strategy.
    • Aligning security with business objectives.
    • Creating policies, frameworks, and structures for security oversight.
  2. Information Risk Management:

    • Identifying and assessing security risks.
    • Developing strategies to mitigate risks and reduce impact on business.
    • Implementing controls to manage and monitor risks.
  3. Information Security Program Development & Management:

    • Building and maintaining an effective security program.
    • Defining security roles, responsibilities, and processes.
    • Ensuring compliance with laws, regulations, and standards (e.g., GDPR, NIST).
  4. Incident Management:

    • Planning and executing incident response strategies.
    • Minimizing the impact of security breaches and ensuring business continuity.
    • Handling everything from detection to recovery and reporting.

Why is CISM Useful?

  1. Career Booster:

    • CISM certifies your skills in managing and leading cybersecurity teams.
    • It’s recognized globally, opening doors for roles like Security Manager, Chief Information Security Officer (CISO), and more.
  2. Strategic Focus:

    • CISM focuses on aligning security programs with business goals, making you a key player in protecting business value.
  3. Risk Management Expertise:

    • You become skilled at identifying, assessing, and managing risks, which is critical in preventing security incidents that could disrupt business operations.
  4. Leadership Skills:

    • CISM equips you to lead security teams and make decisions that safeguard the organization while balancing business needs.

Who is CISM For?

  • Professionals managing or overseeing information security for businesses.
  • Ideal for those in roles like:
    • Security Manager
    • IT Manager
    • Risk Manager
    • Compliance Manager
    • Aspiring CISOs

CISM Certification Path

  • Requirements:
    • 5+ years of work experience in information security management.
    • Experience waivers available for some education or certifications.
  • Exam:
    • 150 questions, 4 hours, covers the key domains (Governance, Risk, Program Development, and Incident Management).
  • Maintain Certification:
    • Earn CPE credits annually and pay renewal fees to keep your certification active.