|
CISM Examination Content Areas
Description of the Certification and Examination
The CISM exam covers five information security management areas, each of which is further defined and detailed through task and knowledge statements. These areas and statements were developed by the CISM Certification Board and represent a job practice analysis of the work performed by information security managers as validated by prominent industry leaders, subject matter experts and industry practitioners. The following is a brief description of these areas, their definitions, and approximate percentage of test questions allocated to each area.
Select a title for a list of specific task and knowledge statements that represent a current market perspective of what is performed and what should be known by information security managers. This information provides the basis for the CISM exam.
CISM will encompass the following areas:
Information Security Governance (21%)
Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Tasks and Knowledge Statements
Risk Management (21%)
Identify and manage information security risks to achieve business objectives. Tasks and Knowledge Statements
Information Security Program(me) Management (21%)
Design, develop and manage an information security program(me) to implement the information security governance framework. Tasks and Knowledge Statements
Information Security Management (24%)
Oversee and direct information security activities to execute the information security program(me). Tasks and Knowledge Statements
Response Management (13%)
Develop and manage a capability to respond to and recover from disruptive and destructive information security events. Tasks and Knowledge Statements
|
