Why CISM? Who Earns CISM Certification? CISA, CISM and CGEIT Program Accreditation Renewed Under ISO/IEC 17024:2003

Transcription

1

2 The Certified Information Security Manager (CISM) certification is a unique management-focused certification that has been earned by more than 16,000 professionals since its introduction in Unlike other security certifications, CISM is for the individual who manages, designs, oversees and assesses an enterprise's information security. Strong security management is crucial in any enterprise using IT to support its business needs. Today s IT environment calls for systems that are secured not only from external, malicious attacks, but from unauthorized internal change as well. The Certified Information Security Manager (CISM ) certification program supports these business needs. The program is developed specifically for experienced information security managers and those who have information security management responsibilities. With the CISM designation comes many professional and personal benefits including: Worldwide recognition for professional experience Enhanced knowledge and skills Career advancement Who Earns CISM Certification? The CISM certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. CISM certification is for individuals who design, build and manage enterprise information security and who have experience in the following areas: Information Security Governance Information Risk Management Information Security Program Development Information Security Program Management Incident Management and Response Why CISM? CISM demonstrates proven experience: The demand for skilled information security management professionals is on the rise. Earning a CISM designation will give you a competitive advantage. Many enterprises and government agencies increasingly recognize, require and expect their IS and IT professionals to hold this certification. Being a CISM: Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program Puts you in an elite peer network CISM enhances credibility and recognition: CISM is globally recognized as the leading credential for information security managers. CISM combines the achievement of passing a comprehensive exam with recognition of work, management and educational experience, providing you with greater credibility in the marketplace. CISM means higher earning potential and career advancement: Recent independent studies consistently rank CISM as one of the top two highest paying and sought after IT certifications. CISA, CISM and CGEIT Program Accreditation Renewed Under ISO/IEC 17024:2003 The American National Standards Institute (ANSI) has accredited the CISA, CISM and CGEIT certifications under ISO/IEC 17024:2003, General Requirements for Bodies Operating Certification Systems of Persons. ANSI, a private, nonprofit organization, accredits other organizations to serve as third-party product, system and personnel certifiers. ISO/IEC specifies the requirements to be followed by organizations certifying individuals against specific requirements. ANSI describes ISO/IEC as expected to play a prominent role in facilitating global standardization of the certification community, increasing mobility among countries, enhancing public safety and protecting consumers..

3 2016 CISM Job Practice Areas The CISM exam is offered each year and consists of 200 multiple-choice questions that cover the four information security management job practice domains created from the most recent CISM job practice analysis. The percentages below indicate the emphasis of questions that will appear on the exam from each domain. The job practice analysis was developed and validated using prominent industry leaders, subject matter experts and industry practitioners. The domains and their definitions are as follows: Domain 1 Information Security Governance (24%) Establish and maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives, information risk is managed appropriately and program resources are managed responsibly. Domain 2 Information Risk Management and Compliance (33%) Manage information risk to an acceptable level to meet the business and compliance requirements of the organization. Domain 3 Information Security Program Development and Management (25%) Establish and manage the information security program in alignment with the information security strategy. Domain 4 Information Security Incident Management (18%) Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. CISM exam questions are developed and maintained carefully to ensure that they accurately test an individual s proficiency in information security management. For a description of task and knowledge statements for each area, please refer to

4 CISM Review Course The ISACA Manila Chapter can help you become a CISM. We are conducting a series of review classes that will help you prepare for this year s CISM examination that is scheduled on 11 June We have assembled a team of highly qualified IS governance professionals, who themselves are CISMs, to help you achieve your objective. * Dates may be subject to change without prior notice. TOPIC TIME DATE Domain 2 - IS Risk Management and Compliance 8am - 5pm Mar. 12 Domain 1 - IS Governance 8am - 5pm Mar. 19 Domain 3 - IS Program Development & Mgt. 8am - 5pm Apr. 2 Domain 4 - IS Incident Mgt. 8am - 5pm Apr. 16 Mock Exam 8am - 12nn Apr. 30 Debriefing 8am - 5pm May 7

