CISM Certification : Certified Information Security Manager

What is CISM Certified Information Security Manager ?

The CISM certification, offered by ISACA, represents an internationally recognized standard of excellence for information security managers. ISACA is a global organization that brings together experts in IT audit, control and security, with the objective of rewarding the skills of the individuals in charge of the design, the implementation and monitoring of information system security within companies.

This cybersecurity certification encompasses four key areas: governance, risk management, information security program, and security incident response. It validates the candidate’s thorough understanding of information security concepts, principles and best practices, in addition to knowledge of key standards and frameworks such as ISO 27001, COBIT and NIST.

CISM also confirms the candidate’s significant practical experience in the field, as well as his ability to lead projects, teams and interact with stakeholders. This certification is considered worldwide as a guarantee of quality and professionalism.

It complies with ISO 17024 and DoD 8140/8570.01-M standards, making it a requirement for many employers and clients looking for qualified and reliable information security managers. She is also highly regarded among peers and partners who value belonging to a network of more than 50,000 certified professionals around the world.

Which organizations offer CISM certification ?

Certified Information Security Manager (CISM) certification is offered exclusively by ISACA (Information Systems Audit and Control Association). This internationally recognized association has more than 150,000 members in more than 180 countries. Its main objective is to foster excellence and innovation in the audits, control and security of information systems.

ISACA is also known to deliver other renowned certifications, such as CISA, CRISC, CGEIT and CSX-P, in addition to CISM. The association supports its members through multiple local chapters, which regularly offer events, training sessions and networking opportunities for information security experts.

The CISM certification process involves a four-hour exam, consisting of 150 multiple-choice questions. This review assesses competencies in four critical areas of information security: governance, risk management, security program and incident management. To succeed, it is necessary to reach a minimum score of 450 out of 800.

This exam is offered in several languages, including French, English, Spanish, Chinese and Japanese, and can be taken online or at an ISACA-accredited centre. Examination sessions are held three times a year in May, September and December. Applicants must register in advance via the ISACA website and pay the registration fee, which varies depending on whether they are members of the association or not.

In addition to passing the exam, candidates must have at least five years of professional experience in information security, including three years in at least two of the four CISM areas. This experience must have been acquired within ten years before the application or within five years of passing the exam.

Finally, to obtain and maintain certification, it is essential to respect the professional code of ethics established by ISACA and to participate in a continuing education program.

What are the specific CISM certification requirements for my industry ?

The CISM certification (Certified Information Security Manager) is intended for all those working in the field of information security with functions of management, design, oversight or evaluation of computer systems. Thus, it applies to all areas of activity that use information technology and are subject to security risks. Whether in the context of public, private or associative organizations, obtaining the CISM certification enhances your expertise and strengthens your professional credibility.

The most demanding sectors of activity for CISM certification

An ISACA study found that CISM-certified professionals are particularly numerous in the following sectors :

• Financial services (banking, insurance, audit, etc.)  
• IT services (consulting, integration, security, etc.)  
• Public services (administration, education, health, etc.)  
• Industry (manufacturing, energy, pharmaceutical, etc.)  
• Telecommunications (operators, suppliers, etc.)

‍

These industries, which process sensitive data and are subject to strict regulations, particularly benefit from CISM certification to ensure the integrity and reliability of their IT systems, reduce security risks, increase the trust of their customers and partners, and gain a significant competitive advantage.

The benefits of CISM certification for your industry

Regardless of your professional field, obtaining CISM certification offers various benefits :

• Enhance your credibility and professional image  
• Broaden your career prospects and increase your compensation potential  
• Confirm your dedication and professionalism in IT security  
• Updating and continuous development of your skills in the four key areas of CISM  
• Access to an international community of more than 50,000 CISM certified professionals

‍

To obtain CISM certification, the following conditions must be met :

• Successful completion of the CISM exam, consisting of 150 multiple-choice questions over four hours  
• Evidence of five years of professional experience in information security, including a minimum of three years in at least two of the CISM areas  
• Adherence to the ISACA Code of Professional Conduct  
• Participation in a continuing education program to maintain certification

‍

To prepare you for this exam, the training organization Yvea is at your disposal to guide and accompany you on these CISM programs designed according to your needs, your availability and your budget. Thanks to the partnerships of Yvea you will benefit from advantageous offers.

What are the steps to obtain CISM certification ?

If you are seeking CISM (Certified Information Security Manager) certification, here are the key steps :

Registration for the CISM exam

Go to the ISACA website to register for the exam. You will choose the date, mode and location that suits you best. You will also have to pay the registration fee, which varies depending on whether you are a member of ISACA or not.

Exam preparation

Use training resources offered by ISACA or accredited organizations. The ISACA website provides a free candidate guide, a revision manual, a database of questions, answers and explanations, as well as practical quizzes.

Examination pass

The CISM exam consists of 150 multiple-choice questions and lasts four hours. To pass, you must score at least 450 out of 800. Your score will be communicated immediately after the exam is completed.

