CISM® (CERTIFIED INFORMATION SYSTEMS MANAGER®) CISM® is another professional certification sponsored by ISACA®. This certification is specifically developed for information security managers and those who are in-charge of managing information security. The CISM® certification is for the individual who manages, designs and oversees an enterprise’s information security. The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. The following are benefits for achieving CISM® designation: Recognition as an Information Security Manager. This certification is designed specifially and exclusively for individuals who have experience managing an information security program. Requirements to become a CISM® are based on the experience necessary to competently perform the duties and responsibilities of an information security manager. Recognition for Other Security Earned. CISM® is for individuals who must manage and oversee the enterprise’s information security effort, many of whom may hold other certifications the field offers. Information security professionals that have earned credentials such as CISA®, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security+ and Certified Business Continuity Professional (CBCP), can receive general information security experience requirement waivers. Worldwild Recognition. Although certification may not mandatory for you at this time, a growing number of organizations are requiring or recommending that employees become certified. To help ensure success in the global marketplace, it is vital to select a certification program based on universally accepted tehnical practices, such as CISM®. The American National Standards Institute (ANSI) has accredited the CISM® certification under ISO/IEC 1702:2003, General Requirements for Bodies Operating Certification Systems of Persons. ANSI accreditation, among others, protects the integrity of the certifications and enhances consumer and public confidence in the certifications and the people who hold them. CISM® Requirements The CISM® program is designed to assess and certify individuals in the information security management profession who demonstrate exceptional skill and judgment. To earn the CISM® designation, information security professionals are required to: 1. Succesfully complete the CISM® exam. 2. Adhere to the ISACA® Code of Professional Ethics, which is included in the Candidates Guide to the CISM® Exam provided to each exam registrant. 3. Submit verified evidence of a minimum of five (5) years work experience in the field of information security. Three(3) of the five (5) years of work experience must be gained performing the role of an information security manager. In addition, this work experience must be broad and gained in three of the five job practice areas. Substitution for work performed in the role of an information security manager are not allowed. However, a minimum of two (2) years for general work experience in the field of information security may be substituted as follows: Two (2) years of general work experience may be substituted for currently holding one of the following broad security-related certifications or a post-graduate degree: Certified Information Systems Auditor™ (CISA®) in good standing or Certified Information Systems Security Professional (CISSP) in good standing) or Post-graduate degree in information security or a related field (for example: business administration, information systems, information assurance) OR A maximum of one (1) year of general work experience may be substituted for one of the following: One (1) full year of information systems management experience or Currently holding a skill-based or genera security certification [e.g., SANS’ Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security+, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager]. Experience must have been gained within the 10-year period preceding the application for certification or within five years from the date initially passing the exam. Application for certification must be submitted within five years from the passing date of the CISM® exam. All experience must be verified independently with employers. The CISM® Exam The CISM® exam is offered each year in June and December and consists of 200 multiple-choice questions that cover the CISM® job practice areas. The exam covers information security management areas created from a CISM® job practice analysis and reflects the work performed information security managers. The job practice was developed and validated using prominent industry leaders, subject matter experts and industry practitioners. The areas and their definitions are as follows: Information Security Governance – Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Risk Management – Identify and manage information security risks to achive business objectives. Information Security Program(me) Management – Design, develop and manage an information security program(me) to implement the information security governance framework. Information Security Management – Oversee and direct information security activities to execute the information security program(me). Response Management – Develop and manage a capability to respond to and recover from disruptive and destructive information security events. For a description of taks and knowledge statements for each area, please refer to www.isaca.org/cismexam. Preparing for the CISM® Exam There are several ways to prepare yourself for the CISM® exam. One of them is to participate in CISM® Review Course conducted by ISACA® Indonesia Chapter. For further information, please contact CISA Coordinator of ISACA Indonesia Chapter at abhartono2003@yahoo.com. To get study aids, including 2006 CISM® Review Manual, please refer to ISACA Bookstore. CISM® Exam Registration The next CISM® exam will be administered on Saturday, 10 June 2006. Registration form can be obtained from CISM® Bulletin of Information (www.isaca.org/cismboi).   ISACA Member Non-ISACA Member NOTE: Registration form and payment must be received on or before 8 February 2006 to qualify for the early registration date. Early registrations received on or before 8 February 2006 US $340 US $460 Final registrations received by 5 April 2006 US $390 US $510 A US$50 fee is required for all changes to CISM® exam registration information received between 14 April 2006 and 28 April 2006. No changes will be accepted after 28 April 2006. On-line registration via the ISACA® web site (www.isaca.org/examreg) is encouraged. Candidates registering on-line will save US $35. Non-members can also maximize their savings by joining ISACA® at the same time as they register. Please click here to get more information on CISM®.