Since it was founded in 2008, the Identity Management Institute® (IMI) has become an international presence in the realm of identity and access management. IMI instructors train and certify identity management (IM) professionals and industry leaders globally.
IMI partners with numerous industry powerhouses and Fortune 500 companies — including IBM, Morgan Stanley, Fidelity Investments, AIG, Vanguard, and many others — on IM-related issues such as data privacy, governance, regulatory compliance, and fraud and identity theft prevention.
Historically, identity management encompassed a general set of processes and best practices, along with technical tools to aid in system access management and protection of digital information. The scope of IM has evolved over the years as have the risks associated with IM oversight and data protection.
The changing IM landscape
The rise of consumer identity theft and fraud, coupled with changes in the way we conduct business both in person and in the cloud, has led to a growing number of local and international information protection laws. One such law is the General Data Protection Regulation (GDPR), the international accord governing the protection and transfer of data in the European Union.
Companies need qualified and trained IM professionals to navigate the sometimes very muddy waters surrounding regulatory compliance issues, identity protection, data privacy threats and risks, access management, and the like.
The advent of new technologies and workplace norms has created a dizzying array of challenges. Complicating factors and trends include the Internet of Things (IoT), Bring Your Own Device (BYOD), remote and mobile workforce access and security issues, file sharing and online collaboration, and cloud computing and storage.
Corporate breaches resulting from theft of employee access credentials, have only heightened the importance of managing internal access as employees change job roles. The need to proactively develop policies and programs to meet these demands (both at the local and international level) is higher now than ever.
Skilled IM professionals needed
The demand for IM and cybersecurity experts is growing. IMI reports that the IM market is expected to reach almost $15 billion by 2021 with predicted shortages of 1.5 million cybersecurity experts by 2020.
To meet the growing demand for skilled IM professionals, IMI developed a robust certification program offering credentials across eight certification paths, including technology, risk management, implementation, governance, identity theft, data protection, assess management, and ID fraud prevention.
Identity Management Institute membership is required for all certification candidates. Membership is offered at the individual and corporate level. Individuals who are IMI-certified may join as regular members, while those interested in IM but who are not yet certified may join as associate members.
Membership is $95 and must be renewed annually. Corporate memberships are available at the bronze, silver, gold, and platinum levels, and range from $4,000 to $20,000 annually.
All certifications except the CIMP and CIGE (which have no exam) require candidates to pass a single exam to earn the credential. Most exam application fees include a study guide. Candidates with the required number of qualifying points (based on education, professional experience and other professional certifications held) may challenge the CAMS and CIST exams.
To challenge the CAMS or CIST exam, candidates must submit an application and written risk assessment, and pay the associated fees. Complete requirements for all credentials are listed on the individual certification web page. To maintain IM credentials, 60 hours of continuing education are required in every three-year cycle.
Current credentials include:
Certified in Data Protection (CDP): The CDP credential validates a data privacy and information security professional’s skill and understanding of data privacy issues including security controls (administrative and technical), privacy laws and related regulations, data lifecycle, data protection best practices, and international security standards.
Critical Risk Domains (CRDs) targeted include governance and management, risk assessment, access controls, system security, vendor risks, incident management, operation security, privacy and compliance, data management, and business continuity. The CDP exam application fee is $395.
Certified Identity and Access Manager (CIAM): The CIAM credential targets professionals who design and implement identity and access management solutions, identify risks and assess current tools and processes, and make recommendations for improvement. CIAMs understand regulations and actions required to maintain compliance.
The exam covers 10 CRDS: strategy and governance, program management, lifecycle and transformation, access request and approval, provision and de-provisioning, enforcement, auditing and reporting, access review and certification, account reconciliation, and tools. The application fee is ($295).
Certified Access Management Specialist (CAMS): This credential targets professionals who manage user rights, and routinely approve, grant and remove user access, maintain access control records, perform routine access audits and manage incidents. The exam application fee is $195. The CRDs covered include security, threats, access controls, rights management, identification, authorization, authentication, access control matrix, logging and monitoring, and event control. Candidates who possess at least two years of experience plus 40 qualifying points may challenge the exam.
Certified Identity Protection Advisor (CIPA): According to IMI, the CIPA is the international leader when it comes to credentials for identify theft risk management. CIPA targets professionals who manage identity theft issues ranging from implementation of prevention strategies to recovery if a threat occurs.
The CIPA exam covers ten CRDs related to identity theft risk management: awareness, rights and obligations, identity protection framework, risk management, theft and fraud prevention, fraud detection, consumer reports and scores, investigation and resolution, relationship management, and services and resources. The exam fee is $195.
Certified Red Flag Specialist (CRFS): The CRFS targets IM professionals engaged in prevention of workplace identity fraud. An expert in identity theft laws, regulations and standards, CRFS professionals possess the skills necessary to recognize red flags, recommend best practices and implement Identity Theft Prevention Programs (ITPP) and protect against identity theft, especially during business transactions.
The CRFS exam covers five CRDs including layered security controls, programs to prevent identity theft, red flags, risk assessments, and identity theft overview. The CRFS application fee is $295.
Certified Identity Governance Expert (CIGE): The CIGE targets global leaders in identity governance. CIGE’s recommend best practices, create, implement and promote worldwide identity governance policies and standards and frameworks.
The CRDs validated by the CIGE include: governance; identity and access management lifecycle; strategy, roadmap, framework, and planning; roles, responsibilities and accountability; program policies and procedures; risk management and internal controls; independent audits, monitoring, and performance measurement; compliance; and technology. To earn the CIGE designation, candidates must submit the CIGE application, possess 120 qualifying points, submit a written risk statement, and pay a $395 application fee.
Certified Identity Management Professional (CIMP): The CIMP targets professionals who create, implement and manage IM processes, plans and strategies designed to meet an organization’s IM business goals. CIMPs improve IM security and ensure compliance with IM-related laws and regulations.
To earn the CIMP, candidates must possess one of the following: six years of professional IM experience, a four-year technical degree from an accredited university plus two years of professional IM experience, or a two-year technical degree plus four years of IM experience. (Note: IMI allows candidates to substitute some professional credentials for experience and education requirements.) In addition to the application, 60 qualifying points plus a $295 application fee is required.
Certified Identity and Security Technologies (CIST): The CIST is focused on technical IM leaders who are experts in IM-related issues including access and identity management, regulatory compliance, system and data security, and connectivity. CISTs are able to design technical IM solutions to minimize security, access, communication and other IM risk.
The five CRDs in the CIST domain include leadership, communication, transition and implementation, planning and design, and strategy and analysis. The CIST application fee is $295. Candidates with four years of IM experience plus qualifying points may challenge the exam.
Find IMI online
In addition to its certification program, IMI maintains a number of free online resources including articles, blogs, focused discussion groups, and publishes the Identity Management Journal. Video courses, as well as instructor-led webinars and onsite training, are available via the training home page. Also, look for IMI on YouTube, LinkedIn, and Facebook.