CISM Application - please help

Hello everybody,
I just passed the CISM exam. I have a couple of questions regarding the application.

1. Page A2 (Section A and

: What is the definition of "General Information Security"? I am the Director of IT at my company, and I do have "Information Security Management"experience as I started and established the cyber security program at my company.
I can claim around 7 years of experience in "Information Security Management". I was an Application Developer before and never really worked on information security prior to assuming this Director of IT role. Does that mean that I cannot claim any experience in "General Information Security" section? I am little confused. Would really appreciate your help.

2. Page V-1: I report to the CFO. Should I ask him to attest sections 1 and 2 only? Will that work? Since my boss is not a security professional, is he qualified to attest section 3 and 4?

Thank you all for your help.
Stan

Find more posts tagged with

Comments

PJ_Sneakers

Not to be a smartass, but. It's self explanatory, look and see if what you did in your job matches the sentence next to the checkbox.

JDMurray

Looking at page V-1 on the CISM application under the section Employer's Verification, there does not seem to be a requirement that the employer answering the verification questions be an InfoSec professional.

Contact certification@isaca.com to get the official ruling.

roxer

You just need 5 years as an IS manager, so you are covered with seven. You can only put up to ten years on the primary anyway--the rest has to be IT Management related. An no, you do not need a security pro to sign off. It just needs to be someone in a high enough position--think VP/CIO or above--that can vouch for you and sign the form.

Stureksc

Thank you JDMurray and Roxer for your help.

Stureksc

Hi PJ_Sneakers,
Page A-2 does not have an sentence with checkbox. I am good with page V-2. I am just not sure what "general information security services" means. Is it ok to leave Section B blank on page A-2 since I have more than 5 years of Section A (IS Manager) experience?

PJ_Sneakers

Do you have a degree or other exemption that can reduce the need for general security experience?

lamont29

Just call ISACA if you are confused. They are very helpful.

Stureksc

No IS related degree. For CISM certification, is "general information security service experience" a must have? My role over the last 7 years has been IS management related. I don't have hands-on Infrastructure or Application security adminstration experience. I lead a team that does the hands-on work.

PJ_Sneakers

I believe it's 5 years total infosec, with a minimum of 3 in a management role.

JDMurray

PJ_Sneakers wrote: »

I believe it's 5 years total infosec, with a minimum of 3 in a management role.

The actual work experience must be broad and gained in three of the four CISM job practice areas (see page V-s, Verification of Work Experience form).

zaphod99

Hi,
I am also applying for certification after passing the exam and have also problems withe the application form.

How many boxes in each section have to be ticked to gain certification?
I know that I have to verify in at least three of the domains my practical knowledge, but how deep and wide isn't said.

I also have the problem that I worked more than eleven years for a company where I have not any contact from leadership to get my verification. I do have a detailed employment reference letter with all the projects and tasks listed, but there is no time mentioned for the tasks.

My current employer can only verify my last two years.

Any additional information would be appreciated.