1 / 24

INTRODUCTION

The recognized globalleaders in IT governance,control and assurance.. Information Systems Audit and Control Association

richelle
Download Presentation

INTRODUCTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. INTRODUCTION 2004 Certified Information Security Manager (CISM) Review Course This presentation is for the purpose of describing the details of the CISM certification program to candidates participating in an ISACA chapter sponsored CISM Review Course. This course is designed to be administered in conjunction with the use of the CISM Review Manual 2004 published by ISACA. Notes pages include excerpts from this manual, but are not all inclusive. It is highly recommended that CISM candidates taking this course obtain the CISM Review Manual 2004 to follow along with the material and for independent study. It is also recommended that the instructor(s) for this course also obtain the CISM Review Manual 2004 for reference purposes and to supplement the instructors own experiences. This presentation is for the purpose of describing the details of the CISM certification program to candidates participating in an ISACA chapter sponsored CISM Review Course. This course is designed to be administered in conjunction with the use of the CISM Review Manual 2004 published by ISACA. Notes pages include excerpts from this manual, but are not all inclusive. It is highly recommended that CISM candidates taking this course obtain the CISM Review Manual 2004 to follow along with the material and for independent study. It is also recommended that the instructor(s) for this course also obtain the CISM Review Manual 2004 for reference purposes and to supplement the instructors own experiences.

    2. The recognized global leaders in IT governance, control and assurance. Information Systems Audit and Control Association (ISACA ) Information Systems Audit and Control Association (ISACA ) is a recognized global leader in IT governance, control and assurance. ISACA sponsors international conferences, training events and a global knowledge network (K-NET), administers the globally respected Certified Information Systems Auditor (CISA) designation and the Certified Information Security Manager (CISM) designation, and develops globally applicable information systems (IS) auditing and control standards. The IT Governance Institute (ITGI) exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations. Together, ISACA and its affiliated IT Governance Institute lead the information technology control community and serve its practitioners by providing the elements needed by IT professionals in an ever-changing worldwide environment. Information Systems Audit and Control Association (ISACA ) is a recognized global leader in IT governance, control and assurance. ISACA sponsors international conferences, training events and a global knowledge network (K-NET), administers the globally respected Certified Information Systems Auditor (CISA) designation and the Certified Information Security Manager (CISM) designation, and develops globally applicable information systems (IS) auditing and control standards. The IT Governance Institute (ITGI) exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations. Together, ISACA and its affiliated IT Governance Institute lead the information technology control community and serve its practitioners by providing the elements needed by IT professionals in an ever-changing worldwide environment.

    3. ISACA Facts Founded in 1969, as the EDP Auditors Association More than 28,000 members in over 100 countries More than 170 chapters worldwide ISACAs membershipmore than 28,000 strong worldwideis characterized by its diversity. Members live and work in more than 100 countries and cover a variety of professional IT-related positionsto name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. Some are new to the field, others are at middle management levels and still others are in the most senior ranks. They work in nearly all industry categories, including financial and banking, public accounting, government and the public sector, utilities and manufacturing. This diversity enables members to learn from each other, and exchange widely divergent viewpoints on a variety of professional topics. It has long been considered one of ISACAs strengths. Another of ISACAs strengths is its chapter network. ISACA has more than 170 chapters in more than 60 countries worldwide. Each chapter provides members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level. ISACAs membershipmore than 28,000 strong worldwideis characterized by its diversity. Members live and work in more than 100 countries and cover a variety of professional IT-related positionsto name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. Some are new to the field, others are at middle management levels and still others are in the most senior ranks. They work in nearly all industry categories, including financial and banking, public accounting, government and the public sector, utilities and manufacturing. This diversity enables members to learn from each other, and exchange widely divergent viewpoints on a variety of professional topics. It has long been considered one of ISACAs strengths. Another of ISACAs strengths is its chapter network. ISACA has more than 170 chapters in more than 60 countries worldwide. Each chapter provides members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level.

