CISM exam weighting changed by ISACA to reflect current content in information security management
Global business technology and information security association ISACA has updated its Certified Information Security Manager certification exam. This is the result of new expert input pinpointing the most relevant knowledge and experience needed in the profession.
ISACA’s CISM certification promotes international security practices and recognises individuals who manage, design and oversee an enterprise’s information security. Since 2002, more than 33,000 individuals have earned the CISM designation.
While the four CISM job practice domains remain similar, the exam weighting will shift slightly. The new weighting is as follows:
Domain 1—Information Security Governance: Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organisational goals and objectives. (24%)
Domain 2—Information Risk Management: Manage information risk to an acceptable level based on risk appetite in order to meet organisational goals and objectives. (30%)
Domain 3—Information Security Program Development and Management: Develop and maintain an information security program that identifies, manages and protects the organisation’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture. (27%)
Domain 4—Information Security Incident Management: Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimise business impact. (19%)
“As the CISM certification marks its 15th anniversary in 2017, this updated job practice will ensure that the credential reflects the most current knowledge and experience that information security managers need to thrive in this critically important and in-demand field,” said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s board of directors and group director of Information Security for INTRALOT.
ISACA conducts a job practice analysis every five years, at a minimum, to keep pace with industry demands and changes. The CISM Practice Analysis Task Force recently completed a nine-month assessment that resulted in the revised job practice. The CISM Practice Analysis Task Force was composed of eight CISM task force members, and the collective opinions of more than 1,400 information security professionals from around the world also helped to validate the revised job practice.
Effective with the first 2017 exam administration, the CISM exam will contain 150 questions testing the new job practice. For more information about the 2017 CISM job practice, visit the website.
The CISM certification recently was named a finalist among top professional certification programs in the 2017 SC Magazine Awards.
ISACA’s CISA, CISM, CRISC and CGEIT certifications will be offered in 2017 during three eight-week testing windows through computer-based testing. The first window will be 1 May-30 June, with registration available on ISACA’s website.
More information regarding ISACA certifications can be found here.
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow