+ Reply to Thread
Results 1 to 12 of 12
  1. Junior Member Registered Member
    Join Date
    Jan 2018
    Posts
    4
    #1

    Default CISM Application - please help

    Hello everybody,
    I just passed the CISM exam. I have a couple of questions regarding the application.

    1. Page A2 (Section A and B): What is the definition of "General Information Security"? I am the Director of IT at my company, and I do have "Information Security Management"experience as I started and established the cyber security program at my company.
    I can claim around 7 years of experience in "Information Security Management". I was an Application Developer before and never really worked on information security prior to assuming this Director of IT role. Does that mean that I cannot claim any experience in "General Information Security" section? I am little confused. Would really appreciate your help.

    2. Page V-1: I report to the CFO. Should I ask him to attest sections 1 and 2 only? Will that work? Since my boss is not a security professional, is he qualified to attest section 3 and 4?

    Thank you all for your help.
    Stan
    Reply With Quote Quote  

  2. SS
  3. The ceiling is glass. PJ_Sneakers's Avatar
    Join Date
    Nov 2014
    Location
    169.254.0.1
    Posts
    791

    Certifications
    AccessData, Cellebrite, CompTIA, EC-Council, IACRB, (ISC)˛, Microsoft, MSAB
    #2
    Not to be a smartass, but. It's self explanatory, look and see if what you did in your job matches the sentence next to the checkbox.
    Reply With Quote Quote  

  4. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,722
    Blog Entries
    50

    Certifications
    PenTest+, CISSP, SSCP, GSEC, CASP, CEH (revoked), CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, MSIT InfoSec
    #3
    Looking at page V-1 on the CISM application under the section Employer's Verification, there does not seem to be a requirement that the employer answering the verification questions be an InfoSec professional.

    Contact certification@isaca.com to get the official ruling.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  5. Senior Member roxer's Avatar
    Join Date
    Jan 2018
    Location
    Some dark place in the universe...
    Posts
    130

    Certifications
    CISSP, CISA, CRISC, CISM, CSAE, CASP, CySA+, SEC+, CCSKv4, TOGAF 9, COBIT5 Foundation
    #4
    You just need 5 years as an IS manager, so you are covered with seven. You can only put up to ten years on the primary anyway--the rest has to be IT Management related. An no, you do not need a security pro to sign off. It just needs to be someone in a high enough position--think VP/CIO or above--that can vouch for you and sign the form.
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Jan 2018
    Posts
    4
    #5
    Thank you JDMurray and Roxer for your help.
    Reply With Quote Quote  

  7. Junior Member Registered Member
    Join Date
    Jan 2018
    Posts
    4
    #6
    Hi PJ_Sneakers,
    Page A-2 does not have an sentence with checkbox. I am good with page V-2. I am just not sure what "general information security services" means. Is it ok to leave Section B blank on page A-2 since I have more than 5 years of Section A (IS Manager) experience?
    Reply With Quote Quote  

  8. The ceiling is glass. PJ_Sneakers's Avatar
    Join Date
    Nov 2014
    Location
    169.254.0.1
    Posts
    791

    Certifications
    AccessData, Cellebrite, CompTIA, EC-Council, IACRB, (ISC)˛, Microsoft, MSAB
    #7
    Do you have a degree or other exemption that can reduce the need for general security experience?
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Dec 2017
    Location
    Chicago, IL
    Posts
    26

    Certifications
    M.A., M.S., CISSP, CISA, CISM, Security+, MCSE, A+, NET+, Project+, CIW
    #8
    Just call ISACA if you are confused. They are very helpful.
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Jan 2018
    Posts
    4
    #9
    No IS related degree. For CISM certification, is "general information security service experience" a must have? My role over the last 7 years has been IS management related. I don't have hands-on Infrastructure or Application security adminstration experience. I lead a team that does the hands-on work.
    Reply With Quote Quote  

  11. The ceiling is glass. PJ_Sneakers's Avatar
    Join Date
    Nov 2014
    Location
    169.254.0.1
    Posts
    791

    Certifications
    AccessData, Cellebrite, CompTIA, EC-Council, IACRB, (ISC)˛, Microsoft, MSAB
    #10
    I believe it's 5 years total infosec, with a minimum of 3 in a management role.
    Reply With Quote Quote  

  12. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,722
    Blog Entries
    50

    Certifications
    PenTest+, CISSP, SSCP, GSEC, CASP, CEH (revoked), CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, MSIT InfoSec
    #11
    Quote Originally Posted by PJ_Sneakers View Post
    I believe it's 5 years total infosec, with a minimum of 3 in a management role.
    The actual work experience must be broad and gained in three of the four CISM job practice areas (see page V-s, Verification of Work Experience form).
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  13. Junior Member Registered Member
    Join Date
    May 2018
    Location
    NRW
    Posts
    2

    Certifications
    CISSP, ISO27001 Information Security Officer, ISO 27001 Lead Auditor, CISM (application pending)
    #12
    Hi,
    I am also applying for certification after passing the exam and have also problems withe the application form.

    How many boxes in each section have to be ticked to gain certification?
    I know that I have to verify in at least three of the domains my practical knowledge, but how deep and wide isn't said.

    I also have the problem that I worked more than eleven years for a company where I have not any contact from leadership to get my verification. I do have a detailed employment reference letter with all the projects and tasks listed, but there is no time mentioned for the tasks.

    My current employer can only verify my last two years.

    Any additional information would be appreciated.
    Last edited by JDMurray; 05-08-2018 at 12:08 PM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks