What’s new in CISM 2022?
Table of Contents
Introduction to CISMWhy CISM certification?Overview of new CISM domainsDomain 1 – Information Security Governance (17%)Domain2 – Information Security Risk Management (20%)Domain3 – Information Security Program (33%Domain4)Domain4 – Incident Management (30%)CISM Exam Details
Introduction to CISM
CISM stands for Certified Information Security Manager. ISACA gives the Certified Information Security Manager (CISM), certification to IT professionals who demonstrate expertise in information security governance and program development & management.
The CISM certification is a management-focused certification. It encourages global information security procedures. It recognizes professionals’ ability to manage, supervise and assess an organization’s security. The CISM certification is for individuals who manage cyber security specialists or other security professionals.
Why CISM Certification?
Information security is a key contributor to business growth. It allows for reliable operations and new opportunities for qualitative uniqueness. The CISM certification is recognized by organizations around the world as a sign of your expertise and accomplishments. You’ll be highly sought after. The CISM certification shows that you have a solid understanding of technical skills as well as a grasp of business objectives in relation to data security. CISM is a highly-paid and respected certification for professionals. CISM is the best certification for Information Security Managers.
If you have at most five years of experience in information security, and at least three years in information security management, the CISM certification is a desirable one. You must have at least five years of work experience in information security management within the last ten years.
On June 1, 2022, the CISM exam content is scheduled to be updated. You can still take the current CISM examination based on the current topic outline until 31 May 2022.
Old vs. new CISM domains
Overview of the New CISM Domains
CISM verifies your knowledge within the four domains listed below. This is applicable to all organizations.
Domain 1: Information Security Governance (17%)
17% of the total weightage for the CISM exam is in the information security governance domain. This domain examines the knowledge and functions necessary to create an information security governance structure that aligns with organizational goals. This document outlines the tasks and responsibilities of an Information Security Manager to create and maintain an information security governance structure and supporting processes that align with corporate goals and objectives.
Domain 2: Information Security Risk Management (20%)
20% of the total weightage for the CISM exam is in the information risk management domain. This domain will help you understand your organization’s risk management strategy, and how it relates with information technology. You will learn how to manage information risk based on your risk appetite in order to achieve organizational goals and objectives. This domain is concerned with risk identification, threats and Advanced Persistent Threats, (APT), as well as risk assessment and evaluation.
Domain 3: Information Security Program (33%).
This domain of CISM has 33% exam weightage. The information security program domain manages an information security program that is aligned with the information strategy. This domain provides an overview of information security trends and program resources, management, as well as process concepts for technology resources. This domain will help you understand the industry standards for information security.
Domain 4: Incident Management (30%)
The incident management domain considers itself to be the most important sinc