CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.

The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area.

Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.

The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.

Two Years:

Certified Information Systems Auditor (CISA) in good standing

Certified Information Systems Security Professional (CISSP) in good standing

Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

One Year:

One full year of information systems management experience

One full year of general security management experience

Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business

Continuity Professional (CBCP), ESL IT Security Manager)

Completion of an information security management program at an institution aligned with the Model Curriculum