    4. CISM Target Market What is the CISM Target Market? Individuals who design, implement and manage an enterprises information security program. Security managers Security directors Security officers Security consultants The CISM program is specifically geared toward experienced information security managers, directors, officers, consultants and those who have information security management responsibilities. CISM is designed for the large contingent of individuals who must maintain a constant view of the big picture by designing, implementing and managing an enterprises information security program. The CISM program is specifically geared toward experienced information security managers, directors, officers, consultants and those who have information security management responsibilities. CISM is designed for the large contingent of individuals who must maintain a constant view of the big picture by designing, implementing and managing an enterprises information security program.

    5. CISM Uniqueness What makes CISM Unique? Designed for information security managers exclusively Criteria and exam developed from job practice analysis validated by information security managers Experience requirement includes information security management The CISM program is designed for experienced information security managers and those who have the following information security management responsibilities: Establish and maintain an information security governance framework Identify and manage information security risks Design, develop and manage an information security program(me) Oversee and direct information security activities Develop and manage a response and recovery program from disruptive and destructive information security events Although there are many IT security credentials, portions of which may overlap with portions of CISM, CISM is the credential specifically designed to assess the skill and knowledge of information security managers. The CISM program is designed for experienced information security managers and those who have the following information security management responsibilities: Establish and maintain an information security governance framework Identify and manage information security risks Design, develop and manage an information security program(me) Oversee and direct information security activities Develop and manage a response and recovery program from disruptive and destructive information security events Although there are many IT security credentials, portions of which may overlap with portions of CISM, CISM is the credential specifically designed to assess the skill and knowledge of information security managers.

    6. CISM Recognition Certification Magazine , November 2003 recognized CISM among its top ten Best New Programs or Certifications CISM recognized in numerous publications as a unique new management credential (for example) SC Magazine Certification Magazine Information Security Magazine CSO Magazine Online Computerworld Today (Australia) eWeek Security Magazine (Brazil) Although the CISM Certification was just recently introduced, it has achieved instant recognition for its unique management perspective and credibility (since it is offered by ISACA). Certification Magazine , November 2003 recognized CISM among its top ten Best New Programs or Certs Though not all of the items in the following list are less than a year old, most are still relatively new to the IT certification scene. These new offerings represent innovative topics or subject focus, certify interesting and useful skills and knowledge or represent ways to involve IT professionals early in programs that require years of documented work experience. In the interest of brevity, these certifications are listed in no particular order and without additional supporting detail: CISM is recognized in numerous publications as a unique new management credential (for example) SC Magazine Certification Magazine Information Security Magazine CSO Magazine Online Computerworld Today (Australia) eWeek Security Magazine (Brazil) Although the CISM Certification was just recently introduced, it has achieved instant recognition for its unique management perspective and credibility (since it is offered by ISACA). Certification Magazine , November 2003 recognized CISM among its top ten Best New Programs or Certs Though not all of the items in the following list are less than a year old, most are still relatively new to the IT certification scene. These new offerings represent innovative topics or subject focus, certify interesting and useful skills and knowledge or represent ways to involve IT professionals early in programs that require years of documented work experience. In the interest of brevity, these certifications are listed in no particular order and without additional supporting detail: CISM is recognized in numerous publications as a unique new management credential (for example) SC Magazine Certification Magazine Information Security Magazine CSO Magazine Online Computerworld Today (Australia) eWeek Security Magazine (Brazil)

