menu image
AssuranceSecurityGovernanceMembers & LeadersProfessionals & PractitionersStudents & EducatorsExhibitors & Advertisers
menu shadow
CISM Certification
 Requirements
 Code of Professional Ethics
 Exam
 Application & Maintenance
 Continuing Education Policy
 Item Writing Program
 CISM in the News
 FAQ
Education & Conferences
Professional Resources
Downloads
Bookstore
Membership
My ISACA
Career Centre
spacer image
Print this page
spacer image

Home SecurityCISM Certification FAQ

CISM logo

CISM Frequently Asked Questions (FAQ)

Exam Registration & Administration :: Certification Requirements :: Exam Content :: Other

Exam Registration & Administration

  1. When will I receive my June 2008 exam results?
  2. What is the date of the next CISM exam?
  3. When does registration begin for the next exam?
  4. What is the registration deadline of the next exam and what are the fees?
  5. Can I take the CISA and CISM exams on the same day?
  6. Who do I contact for assistance with my CISM Practice Question Database CD-ROM or web download?
  7. Can I change my exam site or language?
  8. Can I defer my exam?

1. When will I receive my June 2008 exam results?

Results for the for the June 2008 exam were released the week of 21 July via email and the post to those candidates who elected to receive the email notification option and have no outstanding balances for the exam. Please allow for adequate delivery time to your mailing location. Exam results will be posted online in your profile after 25 August, but will only contain your overall exam score.

2. What is the date of the next CISM exam?

The next exam will be administered on 13 December 2008 unless otherwise specified at www.isaca.org/examlocations.

3. When does registration begin for the next exam?

Registration for the 13 December 2008 is currently open. You can register for the exam at www.isaca.org/examreg.

4. What is the registration deadline of the next exam and what are the fees?

On or before 20 August 2008
ISACA member US $375
Nonmember US $505

After 20 August through 24 September 2008
ISACA member US $425
Nonmember US $555

Candidates can save US $50 on the exam registration fee by registering online.

5. Can I take the CISA and CISM exams on the same day?

The CISA and CISM exams will be held simultaneously; therefore, they cannot be taken on the same day.

6. Who do I contact for assistance with my CISM Practice Question Database CD-ROM or web download?

For technical support with your CD-ROM or web download please contact tech@cisa-support.com.

7. Can I change my exam site or language?

A US $50 fee is required for all changes for an exam site and/or language that are received from 11 October through 17 October 2008. No changes will be accepted after 17 October 2008. Please note that all deadlines are based on Chicago, Illinois, USA 5 p.m. Central Time. For exam site or language changes, please send an email to certification@isaca.org. These changes do not include deferrals.

8. Can I defer my exam?

Candidates unable to take the exam can request a deferral of their registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit www.isaca.org/examdefer.

Certification Requirements :: Exam Content :: Other

Certification Requirements

  1. What do I need to do if I've received a revocation notice?
  2. How can I earn CPE credits online?
  3. What do I need to do if I've received an audit notice for my 2007 CPE hours?
  4. I've submitted the documentation for the audit of my 2007 CPE hours. When will I receive a confirmation?
  5. Where can I find the CISM application for certification?
  6. What are the qualifications to earn the CISM credential?
  7. What does the CISM continuing professional education policy require?
  8. Why does ISACA offer an information security certification?
  9. Who is eligible to become CISM certified and what makes CISM unique?
  10. Will CISAs qualify for CISM?
  11. Will CISSPs and other security credential holders qualify for CISM?
  12. How is CISM different from the other security certifications?
  13. How is CISM different from the Certified Information Systems Security Professional (CISSP)?

1. What do I need to do if I've received a revocation notice?

If you have received a revocation notice, please contact certification@isaca.org.

2. How can I earn CPE credits online?

ISACA members can earn CPE hours by taking an Information Systems Control Journal CPE Quiz online. One CPE hour is awarded per quiz. ISACA members may also earn CPEs online by participating in e-symposia. The e-symposia are offered live each month or may be accessed on demand via the archives. For more information, please go to http://www.isaca.org/webcasts. In order to claim the CPE hours (generally 3 hours per e-symposia), a passing score must be earned on the quiz.

3. What do I need to do if I've received an audit notice for my 2007 CPE hours?

If you have received an audit notice, please follow the steps provided to you in the letter to comply with the audit. When submitting your documentation, please note that it should be in the form of a letter, certificate of completion, attendance roster or Verification of Attendance form (located at http://www.isaca.org/cismcpepolicy).

At a minimum, each record should include the name of the attendee, name of the sponsoring organization, activity title, activity description, activity date, and the number of continuing professional education hours awarded or claimed. Please submit photocopies, as the documents will not be returned.

4. I've submitted the documentation for the audit of my 2007 CPE hours. When will I receive a confirmation?

If any additional information is required or there are questions regarding your documentation, we will contact you directly. Once your documentation has been reviewed and approved, a notice will be sent to you.

5. Where can I find the CISM application for certification?

CISM applications are located at http://www.isaca.org/CISMapp.

6. What are the qualifications to earn the CISM credential?

Qualifying for CISM requires a combination of four "e's": experience, ethics, education and exam. Specifically, the requirements are:

  • Earn a passing score on the CISM exam
  • Adhere to the ISACA Code of Professional Ethics
  • Commit to abide by the Continuing Professional Education Policy
  • Submission of verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice areas. Waivers for general information security work experience are available, if certain education or certification requirements are met.

For further details, click here.

7. What does the CISM continuing professional education policy require?

In order to become and remain a CISM an individual must agree to comply with the CISM continuing professional education policy. This policy requires an individual to earn a minimum of twenty (20) continuing professional education hours annually and one hundred and twenty (120) continuing professional education hours for every three year cycle. In addition, an annual maintenance fee of US $40 ISACA member and US $75 nonmember is required.

