Certified Information Security Manager (CISM) Fact Sheet

Designed for experienced information security managers, the CISM designation is a groundbreaking credential earned by more than 21,400 professionals since it was established in 2002.

About ISACA

Background

Designed for experienced information security managers, the CISM designation is a groundbreaking credential earned by nearly 21,400 professionals since it was established in 2002. The management-focused CISM is the globally accepted standard for individuals who develop, build and manage enterprise information security programs.

Certification Requirements

To earn the CISM designation, candidates are required to:

Successfully pass the CISM examination, which is offered three times annually (June, September and December) in four languages in 240 countries
Adhere to ISACA’s Code of Professional Ethics and agree to comply with the CISM Continuing Education Policy
Submit proof of five years of work experience in the field of information security, with at least three years in the role of information security manager

CISM retention is more than 95 percent.

CISM in the Workplace

More than 7,000 are security directors, managers, or consultants and related staff.
More than 3,000 are IT directors, managers, consultants and related staff.
Nearly 2,500 are employed in managerial, consulting or related positions in IT operations or compliance
More than 2,200 serve as audit directors, managers or consultants and related staff.
More than 1,750 serve as CIOs, CISOs, or chief compliance, risk or privacy officers.
Nearly 700 are CEOs, CFOs or equivalent executives.
More than 200 serve as chief audit executives, audit partners or audit heads.

CISM Recognition

SC Magazine selected CISM as a finalist of the 2013 “Best Professional Certification Program” in the Professional Awards category for the third year in a row. CISM was named a finalist by a panel of chief information security officers (CISOs) at major corporations and large public-sector organizations.
CISM was noted as having gained 8.3% in average market value from 1 April to 1 October 2012 and was listed as a Highest Paying certification in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI). To make this list, a certification has to be averaging a pay premium in excess of the equivalent of 10% of base salary. CISMs are earning premiums that place them in the top 7% of all 268 certifications currently being reported.
SC Magazine selected CISM as a finalist of the 2012 “Best Professional Certification Program” in the Professional Awards category for the second year in a row. CISM was named a finalist by a panel of chief information security officers (CISOs) at major corporations and large public-sector organizations.
Devry encourages earning the CISM (the only certification listed) on its infographic of A Path to a Secure Future—Your Cyber Security Career Roadmap.
Global Knowledge listed CISM as the CyberSecurity certification for 2013 in “Eight Emerging IT Certifications For 2013.”
CISM was listed as the third-highest-paying certification in the 2012 IT Skills and Salary Survey by Global Knowledge and TechRepublic.
CISM remained on the list of highest-paying IT security certifications in the 2012 IT Skills and Certifications Pay Index (ITSCPI) from independent research firm Foote Partners.
The Skills Framework for the Information Age (SFIA) has recognized the CISA and CISM certifications by mapping them to the SFIA and showing the relevance of the related skills and experience. (www.sfia.org.uk)
ISACA’s CISM certification is listed in Govinfosecurity.com’s Top 5 Information Security Certifications for 2012 due to the required experience and commitment to ethical standards.
The World Lottery Association (WLA) recommends that its auditors be CISAs or CISMs. WLA represents the interests of global government-controlled lotteries and sets worldwide standards in security and risk management.
CISM was recognized at the Hong Kong ICT Awards 2011 with the Certificate of Merit under the “Best Professional Development (ICT Professional) Award.”
The DRII Institute for Continuity Management recognizes DRII certification applicants who hold a CISM certification in good standing. CISMs qualify for the Certified Business Continuity Auditor (CBCA) and get a bypass for references (experience).
The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent.
CISM has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past four years. This accreditation is a benchmark for global organizations that certify individuals worldwide.
The US Department of Defense includes the CISM certification in the list of approved certifications for its information assurance professionals.

CISM in the News

CIO Magazine ~ In “23 IT Certifications That Mean Higher Pay,” ISACA’s CISM and CRISC certifications are listed, based on data from Foote Partners LLC’s latest IT Skills and Certifications Pay Index.
Workspan ~ The CISM credential has been named one of the highest-paying IT certifications in the latest Foote Partners’ IT Skills and Certifications Pay Index^TM (ITSCPI)—http://bit.ly/Oj7tF5.
In a September 2011 Bankinfosecurity.com article and podcast titled “What it Takes to Get Top Jobs; Expert: Technical Skills and Certifications Alone Won't Cut it,” David Foote of Foote Partners LLC research firm notes that the CISM credential is “going up in value.”
Global Knowledge, in August 2010, listed the “Top IT Jobs for 2010 and Beyond” and suggests the information systems auditor obtain the CISA certification and that the CISM is the primary certification for the IT security manager.
The 2010 Information Career Trends Survey, conducted by the Information Security Media Group, found CISM to be one of the three most sought-after certifications for security professionals. According to ISMG, CISM is one of the two certifications becoming "minimum standards in the profession."
In a January 2010 study by Mile High Research, ISACA’s CISA and CISM certifications made the top 10 in-demand IT certifications for new jobs posted over the last 14 days. The job descriptions specified one or more certifications as minimum or preferred credentials for the job posting. ISACA and other organizations whose credentials made the top 10 “obviously make a connection between their certifications and employers – that connection is value," said Denny Schall, CLO of Mile High Research.
The 2010 Information Security Media Group (ISMG) Information Security Today Career Trends survey included ISACA’s CISA and CISM certifications in its top 10 certifications most sought after by security professionals.
In an article titled “Certification choices for a career in Information Security,” GetSetGrow.org lists the CISA and CISM as recommended certifications in order to pursue a career in computer security.

Contact:

Kristen Kessinger, +1.847.660.5512
Joanne Duffer, +1.847.660.5564
news@isaca.org


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

ISACA: Serving IT Governance Professionals