(Customised for Hyderabad for December 2010 Exam)
Thanks for showing interest in ISACA and CISM.
Here are the most frequently asked questions,
which we hope will clarify most of your doubts. In case you need
further details you can log on to isaca.org/cism
CISM stands for Certified Information Security Manager.It is a globally accepted certification exam
conducted by ISACA twice a year – June and December. The mark of
excellence for a professional certification program is the value and
recognition it bestows on the individual who achieves it.
CISM is unique in the information security credential
marketplace because it is designed specifically and exclusively for
individuals who have experience managing an information security
program. The CISM certification measures an individual’s management
experience in information security (IS) situations, not the
individual’s general practitioner skills. A growing number of
organizations are requiring or recommending that employees become
certified. To help ensure success in the global marketplace, it is
vital to select a certification program based on universally accepted
information security management practices. CISM delivers such a
program. Those who hold this designation join a network of
professionals known for their expertise in information security
management, IT governance and risk management.
With
more than
86,000 constituents in more than 160 countries, ISACA®
(www.isaca.org) is a
leading global provider of knowledge, certifications, community,
advocacy and
education on information systems assurance and security, enterprise
governance
of IT, and IT-related risk and compliance. Founded in 1969, ISACA
sponsors
international conferences, publishes the ISACA® Journal, and
develops
international information systems auditing and control standards. It
also
administers the globally respected Certified Information Systems
Auditor™
(CISA®), Certified Information Security Manager® (CISM®)
and Certified in the
Governance of Enterprise IT® (CGEIT®) designations.
ISACA
developed and
continually updates the COBIT®, Val IT™ and Risk IT frameworks,
which help IT
professionals and enterprise leaders fulfill their IT governance
responsibilities and deliver value to the business.
The exam is open to all. There are no
eligibility requirements.Software
professionals, Chartered Accountants, auditors, Banking professionals,
executives and government officials take up this exam for its
applicability, international recognition, career enhancement options,
and for improving their organizational systems.
Please visit www.isaca.org/cismexam.In this page, you see links
for Registration as well as other info relating to the exam.There is also a FAQ section. You can download
the Bulletin of Information regarding the CISM Exam from http://www.isaca.org/cismboi.
CISM exam
is generally held on the second Saturday of June and December each
year. The
next exam is scheduled for Saturday, 11 December 2010. The last date
for
registration with early bird incentive is 5 August, 2010 and the final
registration deadline is 6 October, 2010.
Exam fee is dependent
on whether you are paying online or offline and also when you are
registering
for the examination. Online payments have a $50 rebate in the exam fee.
In
addition, you are also entitled to a $50 early bird incentive in case
you
register before 5 August, 2010.
You can also
explore becoming a member and register for the exam simultaneously. On
becoming
a member online and paying the registration fee simultaneously, you
have to pay
a marginally higher amount, but by paying this higher amount, you
become
entitled to all membership benefits including the ISACA Journal, access
to the
online ISACA Library, concession at the Local Chapter CISM Review Class
and
also attendance at the local chapter events. For more details of
membership
benefits refer to www.isaca.org/benefits.
Details of fee
payable and the comparison are given in the table below.
Particulars
Total cost including Membership Fee
Exam Fee for non-member
New Member
Processing Fee, Annual Fee and Local Chapter Fee
Exam Fee for
member
Total
Online payment before August 5,
2010
95
(membership
period ends Dec 31, 2010)
365
460
495
Online payment between August 6
and August 18, 2010
160
(membership
period ends Dec 31, 2011)
365
525
495
Online payment between August
19 and October 6, 2010
160
(membership
period ends Dec 31, 2011)
415
575
545
Offline payment before August
5, 2010
115
(membership
period ends Dec 31, 2010)
415
530
545
Offline payment between August
6 and August 18, 2010
180
(membership
period ends Dec 31, 2011)
415
595
545
Offline payment between August
19 and October 6, 2010
One can
either withdraw from appearing for the exam or defer taking the exam to
a
future date.There is a scheme for
deferring the exam on payment of a fee.The exam can then be taken at the next
opportunity.Full details are available at
http://www.isaca.org/examdefer.
The paper consists of 200
multiple-choice questions to be answered in 4 hours,
covering five chapters viz.
Information
security
governance (23
percent)—Establish and maintain a framework to provide assurance that
information security strategies are aligned with the business
objectives and consistent with applicable laws and regulations.
Information
risk
management (22
percent)—Identify and manage information security risks to achieve
business objectives.
Information
security
program development (17
percent)—Create and maintain a program to implement the information
security strategy.
Information
security
program management (24
percent)—Oversee and direct information security activities to execute
the information security program.
Incident
management
and response (14
percent)—Plan, develop and manage a capability to detect, respond to
and recover from information security incidents.
Candidate scores are reported
as a scaled score.A scaled score is a
conversion of a
candidate’s raw score on an exam to a common scale.ISACA uses and reports scores on a common
scale from 200 to 800.A candidate must
receive a score of 450 or higher to pass the exam.
a)ISACA
publishes CISM Review Manual (CRM) every year and that is the
basis for
starting studies.It is
available for purchase from www.isaca.org.The
cost is $85 for members, and $115 for
non-members.
b)The CISM Practice
Questions Database (CD-ROM)Cost: $120 for members, and $165 for
non-members.It combines
the
550
questions, answers and explanations.This
helps you to understand how exam
questions are framed.Website download is
also available.
Read,
read, read… Understand
the
subject; Highlight important points; if you are used to group
study,
please do so.Group study does help in
sustaining momentum / motivation, sharing of knowledge and
understanding
various perspectives.Primarily, the
exam tests your conceptual understanding of various technologies,
processes,
risks, controls, audit and governance techniques.
Generally,
it takes three to six months (2 hours of study a day) to prepare and be
confident of facing the exam, depending on the individual’s experience
and
exposure to the content areas, and grasp of new concepts.It is best to complete one reading of CISM
Review Manual in the first 2 months.One
idea would be to take a dummy test first (of say 50 questions, to see
where you
stand), then, after one reading of CRM take the same test again and see
the
improvement made.It is preferable to
take tests after studying each chapter, and then retake these tests
after a gap
of one month to see if any mistakes have been repeated.These will be the concepts that you have to
get right.
The
Hyderabad Chapter of ISACA conducts a quick refresher class for 4 full
days
sometime in September on two consecutive Saturday and Sundays. The
class also
includes a mock test and discussion on the answers for the mock test.
Classes
are conducted by experienced faculty who have passed the exam and have
experience in their respective domains.
The
cost for the classes conducted by the Chapter is yet to be finalized
but will
be approximately Rs. 6,000.
