Apply for CISM Certificate

Hi,

I passed on CISM exam 2 DAYS ago and I expect to receive the result after 8 days.

As you know ISACA has prerequisites to be certified as below. I have around 2 years experience in three of CISM domains plus bachelor of Information Systems. The question is, is these prerequisites enough to be certified? please advice..

Submit verified evidence of five (5) years of work experience in the field of information security. Three (3) of the five (5) years ofwork experience must be in the role of managing information security. In addition, this work experience must be broad and gained inthree of the four job practice areas (see Verification of Work Experience form). The management portion of this experience must beearned while in an information security management position with responsibility for information security management programs orprocesses, or while working as an information security management consultant (where the CISM candidate has been actively engagedin the development and/or management of information security programs or processes for the client organization(s)). Work experiencemust be gained within the ten-year period preceding the application date for certification or within five years from the date of initiallypassing the exam.
Substitutions for work performed in the role of an information security manager are not allowed. However, a maximum of two (2)years for general work experience in the field of information security may be substituted as follows:
• Two years of general work experience may be substituted for currently holding one of the following broad security-related
certifications or a post-graduate degree:

– Certified Information Systems Auditor (CISA) in good standing or
– Certified Information Systems Security Professional (CISSP) in good standing or
– Post-graduate degree in information security or a related field (for example: business administration, information systems,
information assurance)
OR
• A maximum of one year of general information security work experience may be substituted for one of the following:

– One full year of information systems management experience or
– One full year of general security management experience
– Currently holding an information security-related skill-based certification [e.g., SANS Global Information Assurance
Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security+, CompTIA Security+ CE, Disaster
Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager].– Completion of a Bachelor degree in InfoSec or related field (Cybersecurity).

Find more posts tagged with

Comments

JDMurray

You should contact ISACA for the official answer to your question. No one on TE can speak for ISACA, and therefore any speculative answer posted by TE's members could be inaccurate. Please post back here the response you receive from ISACA to your question.

TechGuru80

maktoum wrote: »

Hi,

I passed on CISM exam 2 DAYS ago and I expect to receive the result after 8 days.

As you know ISACA has prerequisites to be certified as below. I have around 2 years experience in three of CISM domains plus bachelor of Information Systems. The question is, is these prerequisites enough to be certified? please advice..

It isn't that difficult to determine with their requirements. At the very most you can substitute 2 years out of the 5 year requirement, thus requiring a total of 3 years managing information security according to the domains.

-Do you have any of the two year waiver options?
--If not, you need 5 years experience with 3 of the 5 managing information security.
--If you do, then you only need 3 years of managing information security (not just general security).

I see no mention of any waivers for a bachelors degree (a post graduate would be a masters degree), and you say you only have two years experience. Based on what you have said, you do not currently have the required experience to get the certification if you pass the exam...plain as day.

maktoum

Hi,

thank you for your reply.

Yes I have the waiver options?

In the second option: one year experiences plus MCSE from Microsoft.

I have 2 years and 3 months experiences in Information security and MCITP from Microsoft which is equal MCSE. ISACA didnt define the version or years of certificates. There is MCSE 2003, in 2008 they change the name to MCITP 2008, in 2016 they back again to old naming MCSE 2016.

In this case, do I need more years of experiences considering isaca accepted MCITP as MCSE??

maktoum

TechGuru80 wrote: »

It isn't that difficult to determine with their requirements. At the very most you can substitute 2 years out of the 5 year requirement, thus requiring a total of 3 years managing information security according to the domains.

-Do you have any of the two year waiver options?
--If not, you need 5 years experience with 3 of the 5 managing information security.
--If you do, then you only need 3 years of managing information security (not just general security).

I see no mention of any waivers for a bachelors degree (a post graduate would be a masters degree), and you say you only have two years experience. Based on what you have said, you do not currently have the required experience to get the certification if you pass the exam...plain as day.

Hi,

thank you for your reply.

Yes I have the waiver options?

In the second option: one year experiences plus Microsoft Certified Systems Engineer (MCSE) from Microsoft.

I have 2 years and 3 months experiences in Information security and MCITP from Microsoft which is equal MCSE. ISACA didnt define the version or years of certificates. There is MCSE 2003, in 2008 they change the name to MCITP 2008, in 2016 they back again to old naming MCSE 2016.

In this case, do I need more years of experiences considering isaca accepted MCITP as MCSE??

lamont29

ISACA is great at providing this guidance over the phone. All you have to do is call them directly if you are unclear on something.