To access the CPE policy, click here.

8. Why does ISACA offer an information security certification?

ISACA's name reflects its obligation to offer products, services and benefits not only to the information systems audit profession, but to those who play a vital role in information systems control as well. More than 20 years ago ISACA pioneered the Certified Information Systems Auditor (CISA) credential and has developed and offered training programs to information systems auditors, information security practitioners and those involved in information technology governance.

Most recognized in the industry are a series of ISACA conferences that are known as CACS (computer audit, control and security). These programs are held each year worldwide and meet the educational needs of a wide variety of information systems professionals.

In recent years, ISACA has undertaken other information security and IT control activities: increased focus on security in the Information Systems Control Journal, creation of the IT Governance Institute, and development of research of particular interest and benefit to security management professionals. The maturity of ISACA membership and CISAs and their requested need for an information security credential that goes beyond the practitioner level has led ISACA to the development the CISM credential.

9. Who is eligible to become CISM certified and what makes CISM unique?

CISM is unique in the information security credential marketplace because it is designed specifically and exclusively for individuals who have experience managing an information security program. Experience requirements and the CISM exam are based on the experience required to competently perform the duties and responsibilities of an information security manager. These requirements and the tasks and knowledge that are tested were developed by information security leaders and later validated by subject matter experts and information security managers. The requirements are designed to measure an individual's management experience in information security situations, not general practitioner skills.

10. Will CISAs qualify for CISM?

The CISM certification program recognizes the achievement of the CISA credential as a baseline representation that an individual has gained general information security skill and knowledge. As such, CISAs receive a two-year general information security waiver. However, CISAs will not be eligible to earn a CISM unless they have the required experience and can demonstrate proficiency and practical knowledge in the role of an information security manager.

11. Will CISSPs and other security credential holders qualify for CISM?

The CISM certification program recognizes the achievement of the CISSP credential as a baseline representation that an individual has gained general information security skill and knowledge, just as it does with individuals who have earned a CISA. As such, CISSPs receive a two-year general information security experience waiver. However, CISSPs will not be eligible to earn a CISM unless they have the required experience and can demonstrate proficiency and practical knowledge in the role of an information security manager. Holders of other, more specialized credentials, such as the SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security + Credential and the Disaster Recovery Institute Certified Business Continuity Professional (CBCP) also can receive a one-year general information security experience waiver.

12. How is CISM different from the other security certifications?

CISM differs from the many other security certifications by virtue of its experience requirements and focus on the job performed by an information security manager. Other security certifications are characterized by a focus on technical skills or platform- or product-specific knowledge, or they are aimed at the practitioner in the earlier years of their career. Only CISM targets the information security manager-the individual who has progressed beyond the practitioner focus, whose emphasis is no longer technical or specialist skills, and who has moved on to the management of an enterprise's information security program. CISM is for the individual who must manage and oversee the enterprise's information security effort, including the practitioners, many of whom may hold other certifications the field offers. The focus on management that makes CISM unique is demonstrated in its experience requirement, which calls for a minimum of three years in information security management, and in its exam focus that is based on the practices performed by information security managers.

13. How is CISM different from the Certified Information Systems Security Professional (CISSP)?

Although there are many differences between the CISSP common body of knowledge and the CISM job practice areas, the most obvious differences is in the experience requirements. Only CISM requires information security management experience, in addition to general information security experience. CISSP has no such management requirement. Earning the CISSP and/or the CISA credential is complementary to the attainment of the CISM credential and is encouraged.

Exam Registration & Administration :: Exam Content :: Other

Exam Content

  1. How long is the exam?
  2. What does the CISM exam cover?
  3. What is the CISM job practice analysis and how was it developed?

1. How long is the exam?

A candidate is given 4 hours to complete a 200 multiple-choice question exam.

2. What does the CISM exam cover?

The CISM exam will cover five information security management areas, each of which is further defined and detailed through task and knowledge statements.

3. What is the CISM job practice analysis and how was it developed?

ISACA's philosophy toward certification is to measure the individuals' ability and knowledge as it pertains to the performance of their job. To define what security managers do and what they need to know ISACA brought together a task force of prominent industry leaders, subject matter experts and industry practitioners to define the job practice analysis on which the certification exam is based. Due to the importance of the job task analysis and the change experienced in the information security profession, ISACA is currently reviewing the job task analysis. In addition to the CISM's who are participating in this effort we have been joined by representatives from the Information Systems Security Association, the Information Security Forum and ASIS International.

The detailed CISM Job Practice areas can be viewed at http://www.isaca.org/cismjobpractice.

Exam Registration & Administration :: Certification Requirements :: Other

Other

  1. How do I request additional information or report an issue regarding a current or past credential holder?
  2. How can I become a CISM Exam Item Writer?

1. How do I request additional information or report an issue regarding a current or past credential holder?

To request additional information or to report an issue regarding a current or past credential holder, please contact the CISM certification department:

Email: exam@isaca.org
Tel: +1.847.660.5660
Fax: +1.847.253.1443

2. How can I become a CISM Exam Item Writer?

You can apply online to become a CISM Exam Item Writer.

Exam Registration & Administration :: Certification Requirements :: Exam Content


nav menu image
spacer image
Assurance | Security | Governance
Members & Leaders | Professionals & Practitioners | Students & Educators | Exhibitors & Advertisers
Info Request | Join | Bookstore | My ISACA | About ISACA
Home | Site Map | Shopping Cart | Logout | Contact Us
spacer image
menu shadow

Terms Of Use | Privacy Policy | IP Guidelines
© 2008 ISACA All rights reserved.
3701 Algonquin Road, Suite 1010, Rolling Meadows, Illinois 60008 USA