    7. Prominent CISMs Howard A. Schmidt, CISM, vice president of security for eBay Eugene Schultz, CISM, principal engineer with Lawrence Berkeley National Laboratory Fred Piper, CISM, director of the Royal Holloway College (University of London) Information Security Group Ted Humphreys, CISM, involved with the development of the British Standard (BS) 7799 Bill Caelli, CISM, head, School of Data Communications and founder of the Information Security Research Centre, Queensland University Robert Clyde, CISM, chief technology officer, Symantec Corporation Dorothy Denning, CISM, professor, Department of Defense Analysis, Naval Postgraduate School Jae Woo Lee, CISM, professor, Dongguk University IAI Bart Preneel, CISM, researcher, Katholieke Universiteit Leuven, Belgium Bruce Schneier, CISM, founder and chief technology officer, Counterpane Internet Security, Inc. Many prominent and respected information security experts from around the world are CISMs. Among them are: Howard A. Schmidt, CISM, vice president of security for eBay Eugene Schultz, CISM, principal engineer with Lawrence Berkeley National Laboratory Fred Piper, CISM, director of the Royal Holloway College (University of London) Information Security Group Ted Humphreys, CISM, involved with the development of the British Standard (BS) 7799 Code of Practice for Information Security Management Bill Caelli, CISM, head, School of Data Communications and founder of the Information Security Research Centre, Queensland University Robert Clyde, CISM, chief technology officer, Symantec Corporation Dorothy Denning, CISM, professor, Department of Defense Analysis, Naval Postgraduate School Jae Woo Lee, CISM, professor, Dongguk University IAI Bart Preneel, CISM, researcher, Katholieke Universiteit Leuven, Belgium Bruce Schneier, CISM, founder and chief technology officer, Counterpane Internet Security, Inc. Many prominent and respected information security experts from around the world are CISMs. Among them are: Howard A. Schmidt, CISM, vice president of security for eBay Eugene Schultz, CISM, principal engineer with Lawrence Berkeley National Laboratory Fred Piper, CISM, director of the Royal Holloway College (University of London) Information Security Group Ted Humphreys, CISM, involved with the development of the British Standard (BS) 7799 Code of Practice for Information Security Management Bill Caelli, CISM, head, School of Data Communications and founder of the Information Security Research Centre, Queensland University Robert Clyde, CISM, chief technology officer, Symantec Corporation Dorothy Denning, CISM, professor, Department of Defense Analysis, Naval Postgraduate School Jae Woo Lee, CISM, professor, Dongguk University IAI Bart Preneel, CISM, researcher, Katholieke Universiteit Leuven, Belgium Bruce Schneier, CISM, founder and chief technology officer, Counterpane Internet Security, Inc.

    8. CISM General Requirements Certified Information Security Manager (CISM) Criteria Pass exam Submit verified evidence of a minimum of five years of information security work experience Adhere to ISACA Code of Professional Ethics Comply with continuing education policy To earn the CISM designation, candidates are required to: Successfully complete the CISM exam. Submit evidence of a minimum of five (5) years of general information security work experience with 3 years performing information security management tasks outlined in the CISM job practice. Substitutions of the general information security experience are as follows: Two Years Certified Information Systems Auditor (CISA) in good standing Certified Information Systems Security Professional (CISSP) in good standing Post-graduate degree in information security or a related field (for example: business administration, information systems, information assurance) One Year One-full year of information systems management experience Skill-based Security Certifications (e.g. SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +) The experience substitutions will not satisfy any portion of the three-year information security management work experience requirement. Experience must have been gained within the 10-year period preceding the date of the application for certification, or within five years from the date of initially passing the exam. It is important to note that many individuals choose to take the CISM exam prior to meeting the experience requirements. Adhere to the Information Systems Audit and Control Associations Code of Professional Ethics. Comply with a CISM Continuing Education Program (discussed later). To earn the CISM designation, candidates are required to: Successfully complete the CISM exam. Submit evidence of a minimum of five (5) years of general information security work experience with 3 years performing information security management tasks outlined in the CISM job practice. Substitutions of the general information security experience are as follows: Two Years Certified Information Systems Auditor (CISA) in good standing Certified Information Systems Security Professional (CISSP) in good standing Post-graduate degree in information security or a related field (for example: business administration, information systems, information assurance) One Year One-full year of information systems management experience Skill-based Security Certifications (e.g. SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +) The experience substitutions will not satisfy any portion of the three-year information security management work experience requirement. Experience must have been gained within the 10-year period preceding the date of the application for certification, or within five years from the date of initially passing the exam. It is important to note that many individuals choose to take the CISM exam prior to meeting the experience requirements. Adhere to the Information Systems Audit and Control Associations Code of Professional Ethics. Comply with a CISM Continuing Education Program (discussed later).

