CISA     About the Certification     Review Classes Timetable     Register as a Member     FAQ's   CISM     About the Certification     Review Classes Timetable     Register as a Member           About ISACA   About ISACA Muscat   Members Directory   News & Events   Board Meeting   Resources   Newsletters   Home > Certification > CISM     Exam Registration     When will I be notified of my exam results? When is the next exam? When does registration begin for the next exam? What is the cost of the exam and what are the deadlines? How do I know if my online registration has been confirmed? Will I receive a receipt for my registration payment? Can I take the CISA and CISM exams on the same day? Certification Requirements     Why does ISACA offer an information security certification? Where can I find the CISM application for certification? What are the qualifications to earn the CISM credential? Who is eligible to become CISM certified and what makes CISM unique? Will CISAs qualify for CISM? Will CISSPs and other security credential holders qualify for CISM? How is CISM different from the other security certifications? How is CISM different from the Certified Information Systems Security Professional (CISSP)? What does the CISM continuing professional education program require? Can I still renew my certification and enter my 2005 CPE hours? When can I report my 2006 CPE hours? How can I earn CPE credits online? What do I need to do if I’ve received a revocation notice? Exam Content     How long is the exam? What does the CISA exam cover? Other     How do I request additional information or report an issue regarding a current or past credential holder? What is the CISM job practice analysis and how was it developed? How do I become a CISM Exam Item Writer? Exam Registration   When will I be notified of my exam results? The exam results will be mailed approximately eight weeks after the test date. To ensure the confidentiality of scores, exam results will not be reported by telephone or fax. However, with your consent to item #26 on the registration form, a one-time pass/fail status and score notification will be sent to you via e-mail at approximately the same time that the results are mailed. When is the next exam? The next exam is Saturday, 9 December 2006. When does registration begin for the next exam? Registration for the 9 December 2006 exam begins in July 2006. Further information will be announced when available. What is the cost of the exam and what are the deadlines? On or before 16 August 2006 ISACA member US$340 Nonmember US$460 After 17 August through 27 September 2006 ISACA member US$390 Nonmember US$510 Candidates can save $35 on the exam registration fee by registering online How do I know if my online registration has been confirmed? An online acknowledgement appears directly after finishing the checkout process. An email confirmation is sent immediately after completing your registration. This email has a subject line of ‘ISACA.ORG Purchase Confirmation’. If you have not received this email, please check your Spam folder. Additionally, you may confirm your order by clicking on “My Order History” in your online profile. Will I receive a receipt for my registration payment? Yes, a receipt for the payment is mailed to you automatically once the registration form has been processed. Can I take the CISA and CISM exams on the same day? The CISM and CISA exams will be held simultaneously, therefore, they cannot be taken on the same day.     Certification Requirements Why does ISACA offer an information security certification? ISACA's name reflects its obligation to offer products, services and benefits not only to the information systems audit profession, but to those who play a vital role in information systems control as well. More than 20 years ago ISACA pioneered the Certified Information Systems Auditor (CISA) credential and has developed and offered training programs to information systems auditors, information security practitioners and those involved in information technology governance. Most recognized in the industry are a series of ISACA conferences that are known as CACS (computer audit, control and security). These programs are held each year worldwide and meet the educational needs of a wide variety of information systems professionals. In recent years, ISACA has undertaken other information security and IT control activities: increased focus on security in the Information Systems Control Journal, creation of the IT Governance Institute, and development of research of particular interest and benefit to security management professionals. The maturity of ISACA membership and CISAs and their requested need for an information security credential that goes beyond the practitioner level has led ISACA to the development the CISM credential. Where can I find the CISM application for certification? CISM applications are located at www.isaca.org/cismapp. What are the qualifications to earn the CISM credential? Qualifying for CISM requires a combination of four "e's": experience, ethics, education and examination. Specifically, the requirements are: Successful completion of the CISM exam Adherence to a code of professional conduct Commitment to continuing professional education Submission of verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice areas. Waivers for general information security work experience are available, if certain education or certification requirements are met. For further details click here. Who is eligible to become CISM certified and what makes CISM unique? CISM is unique in the information security credential marketplace because it is designed specifically and exclusively for individuals who have experience managing an information security program. Experience requirements and the CISM exam are based on the experience required to competently perform the duties and responsibilities of an information security manager. These requirements and the tasks and knowledge that are tested were developed by information security leaders and later validated by subject matter experts and information security managers. The requirements are designed to measure an individual's management experience in information security situations, not general practitioner skills. Will CISAs qualify for CISM? The CISM certification program recognizes the achievement of the CISA credential as a baseline representation