|
To
earn the CISM designation, information security professionals are required
to:
1. Successfully pass the CISM exam.
2.
Adhere to the Information Systems Audit and Control Association Code
of Professional Ethics and agree to comply with a continuing education
policy.
3.
Submit verified evidence of five (5) years work experience in the field
of information security. Three (3) of the five (5) years of work experience
must be gained performing the role of an information security manager.
In addition, this work experience must be broad and gained in three
of the five job practice areas (see page 3). Substitutions for work
performed in the role of an information security manager are not allowed.
However, a maximum of two (2) years for general work experience in the
field of information security may be substituted as follows:
- Two
years of general work experience may be substituted for currently
holding one of the following broad security-related certifications
or a post-graduate degree:
– Certified Information Systems Auditor (CISA) in good standing
or
– Certified Information Systems Security Professional (CISSP)
in good standing or
– Post-graduate degree in information security or a related
field (for example: business administration, information
systems, information assurance)
OR
- A
maximum of one year of general work experience may be substituted
for one of the following:
– One full year of information systems management experience
or
– Currently holding a skill-based security certification [e.g.,
SANS Global Information Assurance Certification (GIAC), Microsoft
Certified Systems Engineer (MCSE), CompTIA Security +, Disaster
Recovery Institute Certified Business Continuity Professional (CBCP)]
For example, an applicant holding either a CISA or CISSP certification
will qualify for the maximum two year experience substitution. However,
the applicant also must possess a minimum of three years information
security management work experience in three of the five job practice
analysis areas.
Experience
must have been gained within the 10-year period preceding the application
for certification or within five (5) years from the date of initially
passing the exam. Application for certification must be submitted within
five (5) years from the passing date of the CISM exam. All experience
must be verified independently with employers.
It
is important to note that many individuals choose to take the CISM exam
prior to meeting the experience requirements. This practice is acceptable
and encouraged, although the CISM designation will not be awarded until
all requirements are met.
|
