CISM Job Practice Areas
A job practice serves as the basis for the exam and the experience requirements to earn the CISM. This job practice consists of task and knowledge statements, organized by domains.
CISM Certification Job Practice
The current CISM exam covers 4 information security management areas, each of which is further defined and detailed through Tasks & Knowledge statements. These areas and statements were approved by the CISM Certification Committee and represent a job practice analysis of the work performed by information security managers as validated by prominent industry leaders, subject matter experts and industry practitioners.
Following is a brief description of these areas, their definitions and approximate percentage of test questions allocated to each area.
This information provides the basis for the CISM exam and the qualifying experience for certification.
For details on the tasks and knowledge statements forming part of the the CISM domains, click here