CISM® certification is the right choice for seasoned security professionals whose responsibilities include the management of information security programs within an enterprise. Off Peak Training professionals will work within the confines of the busy executive’s schedule to develop and enhance the knowledge base needed to acquire certification.
“The CISSP certification long ago made the gold standard, but infosec execs are now wisely adding the new CISM certification. Why the push? The advanced-level CISM better addresses the interdependency between business needs and IT security by focusing on risk management and security organizational issues.”
David Foote, Foote Partners, LLC, SC Magazine, July 2005
The CISM certification exam is broken down into five job practice areas.
- Information security governance (23 percent)—Establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.
- Information risk management (22 percent)—Identify and manage information security risks to achieve business objectives.
- Information security program development (17 percent)—Create and maintain a program to implement the information security strategy.
- Information security program management (24 percent)—Oversee and direct information security activities to execute the information security program.
- Incident management and response (14 percent)—Plan, develop and manage a capability to detect, respond to and recover from information security incidents.
The CISM® was developed specifically for experienced individuals working in information security with significant information security management responsibilities. This includes individuals who manage, design, oversees or assesses an enterprise’s information security (IS).