    9. CISM Job Practice Analysis Development ISACA Board appointed Credentialing Task Force created first draft Draft exposed to Subject Matter Experts around the world for comment Job Analysis validated with target market More than 2000 information security managers, directors, officers and consultants were contacted Final Job Analysis approved An ISACA Board appointed Credentialing Task Force was created and among other responsibilities, they created the first draft of the CISM job practice, which included task and knowledge statements. This task force was made up of highly experienced information security managers, CSOs, CIOs and others. This draft was then exposed to subject matter experts around the world who provided comments. These comments were used to refine the job areas, task and knowledge statements. From this a further refined job practice was exposed to more than 2000 information security managers, directors, officers and consultants who provided further comment. The final result was the job practice areas, their definitions, final task statements and final knowledge statements that are used for exam develoment.An ISACA Board appointed Credentialing Task Force was created and among other responsibilities, they created the first draft of the CISM job practice, which included task and knowledge statements. This task force was made up of highly experienced information security managers, CSOs, CIOs and others. This draft was then exposed to subject matter experts around the world who provided comments. These comments were used to refine the job areas, task and knowledge statements. From this a further refined job practice was exposed to more than 2000 information security managers, directors, officers and consultants who provided further comment. The final result was the job practice areas, their definitions, final task statements and final knowledge statements that are used for exam develoment.

    10. Summary of CISM Areas Information Security Governance (21%) Risk Management (21%) Information Security Program(me) Management (21%) Information Security Management (24%) Response Management (13%) The questions on the CISM exam are selected to comply with the aforementioned job practice analysis. Because the CISM exam is experienced based, candidates should prepare for the exam by learning to be able to apply their practical knowledge of information security management principles and practices to these areas. The percentages listed here represent the approximate percentage of questions that will appear on the exam. Information Security Governance (21%) Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Risk Management (21%) Identify and manage information security risks to achieve business objectives. Information Security Program(me) Management (21%) Design, develop and manage an information security program(me) to implement the information security governance framework. Information Security Management (24%) Oversee and direct information security activities to execute the information security program(me). Response Management (13%) Develop and manage a capability to respond to and recover from disruptive and destructive information security events. The percentages above apply to the approximate percentage of questions on the exam from each area above.The questions on the CISM exam are selected to comply with the aforementioned job practice analysis. Because the CISM exam is experienced based, candidates should prepare for the exam by learning to be able to apply their practical knowledge of information security management principles and practices to these areas. The percentages listed here represent the approximate percentage of questions that will appear on the exam. Information Security Governance (21%) Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Risk Management (21%) Identify and manage information security risks to achieve business objectives. Information Security Program(me) Management (21%) Design, develop and manage an information security program(me) to implement the information security governance framework. Information Security Management (24%) Oversee and direct information security activities to execute the information security program(me). Response Management (13%) Develop and manage a capability to respond to and recover from disruptive and destructive information security events. The percentages above apply to the approximate percentage of questions on the exam from each area above.

    11. Exam Details Title SlideTitle Slide

    12. Types of Questions on the CISM Exam Exam consists of 200 questions administered over a four-hour period Questions are designed to test practical knowledge and experience Questions are multiple choice and are designed for one best answer CISM exam questions are developed with the intent of measuring and testing practical knowledge. All questions are multiple choice and are designed for one best answer. Every question has a stem (question) and four options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may also be included. These questions normally include a description of a situation and require the candidate to answer two or more questions based on the information provided. CISM exam questions are developed with the intent of measuring and testing practical knowledge. All questions are multiple choice and are designed for one best answer. Every question has a stem (question) and four options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may also be included. These questions normally include a description of a situation and require the candidate to answer two or more questions based on the information provided.

