The CISM certification is designed for people who are looking to move out of the ranks of IT auditors and into a management role. To be honest it works well even if you just in a Senior role. Whether you have decades of experience in IT Security Management or you have a strong background in Auditing the CISM certification is the right choice to boost your career to the next level.

The first step to researching the Certified Information Security Manager certification is going directly to the source of any certification the sponsor. In this case ISACA sponsors both this and the CISA certifiection, which you can find more about in the article How to Become CISA certified. Not only will you find the requirements that we review here, but also some pratctice test questions and study guides from ISACA.

CISM Requirements:

The second step is to make sure that you meet the requirements for the CISM certification:

1. Pass the CISM exam - Warning - it is only offered twice a year.
2. Submit an application and prove you have 5 years of IS auditing, control or security work experience - Tip - You can substitute other experience as explained later on.
3. Agree to the "Code of Professional Ethics".
4. Pay a yearly fee and get a minimum of 20 hours CPE (Continuing Professional Education) a year and 120 hours CPE every 3 years.

Pass the CISM Exam

Lets talk about each of the requriements starting with how to pass the CISM exam. Like any certification it will take a blend of experince, studying, and test preparation to pass the CISM exam. If you have high level IT Certifications such as MCSE, CCNP, or CISSP you probably already have 50% of the knowledge you need to get your CISM certification. However, you will need some addditional tools to beef up on your auditing, and programming experience. I recommend checking out the Pass IT Exam Questions and the CISM Prep Guide. You can find more books for both CISA and CISM certifications at CISMBooks.com.

On the other hand if you have a lot of auditing experince with limited IT experience I would recommend reading through the old Microsoft Network Essentials book, or the A+ certifications book, which will provide more than the basics you need on basic networking. You will also need to understand the basics of programming and databases.

If you review the material and still aren't comfortable I recommend that you check out an instructor led class. CISMTraining.com provides a quick list of instructor led courses. Remember to set aside the time for these and try to get your company to pay for them. Like all certifications a combinations of all these methods will get you through to passing your CISM exam.

Registering for the Exam

After you have prepared for the CISM exam it's time to pass the exam. In order to take the Certified Information Security Manager exam you have to register over two and half months ahead of time. As mentioned earlier the exam is only offered twice a year similiar to the CISA exam. You can find the dates and locations the CISM exam is offered and register for it through ISACA.

The CISM exam is a multiple choice test composed of 200 questions. You msut score at least a 450 out of a sliding scale of 200-800. However, not all of the questions count to your score. Some are just test questions for next years test. The worst part about ISACA certifications is the fact you have to wait 2 months to find out if you passed. Not great for an "IT" certification.

When you go to take the test show up early, even if your like me and hate standing around. It is not the most organized process and both the CISA and CISM tests are normally offered at the same location so you get a lot of people. Be sure to bring something to drink and eat if your need it. You'll also want your notes for studying and several pencils, #2 of course.

CISM Application

Unfortunately just passing the exam is not enough you still have to get your application accepted prior to becoming CISM certified. The application includes the normal contact information and details your years of experince that qualify you for the CISM certification. As mentioned before you must meet the 5 years of Information Security experience requirement. This must include 3 years of Information Security Management experience within those 5 years. To top it off this experince must have occured in the preceeding 10 years of work experience or gained within 5 years from passing the exam.

Okay you read that and say I don't even qualify, well not quite there are some things that can substitute for years of experience:

1. CISA certified and in good standing subistitutes for 2 years experience
2. CISSP certifiedand in good standing subistitutes for 2 years experience
3. Post Graduate degree in Information Security sub for 2 years experience
4. 1 year of Information Security Mangement experience for 1 year experince
5. MCSE, GIAC, Security+, CBCP, and ESL IT Security Manager certifications substititue for 1 year of experience.

Your CISM Certified Now What?

You passed the exam, applied and was accepted, congratualations. What do you do now? Well first ask for raise you should be able to get a $1,500 bump up, unless of course they paid for everything then might be smaller. Also don't forget the last requirement you must maintain your CPE with a mimimum of 20 hours a year and 120 hours CPE in 3 years.

Finally don't stop learning and getting certified. If you don't have the CISA certification get it. If you do the next certification for you is the CISSP certification check out our article on How to get CISSP certified. Check out our list of CISM resources down below and Good Luck on your CISM path.

Resources

• ISACA.org - official sponsor of the CISA & CISM certifications.
• ISACA Self Assesment Test
• CISM Training Web Site
• How to Get CISA Certified
• CISA Books - Compare & Shop for CISA & CISM study Guides.