Isaca Updates CISM Job Practice to Reflect Evolving IT Security Roles

Information Risk Management and Compliance

(31.01.12) - To stay ahead of evolving IT security roles, Isaca's June 2012 Certified Information Security Manager (CISM) examination will be based on an updated job practice. Isaca, a nonprofit association of more than 95,000 IT professionals worldwide, conducts an international job practice analysis at least every five years, which forms the basis of the CISM exam. Since its introduction in 2002, the CISM credential has become recognized worldwide as a symbol of excellence in information security, and has been earned by more than 18,000 professionals. The CISM designation continues to achieve the ISO 17024 Conformity Assessment/American National Standards Institute (ANSI) accreditation and is listed in Govinfosecurity.com's Top 5 Information Security Certifications for 2012. It was also recently recognized at the Hong Kong ICT Awards 2011 with the Certificate of Merit under the "Best Professional Development (ICT Professional) Award."

"Regularly conducting a job practice analysis ensures that the CISM exam accurately reflects the current tasks and responsibilities of today's information security managers," said Allan Boardman, CISA, CISM, CGEIT, CRISC, CISSP, CA(SA), chair of Isaca's Credentialing Board. "Analyzing the CISM’s role helped us identify the need to streamline the domains within the job practice."

Major changes to the CISM job practice include combining two of the domains, resulting in four domains, rather than the previous five. The new CISM job practice domains are:

· Domain 1 - Information Security Governance

· Domain 2 - Information Risk Management and Compliance

· Domain 3 - Information Security Program Development and Management

· Domain 4 - Information Security Incident Management

The CISM job practice analysis sought input from thousands of global information security professionals. Isaca’s CISM Job Practice Analysis Task Force facilitated independent reviews with content experts who are CISMs to create a detailed description of the tasks performed by, and knowledge required of, information security managers. Isaca also worked with Professional Examination Service (PES) to complete the analysis. PES has been Isaca’s credentialing partner since 1987.

"The CISM exam domains have been updated based on expertise gathered during the comprehensive job practice analysis process, adding value and a competitive advantage to those who achieve the credential," said Boardman. (Isaca: ra)