The Certified Information Security Manager (CISM) is a credential provided by the Information Systems Audit and Control Association (ISACA) for experts in information security. It’s aimed at those who handle, create, supervise, and evaluate information security initiatives within businesses. This certification suits individuals accountable for executing information security regulations, processes, norms, and safeguards to safeguard the confidentiality, accuracy, and accessibility of information assets.
Certified Information Security Manager (CISM) Exam Glossary
Here are some key terms that you may encounter on the Certified Information Security Manager (CISM) exam:
- Asset: Any resource that has value to an organization, such as hardware, software, data, personnel, or facilities.
- Authorization: The process of granting access to a system or resource based on a user’s identity and permissions.
- Business Continuity Management (BCM): Making sure that a company can keep running during and after a disruptive incident.
- Confidentiality: The principle of keeping information secret and protecting it from unauthorized disclosure.
- Governance: The system of policies, processes, and controls used to guide and manage an organization.
- Incident Response: The process of identifying, containing, and mitigating the impact of a security incident.
- Integrity: The principle of maintaining the accuracy and completeness of information and protecting it from unauthorized modification.
- Risk: The likelihood or probability of a threat exploiting a vulnerability and causing harm to an organization.
- Security Control: A safeguard or countermeasure used to protect an organization’s assets and mitigate risks.
- Threat: Any event or action that has the potential for causing harm to an organization’s assets or operations.
- Vulnerability: A weakness or gap in a system’s security that can be exploited by a threat.
- Disaster Recovery (DR): The process of restoring an organization’s critical systems and data after a disruptive event.
Certified Information Security Manager (CISM) Exam Guide
The official study material for the Certified Information Security Manager (CISM) exam is the CISM Review Manual, which is published by the Information Systems Audit and Control Association (ISACA). The latest edition of the manual is the 15th edition, which covers all the key exam topics and includes review questions, case studies, and self-assessment exams.
You can purchase the CISM Review Manual directly from ISACA on their website: https://www.isaca.org/bookstore/bookstore-wiley/cism-review-manual-15th-edition
ISACA also offers a range of other resources to help candidates prepare for the CISM exam, including:
- CISM Review Questions, Answers & Explanations Database: This database includes over 1,000 review questions, answers, and explanations to help candidates assess their knowledge and understanding of the exam topics. You can purchase it on the ISACA website: https://www.isaca.org/bookstore/bookstore-database/cism-review-questions-answers-explanations-database-16th-edition
- CISM Exam Preparation Resources: This page on the ISACA website provides an overview of all the exam preparation resources that ISACA offers, including study materials, review courses, practice exams, and more. You can access it here: https://www.isaca.org/credentialing/cism/preparation
It’s important to note that while the official study material is a valuable resource, it’s recommended to use a variety of resources and study consistently in order to achieve success on the CISM exam. Good luck with your studies!
Course Outline
First Domain: Information Security Governance (17%)
A–ENTERPRISE GOVERNANCE
- Organizational Culture
- Legal, Regulatory and Contractual Requirements
- Organizational Structures, Roles and Responsibilities
B–INFORMATION SECURITY STRATEGY
- Information Security Strategy Development
- Information Governance Frameworks and Standards
- Strategic Planning (e.g., Budgets, Resources, Business Case)
Second Domain: Information Security Risk Management (20%)
A–INFORMATION SECURITY RISK ASSESSMENT
- Emerging Risk and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Assessment and Analysis
B–INFORMATION SECURITY RISK RESPONSE
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Risk Monitoring and Reporting
Third Domain: Information Security Program (33%)
A–INFORMATION SECURITY PROGRAM DEVELOPMENT
- Information Security Program Resources (e.g., People, Tools, Technologies)
- Information Asset Identification and Classification
- Industry Standards and Frameworks for Information Security
- Information Security Policies, Procedures and Guidelines
- Information Security Program Metrics
B–INFORMATION SECURITY PROGRAM MANAGEMENT
- Information Security Control Design and Selection
- Information Security Control Implementation and Integrations
- Information Security Control Testing and Evaluation
- Information Security Awareness and Training
- Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)
- Information Security Program Communications and Reporting
Fourth Domain: Incident Management (30%)
A–INCIDENT MANAGEMENT READINESS
- Incident Response Plan
- Business Impact Analysis (BIA)
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Incident Classification/Categorization
- Incident Management Training, Testing and Evaluation
B–INCIDENT MANAGEMENT OPERATIONS
- Incident Management Tools and Techniques
- Incident Investigation and Evaluation
- Incident Containment Methods
- Incident Response Communications (e.g., Reporting, Notification, Escalation)
- Incident Eradication and Recovery
- Post-Incident Review Practices
How To Prepare For Certified Information Security Manager (CISM)?
Getting ready for the Certified Information Security Manager (CISM) exam requires a series of actions, such as acquiring knowledge, comprehending the exam format, and practicing with exam-like questions. Here’s a breakdown of steps you can follow to prepare for the CISM exam:
- Meet the eligibility requirements: To take the CISM exam, you must have at least five years of experience in information security, with at least three years of experience in information security management.
- Understand the exam structure: In the CISM exam, you’ll face 150 multiple-choice questions to answer in a four-hour timeframe. These questions are divided into four categories: Information Security Governance, Risk Management, Information Security Program Development and Management, and Information Security Incident Management.
- Study the exam content: You can find the exam content outline on the ISACA website. Review the domains, knowledge statements, and task statements to understand the concepts that will be in the exam.
- Use study materials: Numerous tools are accessible to aid you in getting ready for the CISM exam. These resources include books, online courses, and study manuals. The ISACA website is also a source of official study materials, encompassing review courses and practice questions.
- Practice exam-style questions: Practicing exam-style questions can help you prepare for the types of questions that can appear in the exam. Use practice exams and quizzes for examining your knowledge and discovering areas where you need to improve.
- Join a study group: Joining a study group can help you stay motivated and accountable during the exam preparation process. You can also learn from others and gain different perspectives on the exam content.
- Schedule your exam: Once you feel confident in your knowledge and skills, schedule your exam. Make sure to give yourself enough time to review and practice before the exam date.
From the Expert’s Desk
To sum up, CISM candidates have quite a bit to accomplish before earning their certification. Nevertheless, the effort pays off since CISM certifications are greatly valued. Attaining this certification is a significant career achievement, enhancing your reputation within your workplace. CISM certification leads to improved earnings and a deeper grasp of security systems management within organizations.
If you’re resolute about taking the CISM exam, consider having Testprep Training by your side. They offer both free and paid practice tests to boost your confidence.