Certified Information Security Manager (CISM)

CISM, the Certified Information Security Manager is ISACA's new certification and is specifically geared toward experienced information security professionals. CISM is business-oriented and focused on information risk management while addressing management, design and technical security issues at the conceptual level. It is for the individual who must maintain a view of the "big picture" by managing, designing, overseeing and assessing an enterprise's information security. For more information on CISM.

What is CISM?

The Certified Information Security Manager (CISM) certification is a unique management-focused certification that has been earned by more than 13,000 professionals since its introduction in 2003. Unlike other security certifications, CISM is for the individual who manages, designs, oversees and assesses an enterprise's information security.

Who Earns CISM Certification?

CISM certification is for individuals who design, build and manage enterprise information security and who have experience in the following areas:

  • Information Security Governance
  • Information Risk Management
  • Information Security Program Development
  • Information Security Program Management
  • Incident Management and Response


CISM demonstrates proven experience:The demand for skilled information security management professionals is on the rise. Earning a CISM designation will give you a competitive advantage. Many enterprises and government agencies increasingly recognize, require and expect their IS and IT professionals to hold this certification. Being a CISM:

  • Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives.
  • Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program.
  • Puts you in an elite peer network
CISM enhances credibility and recognition:

CISM is globally recognized as the leading credential for information security managers. CISM combines the achievement of passing a comprehensive exam with recognition of work, management and educational experience, providing you with greater credibility in the marketplace.

CISM means higher earning potential and career advancement:

Recent independent studies consistently rank CISM as one of the top two highest paying and sought after IT certifications.

Worldwide Recognition

Although certification may not be mandatory for you at this time, a growing number of organizations are requiring or recommending that employees become certified. To help ensure success in the global marketplace, it is vital to select a certification program based on universally accepted information security management practices. CISM delivers such a program.

" The CISSP certification long ago made the gold standard, but infosec execs are now wisely adding the new CISM certification. Why the push? The advanced-level CISM better addresses the interdependency between business needs and IT security by focusing on risk management and security organizational issues." -- David Foote, Foote Partners, LLC, SC Magazine, July 2005