Hello, and welcome to Cloud Academy presentation of the ISACA Certified Information Security Manager Review Seminar. I'm Ross Leo and I will be your host as we explore the details of this certification to help you get prepared to take and pass your CISM examination. So let's go ahead and get started.

The CISM is one of the most-in demand certifications for information security professionals worldwide. It has been developed and maintained by ISACA at the highest level of quality to meet the ANSI standard 17024 of 2012, a very strict standard that sets a very high bar for the training and certifying of professionals. Shared with the ISO, the 17024 ensures that the CISM is recognized and accepted by the profession, commercial employers, and government agencies worldwide.

Generally speaking, the sections will be presented in modules of 40 to 60 minutes average length. The idea is to give you bite-sized sessions that you can do over lunch, in the evening, on your flight, or even taking a ferry among the Greek Islands while on vacation. The best way, of course, is to sit, focus, listen carefully, and take very good notes.

This course will give you a lot to think about, a lot of other reading that you might want to do. The better your attention, the better your understanding. And of course, the better you will do, probably. I must emphasize that this test is a difficult one to pass. It will require you to draw on book learning and experience.

There are no labs in this exam, in the course, or on the test itself, but things that you may have learned in labs or exercises may very well come in handy. One important thing is that this test is vendor and technology neutral. No vendor products are discussed, to ensure that there is no favoritism or focus on a particular brand. Certain technologies are, of course, mentioned, but only in a very general manner. And usually to set the context, when a question is asked or in giving examples.

If you're deeply committed to a single vendor's line or way of doing things, I would strongly recommend that you exercise caution to prevent your seeing everything in this course and on the test through that particular lens.

So once again, welcome. Having first been offered in 2002, the CISM is by no means new, but neither is it old and rusty. The ISACA team works diligently to maintain its currency and its quality, to ensure its holders are kept on the leading edge, and the certification itself remains relevant and in demand.

Intended for security professionals who are moving into senior or higher roles, it focuses on areas that represent the vital elements of governance and control. In the coming modules, I will guide you through a process of thinking and learning as we move into this body of knowledge.

First will come the basics of information security, which is presented to you as both a refresher and as a return to the foundations of our professional practice so to start you out thinking along the right lines. Following that will be an in-depth discussion of the four domains of the CISM shown here: 

• Information security governance
• Information risk management and compliance
• Information security program development and management
• Information security incident management

As we go through each topical section, we will cover some important points, of course, and then follow with a few questions, which you will draw from your book. Here's how that will work. I will pose a few questions, pausing several seconds to give you a chance to think about what I've asked and then put up the answers so that you can check yours with mine.

I, of course, have to admit that I have the advantages. I know both the questions and each correct answer, but since this is really a one-sided conversation with me doing all the talking, this is the best way to help you check your grasp of the topics. My advice with that, be honest with yourself about how you answered. If you got it right, that's good. If not, well, you need to know why you got it wrong and study that as well as learning the correct answer. Approaching your preparation like this will help very greatly.

Like most of its peer certifications, the CISM will have some important qualifications for each candidate to meet before they can achieve it. As you see on this slide, there are several. They include:

• Verified work experience in the field of information security
• Adhering to ISACA's Code of Professional Ethics
• Successfully passing the CISM exam
• Agreeing to comply with the Continuing Education Policy
• Submitting an application for the CISM Certification

Some are about your experience. Some are requirements to commit to a Code of Ethics, which it should be said, most of us in the profession consider a pretty important thing to do. I certainly do and I'm sure you do as well. Like its peers, you will need to get regular training to maintain your standing, but if you have other certifications now, then this will come as no surprise. And of course, there's paperwork to do. That part is inescapable, but of great importance as well.

So let's take a few moments and let's take a look at these points. Of course, to be successful every candidate must pass the exam and the general consensus among test takers is to make every effort to do so on the first go. Easier said than done, but working to make that happen is the main reason we're here.

Like most certification exams at this level, this one has an experience requirement, which I will show you shortly. For those who may not have that accomplished, taking and passing the exam would not be pointless now. Doing this now and succeeding will lock in your having done so, allowing you to build up the necessary experience in the following five years, or if you already have some, whatever the difference is between that and the required five total years you'll need.

Once you complete that portion, you're standing as a CISM holder will be completed and your certification will be validated and issued. There would be no need to take the exam again. Like almost every professional-level certification, such as the CISSP, the CCSP, and the CIPP, the association backing them requires the candidate agreed to follow a Code of Ethics. This is certainly true in this case. I'll show you that in just a few more slides so that you can familiarize yourself with it.

Make no mistake though, ISACA takes this code and our adoption of it very seriously and it expects us all to do the same in our work. Failing to do so has cost some their certifications over the years, enough said on that.

Also, like its peer certifications, the CISM has a continuing professional education requirement that must be met each year. The base certification period is three years, and during that time, the holder must acquire a total of 120 contact hours with no less than 20 CPE credits in any given year. The ISACA website will provide information about this process and all the different ways to obtain these, usually through classes, webinars, conferences, public speaking, delivering training, and several others. Staying current with our fast-moving, oft-changing cybersecurity landscape is the objective, of course, and each candidate must fulfill this requirement every year. Not doing this risks losing the certification and having to take the test again. I can assure you that having taken it once, you really won't want to go through that again. So be sure to take care of your CPEs each year.

Lectures

Introduction to CISM - Part One - Introduction to CISM - Part Two - Introduction to CISM - Part Three