The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

ISACA Updates CISM Job Practice to Reflect Evolving IT Security Roles

Rolling Meadows, IL, USA (17January 2012)—To stay ahead of evolving IT security roles, ISACA’s June 2012 Certified Information Security Manager (CISM) examination will be based on an updated job practice. The new CISM job practice is available at to help candidates prepare for the exam.

ISACA, a nonprofit association of more than 95,000 IT professionals worldwide, conducts an international job practice analysis at least every five years, which forms the basis of the CISM exam. Since its introduction in 2002, the CISM credential has become recognized worldwide as a symbol of excellence in information security, and has been earned by more than 18,000 professionals. The CISM designation continues to achieve the ISO 17024 Conformity Assessment/American National Standards Institute (ANSI) accreditation and is listed in’s Top 5 Information Security Certifications for 2012. It was also recently recognized at the Hong Kong ICT Awards 2011 with the Certificate of Merit under the “Best Professional Development (ICT Professional) Award.”

“Regularly conducting a job practice analysis ensures that the CISM exam accurately reflects the current tasks and responsibilities of today’s information security managers,” said Allan Boardman, CISA, CISM, CGEIT, CRISC, CISSP, CA(SA), chair of ISACA’s Credentialing Board. “Analyzing the CISM’s role helped us identify the need to streamline the domains within the job practice.”

Major changes to the CISM job practice include combining two of the domains, resulting in four domains, rather than the previous five. The new CISM job practice domains are:

·        Domain 1—Information Security Governance

·        Domain 2—Information Risk Management and Compliance

·        Domain 3—Information Security Program Development and Management

·        Domain 4—Information Security Incident Management

The CISM job practice analysis sought input from thousands of global information security professionals. ISACA’s CISM Job Practice Analysis Task Force facilitated independent reviews with content experts who are CISMs to create a detailed description of the tasks performed by, and knowledge required of, information security managers. ISACA also worked with Professional Examination Service (PES) to complete the analysis. PES has been ISACA’s credentialing partner since 1987.

 “The CISM exam domains have been updated based on expertise gathered during the comprehensive job practice analysis process, adding value and a competitive advantage to those who achieve the credential,” said Boardman.

 Additional information on ISACA’s certifications is available at

 About ISACA

With 95,000 constituents in 160 countries, ISACA is a leading global provider of knowledge, certifications, community, advocacy, and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations. ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.