To stay ahead of evolving IT security roles, ISACA’s June 2012 Certified Information Security Manager (CISM) examination will be based on an updated job practice. The new CISM job practice is available to help candidates prepare for the exam.
ISACA, a nonprofit association of more than 95,000 IT people worldwide, conducts an international job practice analysis at least every five years, which forms the basis of the CISM exam.
“Regularly conducting a job practice analysis ensures that the CISM exam accurately reflects the current tasks and responsibilities of today’s information security managers,” said Allan Boardman, CISA, CISM, CGEIT, CRISC, CISSP, CA(SA), chair of ISACA’s Credentialing Board. “Analysing the CISM’s role helped us identify the need to streamline the domains within the job practice.”
Major changes to the CISM job practice include combining two of the domains, resulting in four domains, rather than the previous five. The new CISM job practice domains are:
- Domain 1—Information Security Governance
- Domain 2—Information Risk Management and Compliance
- Domain 3—Information Security Program Development and Management
- Domain 4—Information Security Incident Management.
The CISM job practice analysis sought input from thousands of global information security professionals. ISACA’s CISM Job Practice Analysis Task Force facilitated independent reviews with content experts who are CISMs to create a detailed description of the tasks performed by, and knowledge required of, information security managers. ISACA also worked with Professional Examination Service (PES) to complete the analysis. PES has been ISACA’s credentialing partner since 1987.
“The CISM exam domains have been updated based on expertise gathered during the comprehensive job practice analysis process, adding value and a competitive advantage to those who achieve the credential,” said Boardman.
Additional information on ISACA’s certifications is available at www.isaca.org.
