What constitutes information security management experience for CISM Certification?
Information security management is a broad field, and encompasses many specialties within the security profession. ISACA categorizes these management activities into five areas, as defined in the most recent Job Task Analysis. Each area is broken into discreet tasks, and each task is further broken down into the supporting knowledge required to perform each task. In order to qualify for the CISM certification, the CISM candidate must have a minimum of five years of information security experience, of which three or more years must be information security management work. Note that the requirement does not dictate that the individual must have a specific position that designates them as a CISO or any other specific security management title. However, for those that do not have this designation, the role that they perform must clearly map to tasks within 3 of the 5 management areas as defined in the CISM Job Task Analysis. While less common these days, there are still organizations that
Related Questions
- Are there different certification requirements for managers than for technically oriented information assurance or information security personnel?
- What constitutes information security management experience for CISM Certification?
- Security, Privacy, and Spam Management How does HSC LiveMail handle spam?