    13. Administration of the CISM Exam Administered on Saturday, 12 June 2004 English only More than 200 test sites Offered in every city where there is an ISACA chapter or a large interest in sitting for the exam Passing mark of 75 (scaled score) The CISM exam is offered on Saturday, 12 June 2004 in locations around the world. Alternate dates are available due to religious conflicts. The 2004 CISM exam is only offered in English. In years that follow other exam languages will be considered based on interest and demand. The administration of the exam is offered in every city where there is an ISACA chapter or a large interest in sitting for the exam. It is anticipated that the 2004 exam will be held in more than 200 test sites. Approximately 10 weeks after the test date, score reports will be mailed to candidates. A scaled score of 75 or more is required to pass. This score does NOT represent the percentage of items answered correctly. The CISM exam is offered on Saturday, 12 June 2004 in locations around the world. Alternate dates are available due to religious conflicts. The 2004 CISM exam is only offered in English. In years that follow other exam languages will be considered based on interest and demand. The administration of the exam is offered in every city where there is an ISACA chapter or a large interest in sitting for the exam. It is anticipated that the 2004 exam will be held in more than 200 test sites. Approximately 10 weeks after the test date, score reports will be mailed to candidates. A scaled score of 75 or more is required to pass. This score does NOT represent the percentage of items answered correctly.

    14. CISM Exam Costs Registration Fees and Payment Early registrations received before 4 February 2004: ISACA Member: US $325.00 Non-Member: US $445.00 Final registrations received by 31 March 2004: ISACA Member: US $375.00 Non-Member: US $495.00 Register Online and Save on the Registration Fee Online registration via the ISACA web site is encouraged. By doing so candidates will save US $30. Non-members will also have the ability to join ISACA at the same time, thus maximizing their savings. Exam Fee Online registration and payment is encouraged and a US$30 discount is extended to all candidates who register in that manner. Registration on or before 4 February 2004 ISACA Members - Online (US) $295.00 ISACA Members (US) $325.00 Non-members - Online (US) $415.00 Non-members (US) $445.00 Registration on or before 31 March 2004 SACA Members - Online (US) $345.00 ISACA Members (US) $375.00 Non-members - Online (US) $465.00 Non-members (US) $495.00 NOTE: Payment MUST accompany the registration form. Payment can be made by cheque or draft amount in US dollars drawn on a US bank, by credit card or by bank transfer on the registration form. Due Dates Final registration forms and payment must be postmarked or received by fax on or before 31 March 2004. Exam FeeOnline registration and payment is encouraged and a US$30 discount is extended to all candidates who register in that manner. Registration on or before 4 February 2004ISACA Members - Online (US) $295.00ISACA Members (US) $325.00 Non-members - Online (US) $415.00 Non-members (US) $445.00 Registration on or before 31 March 2004SACA Members - Online (US) $345.00ISACA Members (US) $375.00 Non-members - Online (US) $465.00 Non-members (US) $495.00 NOTE: Payment MUST accompany the registration form. Payment can be made by cheque or draft amount in US dollars drawn on a US bank, by credit card or by bank transfer on the registration form. Due DatesFinal registration forms and payment must be postmarked or received by fax on or before 31 March 2004.

