The increasing demand for InfoSec (Information Security) professionals has driven the growth of InfoSec professional certifications. More and more companies and organizations are looking to recruit certified professionals owing to the level of expertise and efficiency they bring to the organization. Since numerous institutes are offering a variety of InfoSec professional certifications now, it can be baffling and overwhelming to choose the right certification to advance your career.

In this post, we will focus on the CISM certification.

The CISM certification or Certified Information Security Manager certification is an InfoSec designation. Offered by ISACA, this certification aims to teach standard industry managerial skills associated with IT security. The certification course is best-suited for professionals who wish to focus and master the managerial aspect of Information Security. Although the CISM requirements are pretty demanding, by the time you are done with the course, the results will be worth your effort.

A CISM certified professional is usually responsible for supervising the Information Security infrastructure of organizations including the design, development, working, and management of Information Security practices/ policies for the same. Today, CISM certification is widely popular among Security professionals and has become a global standard for the InfoSec industry. Here’s why:

  1. Massive demand for CISM certified professionals

The CISM certification course is meticulous and detailed, and hence, employers know that a CISM certified professional is both competent and experienced enough to handle a host of InfoSec issues ranging from setup and development to administration and management of the InfoSec systems. The certification depicts your understanding of the InfoSec programs concerning the broader canvas of business objectives.

Companies need CISM certified professionals to handle and manage the various aspects of InfoSec such as security risk management, security policies and procedures, security testing and auditing, network security management, security intrusion detection, and of course, the overall IT security & infrastructure.

  1. High salary packages

So far, there are nearly 23,000 CISM certified professionals globally (ever since its launch in 2002), and their demand largely exceeds their supply. This is the reason why enterprises are ready to pay generous compensation for skilled and deserving applicants.

The average salary for a CISM accredited professional ranges anywhere $52,402 to $243,610. While entry-level positions bag salaries at the lower end of this range, senior professionals who have experience in managing complex projects can easily earn a five-figure or six-figure salary.

  1. It offers greater autonomy

Autonomy in the workplace, that is, the power to take independent decisions related to projects, is seldom available in the InfoSec domain. However, since CISM certified professionals can effectively design InfoSec solutions offering business-specific protection as well as implement InfoSec solutions readily, it is more likely that they will get permission to undertake new projects/initiatives.

Requirements for CISM certification

To obtain the CISM designation, you must meet the following requirements:

1. Pass the CISM Exam

Fortunately, the CISM exam is not an extremely difficult feat, provided you prepare for it with a dedicated effort. The exam consists of 150 questions to be completed in 4 hours. The passing score is 450 out of 800. However, there’s a catch – you must have at least five years of working experience. So, if you pass the exam and do not have five years of experience, your score will be valid for the following five years (during which you can gain the requisite experience). But if you fail to do so, after five years, your passing score will become invalid.

2. Comply with ISACA’s Code of Professional Ethics

All members of ISACA, as well as the holders of the CISM designation, must agree to a Code of Professional Ethics. The code of ethics is a guide for professional and personal conduct.

3. Enroll in the CPE program

If you have successfully passed the CISM exam, you must participate in the CISM CPE (Continued Professional Education) program. The CPE program ensures that the qualified CISM candidates continuously update their knowledge in the field. Furthermore, it also ensures that all the latest industry trends and security policies are included in the upgraded security practices and policies.

The CPE program has two primary goals:

  • To maintain a professional’s competence going forward, thereby ensuring that all CISM certified professionals harbor an adequate level of current industry knowledge and proficiency.
  • To offer a ground for distinction and differentiation between qualified CISM professionals and those who have not fulfilled the requirements for the continuation of the CISM certification.

Apart from this, you must pay the maintenance fees and have at least 20 contact hours of CPE annually. For a fixed 3-year tenure, you must have at least 120 contact hours of CPE.

  1. Work Experience

All CISM candidates must submit verified evidence showing that they have a minimum of 5 years in InfoSec, with at least three years of that experience being in information security management in any three of ISACA’s job practice analysis areas. You can gain this work experience before getting the certification, or you can get it within five years from the date of your passing the CISM exam.

There are some provisions to substitute the 5 years of work experience with the following security-related certifications and information systems management experience:

One Year:

  • One year of Information Systems Management experience.
  • One year of General Security Management experience.
  • If you have completed an Information Security Management program at an institution aligned with the CISM Model Curriculum.
  • If you possess a skill-based security certification like SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security+, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), and ESL IT Security Manager.

Two Years:

  • Certified Information Systems Auditor (CISA).
  • Certified Information Systems Security Professional (CISSP).
  • Post-graduate degree in Information Security or any related field such as Information Systems, Information Assurance, and Business Administration.

However, keep in mind that these experience substitutions are not accepted as a replacement for the 3-year Information Security Management experience. You are only allowed to substitute one year for every two years of work experience in an Information Security Management role with two years of full-time university-level instructor-led course in Information Security Management.

  1. Submit the CISM application

The last step is where you are required to submit a CISM application to ISACA for the certification. You can do this only after you have successfully passed the CISM exam and have the requisite work experience. There are three ways to submit the application:

  1. Download the application form in PDF format (150K)
  2. Complete and print the online application
  3. Request an application via postal mail.

Seeing as CISM certified professionals are very high in demand now, it is the perfect time to obtain the CISM certification. If you are willing to make hay while the sun shines, do check out online training courses for CISM.