Certified Information Security Manager (CISM) Fact Sheet 

CISM Logo 

Designed for experienced information security managers, the CISM designation is a groundbreaking credential earned by more than 18,000 professionals since it was established in 2002.

Background

Designed for experienced information security managers, the CISM designation is a groundbreaking credential earned by more than 18,000 professionals since it was established in 2002.

To earn the CISM designation, candidates are required to:

  • Successfully pass the CISM examination, which is offered twice annually in three languages
  • Adhere to ISACA’s Code of Professional Ethics and agree to comply with the CISM Continuing Education Policy
  • Submit proof of five years of work experience in the field of information security, with at least three years in the role of information security manager

More than 4,900 candidates registered for the CISM examination in 2010. CISM retention each year consistently remains at 93 percent.

CISM in the Workplace

  • More than 600 are employed in organizations as the CEO, CFO or equivalent executive position.
  • Over 1,750 serve as CIOs, CISOs, or chief compliance, risk or privacy officers.
  • Almost 6,100 are employed as security directors, managers or consultants and related staff.
  • Nearly 200 serve as chief audit executives, audit partners or audit heads.
  • More than 2,500 are employed as IT directors, managers, consultants and related staff.
  • Nearly 2,000 serve as audit directors, managers or consultants and related staff.
  • Over 1,800 are employed in managerial, consulting or related positions in IT operations or compliance.

CISM Recognition

  • The Skills Framework for the Information Age (SFIA) has recognized the CISA and CISM certifications by mapping them to the SFIA and showing the relevance of the related skills and experience. (www.sfia.org.uk)
  • ISACA’s CISM certification is listed in Govinfosecurity.com’s Top 5 Information Security Certifications for 2012 due to the required experience and commitment to ethical standards.
  • SC Magazine selected CISM as a finalist for the 2012 “Best Professional Certification Program” award in the Professional Awards category. Finalists are selected by a panel of 22 chief information security officers (CISOs) at major corporations and large public-sector organizations.
  • The World Lottery Association (WLA) recommends that its auditors be CISAs or CISMs. WLA represents the interests of global government-controlled lotteries and sets worldwide standards in security and risk management.
  • CISM was recognized at the Hong Kong ICT Awards 2011 with the Certificate of Merit under the “Best Professional Development (ICT Professional) Award.”
  • Global Knowledge and TechRepublic partnered to create a comprehensive IT salary survey, 2011 IT Skills and Salary Report. In the category of Salaries by Popular Certifications, the 2011 IT Skills and Salary Report from Global Knowledge and TechRepublic reported that the average salary of a CISM is $117,500.
  • CISM earned a place on the list of highest paying IT security certification by the 2011IT Skills and Certifications Pay Index (ITSCPI) from independent research firm Foote Partners.
  • The DRII Institute for Continuity Management recognizes DRII certification applicants who hold a CISM certification in good standing. CISMs qualify for the Certified Business Continuity Auditor (CBCA) and get a bypass for references (experience).
  • The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent.
  • CISM has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past four years. This accreditation is a benchmark for global organizations that certify individuals worldwide.
  • The US Department of Defense includes the CISM certification in the list of approved certifications for its information assurance professionals.

 CISM in the News

  • In a September 2011 Bankinfosecurity.com article and podcast titled “What it Takes to Get Top Jobs; Expert: Technical Skills and Certifications Alone Won't Cut it,” David Foote of Foote Partners LLC research firm notes that the CISM credential is “going up in value.”
  • Global Knowledge, in August 2010, listed the “Top IT Jobs for 2010 and Beyond” and suggests the information systems auditor obtain the CISA certification and that the CISM is the primary certification for the IT security manager.
  • The 2010 Information Career Trends Survey, conducted by the Information Security Media Group, found CISM to be one of the three most sought-after certifications for security professionals. According to ISMG, CISM is one of the two certifications becoming "minimum standards in the profession."
  • In a January 2010 study by Mile High Research, ISACA’s CISA and CISM certifications made the top 10 in-demand IT certifications for new jobs posted over the last 14 days. The job descriptions specified one or more certifications as minimum or preferred credentials for the job posting. ISACA and other organizations whose credentials made the top 10 “obviously make a connection between their certifications and employers – that connection is value," said Denny Schall, CLO of Mile High Research.
  • The 2010 Information Security Media Group (ISMG) Information Security Today Career Trends survey included ISACA’s CISA and CISM certifications in its top 10 certifications most sought after by security professionals.
  • In an article titled “Certification choices for a career in Information Security,” GetSetGrow.org lists the CISA and CISM as recommended certifications in order to pursue a career in computer security.

Contact:

Kristen Kessinger, +1.847.660.5512
Joanne Duffer, +1.847.660.5564
news@isaca.org