    15. Bulletin of Information and Registration Form Sent to potential candidates in ISACA database each year Can be downloaded from ISACA web site Additional copies provided to ISACA chapters A CISM Bulletin of Information is mailed to potential candidates from ISACAs database each October/November. Additional copies are mailed at periodic intervals and upon request. CISMs are also mailed a Bulletin of Information as part of a mentoring program. In this case, CISMs are expected to pass program brochures to prospective candidates and encourage participation. A CISM Bulletin of Information can be downloaded from ISACAs web site at http://www.isaca.org/cism Additional Bulletins of Information are provided to ISACA chapters for local distribution. Candidates who require a printed brochure are encouraged to obtain one from their chapter. At that time they will also learn of preparation classes that the chapter may be offering. The CISM Bulletin of Information includes: The aforementioned CISM requirements A description of the exam Registration instructions Test date procedures Score reporting procedures Specific test center locations Registration form A CISM Bulletin of Information is mailed to potential candidates from ISACAs database each October/November. Additional copies are mailed at periodic intervals and upon request. CISMs are also mailed a Bulletin of Information as part of a mentoring program. In this case, CISMs are expected to pass program brochures to prospective candidates and encourage participation. A CISM Bulletin of Information can be downloaded from ISACAs web site at http://www.isaca.org/cism Additional Bulletins of Information are provided to ISACA chapters for local distribution. Candidates who require a printed brochure are encouraged to obtain one from their chapter. At that time they will also learn of preparation classes that the chapter may be offering. The CISM Bulletin of Information includes: The aforementioned CISM requirements A description of the exam Registration instructions Test date procedures Score reporting procedures Specific test center locations Registration form

    16. Exam Study Plan Title SlideTitle Slide

    17. How to Develop a CISM Study Plan A proper study plan consists of many steps Self-appraisal Determination of the type of study program Having an adequate amount of time to prepare Maintaining momentum Readiness review A proper study plan consists of many steps. The first step is a self-appraisal. The candidate should perform a general review of the CISM job practice areas in the Candidates Guide to the CISM Examination to determine overall familiarity with the tasks and knowledge covered in the exam. The candidate also should evaluate his/her own study habits and discipline. Based on this evaluation the candidate will have a general idea as to the amount of time and energy needed to adequately prepare for the exam. The second step is a determination of the type of study program to undertake. Options range from an overall review of the material for the highly experienced Information security manager to a more intense self-study program for the less experienced candidate to a program of both self-study and attendance at a formal CISM review program like this one. The third step is to ensure adequate preparation time. Candidates should plan to set aside an appropriate number of hours each week to prepare for the exam. The fourth step is maintaining momentum. A candidate can easily lose interest in studying and encounter obstacles to study. A candidate must realize that this will normally occur and not become discouraged. The final step is performing a readiness review. The formal study program should be completed at least one week prior to the date of the exam. A proper study plan consists of many steps. The first step is a self-appraisal. The candidate should perform a general review of the CISM job practice areas in the Candidates Guide to the CISM Examination to determine overall familiarity with the tasks and knowledge covered in the exam. The candidate also should evaluate his/her own study habits and discipline. Based on this evaluation the candidate will have a general idea as to the amount of time and energy needed to adequately prepare for the exam. The second step is a determination of the type of study program to undertake. Options range from an overall review of the material for the highly experienced Information security manager to a more intense self-study program for the less experienced candidate to a program of both self-study and attendance at a formal CISM review program like this one. The third step is to ensure adequate preparation time. Candidates should plan to set aside an appropriate number of hours each week to prepare for the exam. The fourth step is maintaining momentum. A candidate can easily lose interest in studying and encounter obstacles to study. A candidate must realize that this will normally occur and not become discouraged. The final step is performing a readiness review. The formal study program should be completed at least one week prior to the date of the exam.

    18. How to Study for the CISM Exam Read the Candidates Guide thoroughly Study the CISM Review Manual Participate in an ISACA Chapter Review Course Read literature in areas where you need to strengthen skills Join or organize study groups Candidates preparing for the exam are encouraged to: Read the Candidates Guide to the CISM Examination thoroughly (provided to candidates upon registration for the exam) Study the CISM Review Manual 2004 Participate in an ISACA Chapter Review Course (you have taken this important step) Read literature in areas of weakness (references in the CISM Review Manual 2004 are a good source for this) Join or organize study groups Candidates preparing for the exam are encouraged to: Read the Candidates Guide to the CISM Examination thoroughly (provided to candidates upon registration for the exam) Study the CISM Review Manual 2004 Participate in an ISACA Chapter Review Course (you have taken this important step) Read literature in areas of weakness (references in the CISM Review Manual 2004 are a good source for this) Join or organize study groups

