Certified Information Security Manager (CISM) Fact Sheet 

CISM Logo 

Sought after by experienced information security managers, the CISM certification is a groundbreaking credential earned by more than 23,000 professionals since it was established in 2002.

Sought after by experienced information security managers, the CISM certification is a groundbreaking credential earned by more than 23,000 professionals since it was established in 2002. The management-focused CISM is the globally accepted achievement for individuals who develop, build and manage enterprise information security programs. CISM retention is more than 95 percent.

  View the number of ISACA certifications by region


CISM Certification Requirements

To earn the CISM certification, candidates are required to:

  • Pass the CISM examination (offered worldwide every June, September and December, in 4 languages and at more than 240 locations)
  • Submit proof of five years of work experience in the field of information security, with at least three years in the role of information security manager
  • Adhere to ISACA’s Code of Professional Ethics
  • Agree to comply with the CISM Continuing Education Policy


CISM in the Workplace

  • More than 7,600 are security directors, managers or consultants.
  • More than 3,200 are IT directors, managers or consultants.
  • More than 2,700 are employed in managerial, consulting or related positions in IT operations or compliance.
  • More than 2,300 serve as audit directors, managers or consultants.
  • More than 2,000 serve as CIOs, CISOs, or chief compliance, risk or privacy officers.
  • Nearly 700 are CEOs, CFOs or equivalent executives.
  • More than 200 serve as chief audit executives, audit partners or audit heads.


CISM Recognition

  • SC Magazine selected CISM as a finalist of the 2014 “Best Professional Certification Program” in the Professional Awards category for the fourth year in a row.
  • The Australian Signals Directorate listed CISM as a prerequisite for its Information Security Registered Assessor Program.
  • CISM is listed as being tied for the fourth highest-paying certification in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI) for 1 July 2013 – 1 October 2013.
  • CISM was noted as having gained 8.3% in average market value from 1 April to 1 October 2012 and was listed as a highest-paying certification in Foote Partners IT Skills and Certifications Pay Index™ (ITSCPI). CISMs are earning premiums that place them in the top 7% of all 268 certifications currently being reported.
  • Devry encourages earning the CISM (the only certification listed) on its infographic, “A Path to a Secure Future—Your Cyber Security Career Roadmap.”
  • Global Knowledge listed CISM as the CyberSecurity certification for 2013 in “Eight Emerging IT Certifications For 2013.”
  • CISM was listed among the three highest-paying certifications in the 2012 IT Skills and Salary Survey by Global Knowledge and TechRepublic.
  • CISM remained on the list of highest-paying IT security certifications in the 2012 IT Skills and Certifications Pay Index (ITSCPI) from research firm Foote Partners.
  • The Skills Framework for the Information Age (SFIA) has recognized the CISA and CISM certifications by mapping them to the SFIA and showing the relevance of the related skills and experience. (www.sfia.org.uk)
  • ISACA’s CISM certification is listed in Govinfosecurity.com’s Top 5 Information Security Certifications for 2012 due to the required experience and commitment to ethical standards.
  • The World Lottery Association (WLA) recommends its auditors be CISAs or CISMs.
  • CISM was recognized at the Hong Kong ICT Awards 2011 with the Certificate of Merit under the “Best Professional Development (ICT Professional) Award.”
  • The DRII Institute for Continuity Management recognizes DRII certification applicants who hold CISM in good standing. CISMs qualify for the Certified Business Continuity Auditor (CBCA) and get a bypass for references.
  • The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent.
  • CISM has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past four years.
  • The US Department of Defense includes the CISM certification in the list of approved certifications for its information assurance professionals.

CISM in the News

  • CSO ~ “Hot security skills of 2013” notes that technical certifications like CISM are helpful for CSOs in the workplace.
  • The Heritage Foundation ~ “A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace,” encourages an increase in the number of IT professionals with security certifications such as CISM.
  • CIO Magazine ~ In “23 IT Certifications That Mean Higher Pay,” ISACA’s CISM certification is listed, based on data from Foote Partners LLC’s latest IT Skills and Certifications Pay Index.
  • In a September 2011 Bankinfosecurity.com article and podcast titled “What it Takes to Get Top Jobs; Expert: Technical Skills and Certifications Alone Won't Cut it,” David Foote of Foote Partners LLC research firm notes that the CISM credential is “going up in value.”
  • Global Knowledge listed the “Top IT Jobs for 2010 and Beyond” and named CISM the primary certification for the IT security manager.

Contact

Kristen Kessinger, +1.847.660.5512
Joanne Duffer, +1.847.660.5564
Rachel Acevedo, +1.847.660.5617
news@isaca.org