that an individual has gained general information security skill and knowledge. As such, CISAs receive a two-year general information security waiver. However, CISAs will not be eligible to earn a CISM unless they have the required experience and can demonstrate proficiency and practical knowledge in the role of an information security manager. Will CISSPs and other security credential holders qualify for CISM? The CISM certification program recognizes the achievement of the CISSP credential as a baseline representation that an individual has gained general information security skill and knowledge, just as it does with individuals who have earned a CISA. As such, CISSPs receive a two-year general information security experience waiver. However, CISSPs will not be eligible to earn a CISM unless they have the required experience and can demonstrate proficiency and practical knowledge in the role of an information security manager. Holders of other, more specialized credentials, such as the SANS Global Information Assurance Certification (GIAC), Microsoft Security Systems Engineer (MCSE), CompTIA Security + Credential and the Disaster Recovery Institute Certified Business Continuity Professional (CBCP) also can receive a one-year general information security experience waiver. How is CISM different from the other security certifications? CISM differs from the many other security certifications by virtue of its experience requirements and focus on the job performed by an information security manager. Other security certifications are characterized by a focus on technical skills or platform- or product-specific knowledge, or they are aimed at the practitioner in the earlier years of their career. Only CISM targets the information security manager-the individual who has progressed beyond the practitioner focus, whose emphasis is no longer technical or specialist skills, and who has moved on to the management of an enterprise's information security program. CISM is for the individual who must manage and oversee the enterprise's information security effort, including the practitioners, many of whom may hold other certifications the field offers. The focus on management that makes CISM unique is demonstrated in its experience requirement, which calls for a minimum of three years in information security management, and in its exam focus that is based on the practices performed by information security managers. How is CISM different from the Certified Information Systems Security Professional (CISSP)? Although there are many differences between the CISSP common body of knowledge and the CISM job practice areas, the most obvious differences is in the experience requirements. Only CISM requires information security management experience, in addition to general information security experience. CISSP has no such management requirement.   Earning the CISSP and/or the CISA credential is complementary to the attainment of the CISM credential and is encouraged. What does the CISM continuing professional education program require? In order to become and remain a CISM an individual must agree to comply with the CISM continuing professional education program. This program requires an individual to earn a minimum of twenty (20) hours annually and one hundred and twenty (120) hours every three years of continuing professional education. In addition, an annual maintenance fee of US $40 ISACA member and US $60 non-member is required.   To access the CPE policy, click here. Can I still renew my certification and report my 2005 CPE hours? To report CPE hours and/or remit a maintenance fee, login to www.isaca.org and proceed in one of two ways: 1) If you need to remit your maintenance fee: click on “My Renewals”. This process will enable you to pay online and report 2005 CPE hours, if necessary. 2) If you need ONLY to report CPE hours: Click on “My Profile” and then on “Certification Profile” in the left-hand navigation panel. Click on the “Edit CPE Hours” button within this page. Web site login assistance is available at www.isaca.org/login. When can I report my 2006 CPE hours? You can begin reporting your CPE hours for 2006 once you have received your official renewal notice in November. How can I earn CPE credits online? ISACA members can earn CPE hours by taking an Information Systems Control Journal CPE Quiz online. One contact hour is awarded per quiz. What do I need to do if I’ve received a revocation notice? If you have received a revocation notice, please contact certification@isaca.org     Exam Content How long is the exam? A candidate is given 4 hours to complete a 200 multiple-choice question exam. What does the CISM exam cover? The CISM exam will cover five information security management areas, each of which is further defined and detailed through task and knowledge statements. For specific details, please go to www.isaca.org/cismcontentareas.     Other How do I request additional information or report an issue regarding a current or past credential holder? To request additional information or to report an issue regarding a current or past credential holder, please contact the ISACA certification department at: Email: certification@isaca.org Phone: +1.847.253.1545, ext. 403, 471 or 474 Fax: +1.847.253.1443 What is the CISM job practice analysis and how was it developed? ISACA's philosophy toward certification is to measure the individuals' ability and knowledge as it pertains to the performance of their job. To define what security managers do and what they need to know ISACA brought together a task force of prominent industry leaders, subject matter experts and industry practitioners to define the job practice analysis on which the certification exam is based. Due to the importance of the job task analysis and the change experienced in the information security profession, ISACA is currently reviewing the job task analysis. In addition to the CISM's who are participating in this effort we have been joined by representatives from the Information Systems Security Association, the Information Security Forum and ASIS International. How do I become a CISM Exam Item Writer? You can apply online to become a CISM Exam Item Writer at www.isaca.org/cismexamitemwriter.

Terms Of Use | Privacy Policy | IP Guidelines PO BOX: 397 Postal Code: 115 Sultanate of Oman © 2006 Information Systems Audit and Control Association (ISACA) All rights reserved.