Application for certification

Once the exam is passed, complete the certification application form available online or in hard copy. You will be required to provide proof of five years of professional experience in the field of information security, including at least three years in two of CISM’s four areas of expertise, to comply with the ISACA Code of Ethics and to pay the certification fee.

Maintain certification

To maintain your CISM certification, complete the ISACA continuing education program. This involves acquiring at least 120 hours of continuous professional development (CPE) over three years, with a minimum of 20 hours per year, complying with the ISACA Code of Ethics and paying the annual maintenance fee.

How much does an CISM certification cost ?

Obtaining an CISM (Certified Information Security Manager) certification requires a significant investment, not only in financial terms, but also in terms of time and effort. Before starting, it is essential to carefully weigh the costs against the benefits of this certification. Learn about key financial considerations:

Registration fees for the exam

To register for the CISM exam, it is necessary to visit the ISACA website and pay the registration fee. These vary depending on whether you are a member of ISACA or not, and the payment method used. According to ISACA, the fees are as follows:

• ISACA Member : $575
• Non-Member ISACA : $625

‍

Joining ISACA can therefore be advantageous to benefit from a discount on registration fees, in addition to other benefits such as access to training resources and support from a professional community.

The cost of applying for certification

Upon successful completion of the exam, an application for CISM certification must be submitted and a fee of $50 must be paid, whether you are a member of ISACA or not.

These fees are used to cover administrative expenses related to the verification of professional experience and the processing of the application.

The cost of maintaining certification

To keep your CISM certification up to date, it is necessary to follow the ISACA Continuing Education program, requiring at least 120 hours of continuous professional development over three years, with a minimum of 20 hours per year. The annual maintenance fee is $45 for ISACA members and $85 for non-members.

The indirect costs of certification

It is also important to consider the indirect costs associated with the preparation and examination of the CISM certification, including :

• Travel expenses to an examination centre or training location.  
• Expenses for revision materials, such as books, guides, and question databases.  
• The time invested in the study, which may involve a loss of income if a reduction in professional or personal activity is necessary.

The return on investment of certification

CISM certification, while a significant investment, offers a plethora of benefits both professionally and personally. Obtaining this certification may :

• Raise your credibility and reputation with employers, clients and industry professionals.  
• Expand your career horizons and increase your earning potential. A Global Knowledge study reveals that certifications can significantly influence your salary.

How long does it take to get CISM certification ?

The time required to obtain CISM (Certified Information Security Manager) certification varies according to several key elements, including :

• Your exam preparation : It depends on your previous experience, current knowledge and study methods. It is suggested to allow a minimum of 100 hours of study before taking the exam. To prepare, it is possible to opt for self-training with resources provided by ISACA or to participate in a formal program offered by a certified provider such as Yvea, promising tailor-made support and a high success rate.
• Your availability for the exam : The exam is held three times a year – in May, September and December. It is necessary to register in advance via the ISACA website by selecting the time, format and place of examination that best suits you. The exam, which can be taken online or at an ISACA-accredited centre, lasts four hours and includes 150 multiple-choice questions.
• How to apply for certification : After passing the exam, you have five years to apply for certification. The process includes filling out a form (available online or in hard copy) where you will need to provide proof of your five-year professional experience in the field of information security, including at least three years in two of the four areas specified by the CISM certification. It is also necessary to adhere to the ISACA Code of Professional Ethics and pay the certification fee.

‍

The minimum required to acquire CISM certification could be four months, considering immediate registration for the exam, its success on the first try and an application for certification made without delay. The maximum period could be up to ten years, taking into account the ten years of professional experience before applying for certification and the five years following the examination to make this application.

Is there a renewal to be done regarding the CISM certification ?

The CISM (Certified Information Security Manager) certification is not perpetual and requires regular updating to ensure that the certified person remains competent and informed in the field of IT security.

To renew CISM certification, two key requirements must be met :

• Accumulate at least 120 hours of continuous professional development (CPE) over three years, with a minimum of 20 hours each year. CPEs are activities such as training, professional practices or contributions in the field that help develop skills in the four areas covered by the CISM certification. Selected activities for UEY include participation in seminars, webinars, courses, workshops, publications, and other evaluations. ISACA offers a comprehensive list of accepted activities as well as criteria for accumulating CPEs on its official website.
• Pay an annual maintenance fee of US$45 for ISACA members and US$85 for non-members. Payment of these fees entitles ISACA to resources and services such as access to publications, standards, tools, professional networks and career opportunities. Payment must be made annually by December 31 to maintain active certification.

‍

Failure to comply with these conditions may lead to the loss of CISM certification, forcing the professional to retake the exam to regain it. It is therefore crucial to plan and manage your ongoing professional development using resources such as the MyCPE portal, the journal and the CPE guide offered by ISACA. It is also important to keep abreast of the latest news and trends in information security through various sources of information such as websites, blogs, podcasts, newsletters, etc.