Introduction to CISM Tutorial

0.1 Introduction

Hello and welcome to lesson number 00 of Certified Information Security Manager (or CISM) Course offered by Simplilearn. This lesson is an introduction to CISM. Let us explore CISM course in the next screen.

0.2 Introduction to CISM®

CISM is an information security certification offered by ISACA. This is an internationally recognized professional certification that is targeted to information security managers as well as those who offer consulting services on information security. Information security is a wide and important area not only to the information security managers, but also to the executive management who are interested in knowing how effectively their company is protected from internal and external threats to the information security. Those who earn the CISM certification can effectively develop, manage, and oversee an enterprise’s information security. Let us look at the objectives of this lesson in the next screen.

0.3 Objectives

After completing this lesson, you will be able to: • Understand the ISACA organization that offers the CISM certification • List the CISM domains • Explain the value of holding the CISM designation • Discuss how to obtain the CISM certification, and • Explain the CISM exam pattern Let us look at the ISACA organization in the next screen.

0.4 About ISACA®

The acronym ISACA formerly stood for Information Systems Audit and Control Association. However, as the association grew, its mandate expanded beyond audit and controls, to become the leading global provider of knowledge, certifications, community, advocacy, and education on information systems assurance and security, governance and management of IT, as well as IT related risk and compliance. Thus it is currently known only by the acronym ISACA. ISACA was founded in 1969 and over the years has grown to have over 140,000 members in over 180 countries as of 2015. You can become a member of ISACA by registering on their website ( ISACA has developed and continually updates the COBIT , Val IT, and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business. In addition, ISACA hosts international conferences as well as publishes journals. We will learn about the certifications offered by ISACA the next screen.

0.5 ISACA® Certifications

Members of ISACA get subsidized rates in pursuing their certifications, which include: • Certified Information Systems Auditor (or CISA) • Certified in the Governance of Enterprise IT (or CGEIT) • Certified in Risk and Information Systems Control (or CRISC), and • Certified Information Security Manager (or CISM) We will understand the value of CISM in the next screen.

0.6 Value of CISM®

A CISM qualified individual can identify and analyze critical issues in the information security practices in organizations and customize them to develop organization-specific practices that help support the governance of information and related technologies. Such individuals demonstrate their commitment to compliance, security, and integrity, which ultimately contributes to the attraction and retention of customers. CISM qualified individuals also enable improved alignment between the organization's information security program and its broader goals and objectives. They are able to help organizations generate credibility among multinational customers by providing the enterprise with a certification for information security management. To summarize, a person who holds a CISM designation is able to demonstrate that they not only understand security, but also understand business goals and are able to align these two to ensure organizational success. Let us look at the requirements for holding a CISM certification in the next screen.

0.7 Requirements for CISM® Designations

To earn the CISM designation, information security professionals need to successfully pass the CISM exam and adhere to the ISACA Code of professional ethics. One also has to agree to comply with the CISM continuing education policy. In addition, these professionals need to submit verified evidence of five years of work experience in the field of information security. Out of the five years of work experience, three years of experience must be gained by performing the role of an information security manager in three of the four CISM domains. Let us look at the CISM domains in the next screen.

0.8 CISM® Domains

The CISM exam covers 4 information security management areas. Each of these areas are further defined and detailed through Tasks and Knowledge statements. These areas and statements were approved by the CISM Certification Committee and validated by prominent industry leaders, subject matter experts, and industry practitioners. These areas represent a job practice analysis of the work performed by information security managers. These provide the basis for the CISM exam and the qualifying experience for certification. Click each component to know more. • Domain 1 covers Information Security Governance and accounts for 24 percent of the CISM exam and approximately 48 questions • Domain 2 covers Information Risk Management and Compliance and accounts for 33 percent of the CISM exam and approximately 66 questions • Domain 3 covers Information Security Program Development and Management and accounts for 25 percent of the CISM exam and approximately 50 questions • Domain 4 covers Information Security Incident Management and accounts for 18 Percent of the CISM exam and approximately 36 questions We will look at the structure of the CISM exam in the next screen.

0.9 CISM® Exam

The CISM exam questions are prepared with the intent of measuring and testing practical knowledge in information security. The CISM exam is paper-based that consists of 200 multiple-choice questions covering four practice areas, which must be completed within a 4 hour period. All questions have four multiple choice options for one correct answer. The CISM student should choose the correct answer from the choices. ISACA uses a scale from 200 to 800 when grading the examination and minimum pass mark for the CISM exam is 450 marks. A few questions will be presented in the following screens. Select the correct option and click Submit to see the feedback.

0.10 Quiz

The quiz section will help you to check your understanding of the concepts covered. The quiz will help you to check your understanding of the concepts covered.

0.11 Summary

Here is a quick recap of what we have learned in this lesson: CISM is a management focused certification offered by ISACA that promotes internationally recognized security practices. CISM designation holders understand business goals and are able to align this with the security practices to ensure organizational success. CISM is divided into four domains. They are: • Information Security Governance • Information Risk Management and Compliance • Information Security Program development and Management • Information Security Incident Management

0.12 Conclusion

This concludes the lesson on Introduction to CISM®. The next lesson will focus on Information Security Governance.

Find our CISM® Online Classroom training classes in top cities:

Name Date Place
CISM® 7 May -29 May 2021, Weekdays batch Your City View Details
CISM® 12 Jun -4 Jul 2021, Weekend batch Your City View Details
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*