CISM certification program was developed by the Information Systems Audit and Control Association (ISACA) for experienced Information security management professionals with work experience in developing and managing information security programs and who understand the programs relationship with the overall business goals. The CISM exam is offered three times a year (June, September, and December), consisting of 200 multiple-choice questions that cover the four CISM domains. The American National Standards Institute (ANSI) has accredited the CISM certification program under ISO/IEC 17024:2003, General Requirements for Bodies Operating Certification Systems of Persons.
- Information Security Governance
- Information Risk Management & Compliance
- Information Security Program Development & Management
- Information Security Incident Management