    19. CISM Study Materials/Courses Candidates Guide to the CISM Examination Free to each paid registrant CISM Review Manual 2004 CISM Questions, Answers and Explanations (QAE) Manual (100 sample questions) Chapter CISM Review Courses Passing the CISM exam can be achieved through an organized plan of study. To assist individuals with the development of a successful study plan, ISACA provides several study aids and review courses to exam candidates. Candidates Guide to the CISM Examination is supplied to individuals upon receipt of the CISM exam registration form and payment. This guide provides a detailed outline of the job practice areas covered on the exam, a suggested list of reference materials and a sample copy of the answer sheet used for the exam. The CISM Review Manual 2004 is a reference guide designed to assist individuals in preparing for the CISM exam and for individuals who wish to learn more about the role and responsibility of an information security manager. The manual features detailed descriptions of the tasks preformed by information security managers and the knowledge required to manage, design and oversee an enterprises information security program. Information is provided in a hierarchical format that begins with an explanation of each task and knowledge statement, presents applicable information security management principles, practices and strategies and includes detailed references where additional guidance can be found. This manual can be used as a stand-alone document for individual study or as a guide or reference for study groups and review courses. The CISM Review Manual 2004 also provides definitions and practical examples to facilitate the learning process. CISM Questions, Answers and Explanations (QAE) Manual (100 sample questions) is a study guide that consists of 100 multiple-choice study questions arranged in the same proportion as the CISM job practice areas. These are not actual exam items, but have been developed to provide the candidate with the type of question that might appear on the exam. CISM review courses are conducted by many ISACA chapters. Exam candidates should contact the ISACA chapter in their area to find out if a review course is being offered. Information pertaining to chapter contacts and course offerings are available at www.isaca.org/chap1.htm and www.isaca.org/revw.htm respectively. Passing the CISM exam can be achieved through an organized plan of study. To assist individuals with the development of a successful study plan, ISACA provides several study aids and review courses to exam candidates. Candidates Guide to the CISM Examination is supplied to individuals upon receipt of the CISM exam registration form and payment. This guide provides a detailed outline of the job practice areas covered on the exam, a suggested list of reference materials and a sample copy of the answer sheet used for the exam. The CISM Review Manual 2004 is a reference guide designed to assist individuals in preparing for the CISM exam and for individuals who wish to learn more about the role and responsibility of an information security manager. The manual features detailed descriptions of the tasks preformed by information security managers and the knowledge required to manage, design and oversee an enterprises information security program. Information is provided in a hierarchical format that begins with an explanation of each task and knowledge statement, presents applicable information security management principles, practices and strategies and includes detailed references where additional guidance can be found. This manual can be used as a stand-alone document for individual study or as a guide or reference for study groups and review courses. The CISM Review Manual 2004 also provides definitions and practical examples to facilitate the learning process. CISM Questions, Answers and Explanations (QAE) Manual (100 sample questions) is a study guide that consists of 100 multiple-choice study questions arranged in the same proportion as the CISM job practice areas. These are not actual exam items, but have been developed to provide the candidate with the type of question that might appear on the exam. CISM review courses are conducted by many ISACA chapters. Exam candidates should contact the ISACA chapter in their area to find out if a review course is being offered. Information pertaining to chapter contacts and course offerings are available at www.isaca.org/chap1.htm and www.isaca.org/revw.htm respectively.

    20. Applying for CISM Certification Title SlideTitle Slide

    21. Application for CISM Certification Application for CISM certification is sent to all who pass the exam and contains: Requirements for maintaining certification Code of Professional Ethics Instructions for completion of form CISM application form Verification of work experience Once a candidate has passed the CISM exam, he/she must complete the Application for Certification as a Certified Information Security Manager to become a CISM. The purpose of the application is to verify that experience requirements have been met. The application is divided into several parts that include the following forms and instructions: Requirements for certification Code of Professional Ethics Instructions for completion of form CISM application form Verification of work experience for applicant formOnce a candidate has passed the CISM exam, he/she must complete the Application for Certification as a Certified Information Security Manager to become a CISM. The purpose of the application is to verify that experience requirements have been met. The application is divided into several parts that include the following forms and instructions: Requirements for certification Code of Professional Ethics Instructions for completion of form CISM application form Verification of work experience for applicant form

