Spotlight on ISACA’s Certifications: CISA, CISM and the New CGEIT

  By Howard Nicholson —

Demand for CISM is growing. More than 2,000 candidates registered for the June 2007 CISM exam — nearly a 25 percent increase from June 2006 — and more than 4,000 candidates are expected to take the exam this year. Like the CISA exam, the CISM exam is offered twice annually. It is available in three languages and at more than 230 global testing sites.

The test covers five areas of information security management: information security governance, information risk management, information security program development, information security program management and incident management and response.
These areas and statements were developed as a result of a job practice analysis of the work information security managers perform.

To earn the CISM, a minimum of five years of information security work experience is required (certain substitutions are accepted), in addition to a passing score on the exam.

As employers realize the importance of information security and governance, they look to certifications to identify prospective employees with experience and expertise in these fields. A quick search of Monster.com reveals hundreds of job listings specifying a preference for CISA or CISM.

“No enterprise can surpass the abilities and talents of its employees,” said Marios Damianides, Ernst & Young partner of security and technology services. “The fields of technology and security are ever-changing, and I need to know that employees are prepared to face such challenges. ISACA’s designations are excellent indicators of proficiency in these areas.”

Howard Nicholson, CISA, is international vice president of ISACA and chair of the CGEIT certification board. He can be reached at editor@certmag.com.