Differences Between CISM Certification and Other Certifications
According to a statistics by ISS(Internet Security Systems), a well-known American information Security manufacturer, the number of information Security incidents detected by enterprises in the first quarter of 2004 was 84 percent more than that in the fourth quarter of 2003. In the face of an endless stream of information security events, relying only on the deployment of firewalls, network intrusion and other equipment is not enough to rely on, but also need effective information security management and planning. Therefore, CISM focuses on the management level rather than the technical level, and requires candidates to have at least five years of professional information system security-related work experience, including at least three years of experience as an information security supervisor.
CISM differs from other information security certifications in its experience requirements and focus on the performance of the information security manager. Other information security certifications focus on specific technology, platform or product information, or previous years of work on information security. Only CISM is for information security managers, the focus is no longer a separate technology or skills, but transferred to the information security management of the entire enterprise. CISM is for individuals who manage and oversee the information security of an enterprise, many of whom may have held relevant certifications in other areas. Because of the need to focus on management, work experience is relatively important, so CISM requires at least 5 years of experience in information security management, and the content of the exam is also focused on the daily work handled by information security managers.
ISACA Providing Reasons for CISM
ISACA 's name reflects its obligations and the certification it provides, not only to information systems audit professionals, but also to those involved in the control of information systems. Over the past 20 years, ISACA has been a pioneer in the certification of CISA as an International Registered Information System Auditor, and training of CISA as an International Registered Information System Auditor, information security participants, and personnel related to information security management. In recent years, ISACA has strengthened other information security controls and activities in the journals it publishes, and conducted research on professionals who work in information security management. Due to the needs of many ISACA members and CISA, ISACA developed the CISM Professional Certification for full-time information security managers.
The Uniqueness of CISM
The CISM International Registered Information Security Manager is unique in that it is specifically designed for those engaged in information security management in the marketplace. For information security managers, experience requirements and the CISM exam are relatively important to fulfill their information security responsibilities and responsibilities. These requirements and knowledge categories have been verified by information security experts and industry leaders, used to measure the experience and management ability of information security managers, rather than general knowledge training.
Definition of Work Area Analysis for CISM
In order to understand what information security managers need to do and what they need to do,ISACA has formed a task force to analyze the work of elite information security experts in the industry, and use the results of the analysis as the basis for the examination certification. Due to the importance of the definition of work areas, and the changing content of the work of information security professionals, ISACA is also currently reanalyzing research into work areas. In addition, the Information Systems Security Association, the Information Security Forum and ASIS International participated in the study.
The CISM exam is held annually and consists of 200 multiple choice questions covering five work practice areas established from the latest CISM work practice analysis. ISACA employs renowned industry leaders, experts in all areas of CISM work practice, and industry practitioners to develop and validate work practice analyses.
With the rapid development of information security in China, the update of information technology and the general level, enterprises need more professional information security managers to develop their own management methods in the face of information security events.
Information security managers are not IT managers. To this end, Huizhe Technology has developed CISM Chinese teaching materials and handouts according to the latest international standard teaching materials that can be applied to China, and has taken the lead in opening CISM certification training. So far, it has provided international registered information security manager certification training for many information security managers in finance, energy and manufacturing industries.