    22. Continuing Education Policy Details Title SlideTitle Slide

    23. Continuing Education Requirements Certification is granted annually to those CISMs who: Annually report a minimum of 20 hours of continuing professional education Annually pay the continuing education maintenance fee Comply with the ISACA Code of Professional Ethics Report a minimum of 120 contact hours of continuing education for each fixed three-year period The CISM Continuing Education Policy requires the attainment of continuing education hours over an annual and three-year reporting period. CISMs must comply with the following requirements to retain certification: Attain and submit an annual minimum of twenty (20) continuing professional education hours Submit annual continuing education maintenance fees to ISACA Headquarters in full Respond and submit required documentation of continuing education activities if selected for an annual audit Comply with ISACA Code of Professional Ethics Attain and submit a minimum of one-hundred and twenty (120) continuing education hours for a three-year reporting period. Both annual and three-year requirements begin 1 January of the following year after becoming certified. Specific activities are required and described in the CISM Continuing Education Policy. The CISM Continuing Education Policy requires the attainment of continuing education hours over an annual and three-year reporting period. CISMs must comply with the following requirements to retain certification: Attain and submit an annual minimum of twenty (20) continuing professional education hours Submit annual continuing education maintenance fees to ISACA Headquarters in full Respond and submit required documentation of continuing education activities if selected for an annual audit Comply with ISACA Code of Professional Ethics Attain and submit a minimum of one-hundred and twenty (120) continuing education hours for a three-year reporting period. Both annual and three-year requirements begin 1 January of the following year after becoming certified. Specific activities are required and described in the CISM Continuing Education Policy.

    24. ISACA Code of Professional Ethics Members and ISACA certification holders shall: Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards and best practices. Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession. Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence. Inform appropriate parties of the results of work performed; revealing all significant facts known to them. Support the professional education of stakeholders in enhancing their understanding of information systems security and control. ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders. Members and ISACA certification holders shall: Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards and best practices. Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession. Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence. Inform appropriate parties of the results of work performed; revealing all significant facts known to them. Support the professional education of stakeholders in enhancing their understanding of information systems security and control. Failure to comply with this Code of Professional Ethics can result in an investigation into a member's, and/or certification holder's conduct and, ultimately, in disciplinary measures. ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders. Members and ISACA certification holders shall: Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards and best practices. Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession. Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence. Inform appropriate parties of the results of work performed; revealing all significant facts known to them. Support the professional education of stakeholders in enhancing their understanding of information systems security and control. Failure to comply with this Code of Professional Ethics can result in an investigation into a member's, and/or certification holder's conduct and, ultimately, in disciplinary measures.

    25. Information Systems Audit and Control Association/ Foundation 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL, USA 60008 Phone: +1.847.253.1545 Fax: +1.847.253.1443 E-mail: certification@isaca.org Web site: www.isaca.org CISM link: www.isaca.org/cism.htm For more information instruct candidates to contact their local chapter (you may also want to include the name of your chapter and contact information on this slide) or ISACA headquarters at: Mail: Information Systems Audit and Control Association/ Foundation 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL, USA 60008 Phone: +1.847.253.1545 Fax: +1.847.253.1443 E-mail: certification@isaca.org Web site: www.isaca.org CISM link: www.isaca.org/cism.htmFor more information instruct candidates to contact their local chapter (you may also want to include the name of your chapter and contact information on this slide) or ISACA headquarters at: Mail: Information Systems Audit and Control Association/ Foundation 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL, USA 60008 Phone: +1.847.253.1545 Fax: +1.847.253.1443 E-mail: certification@isaca.org Web site: www.isaca.org CISM link: www.isaca.org/cism.htm

More Related