5 RESOURCE SPEAKERS March 12, :00 AM 5:00 PM Domain 2 Information Risk Management and Compliance (33%) Reginald John Javier, CISM, CPISI RJ is the Chief Information Officer of Millenium Business Services, Inc. His wealth of experience is a product of handling information technology, information security, risk management and business development for various organizations in diverse industries, as a member of the management team and as a consultant.he was the Asia-Pacific Regional Security Manager for one of the biggest and pioneer BPOs in the Philippines. Before joining the BPO industry, he was a Senior Manager for KPMG Laya Mananghaya /Manabat Sanagustin & Co's Risk Advisory Services, handling IT Strategy and Governance, Business Continuity Management, and IT Project Advisory. He is a Certified Information Security Manager (CISM) and currently a Board of Trustees of ISACA Manila Chapter and the Director for Professional Development. March 19, :00 AM 5:00 PM Domain 1 Information Security Governance (24%) Philip Casanova, CISSP, CISM, CRISC Philip is the Asia Regional Head for Information Security at Sun Life Financial (SLF). He covers the SLF offices in Hon Kong, India, Indonesia and the Philippines. His responsibilities include information security governance; security advisory; security operations oversight; and security program development and maintenance. Before SLF, he was the Assistant Vice-President and Chief Information Security Officer at China Banking Corporation (CBC). His responsibilities included security access management, security incident management, IT risk assessment, business continuity planning, policy development and maintenance, vulnerability assessment and penetration testing, and physical and environmental security. Prior to CBC, he was a Director in the Technology & Security Risk Services practice of Sycip Gorres Velayo & Co. a member practice of Ernst & Young. He was responsible for managing client engagements in IT security program review, vulnerability assessment and penetration testing, ISO advisory, IT program assurance, information systems strategic planning and review, and business continuity planning. He was also an Assistant Professor in the College of Computer Studies in DLSU-Professional Schools Inc. and was the Chairperson of the Computer Technology Department for three academic years. He obtained both Masters and Bachelor degrees in Computer Science at De La Salle University Manila.

6 RESOURCE SPEAKERS April 2, :00 AM 5:00 PM Domain 3 Information Security Program Development and Management (25%) Luis Chito A. Jacinto, CISA, CISM, CRISC, PIE, CPISI Chito is currently Vice President at the Corporate Risk Management Services (CRISMS) Group of the Rizal Commercial Banking Corporation (RCBC). He is currently the Bank's Chief Information Security Officer. His responsibilities include establishing and maintaining the enterprise vision, strategy and program to ensure information assets and technologies of the RCBC group are adequately protected. He directs the identification, development, implementation and maintenance of processes across the enterprise to reduce information and technology risks; respond to incidents; establish appropriate standards and controls; and direct the establishment and implementation of policies and procedures. He has been an Information Technology (IT) professional for over thirty (30) years, through which he gained his IT governance experience. He has concurrently spent more than half of those years as a training professional and an educator. April 16, :00 AM 5:00 PM Domain 4 Information Security Incident Management (18%) Solomon B. Anastacio, CISA, CISM Sol has more than 25 years of IT-related experience with 14 years of IT Administration and IT Project Management, 6 years in Information Security and 5 years in IT Auditing. He is a member of ISACA-Manila Chapter, was a member of the Board from 2005 to 2013 and was a Past President of the organization from He is also a currently member of the Institute of Internal Auditors Philippines (IIA-P), the Project Management Institute (PMI) Philippine Chapter and the Society of Risk Management Professionals (SRMP). He is a graduate of BS Computer Science from University of the Philippines Los Banos. He is a Certified Information Systems Auditor (CISA) and a Certified Information Security Manager (CISM).

7 New Course Fees ISACA Members NON-VAT Non Members Php 23, Php 26, The review classes will be held at: ISACA Manila Professional Development Center Suite 2109 Cityland 10 Tower 2, #154 H.V Dela Costa St., Makati City Telefax Nos or ABOUT THE CISM EXAMINATIONS The CISM Examination will be administered on 11 June 2016, Saturday For details of the registration, fees and payment and other details about the examination, you may visit the ISACA website at You may register by: Sending a confirmation at secretariat@isaca-manila.org or at isaca_manila@yahoo.com Calling the secretariat at (02) , and look for Apple Bernardez or Buboy Barasona or Nilda Andal Sending your completed application form at fax number (02) (T/F)

8 EXAM DETAILS AND REFERENCE MATERIALS The CISM Examination will be administered on 11 June 2016, Saturday EXAMINATION FEE ISACA Member Non Member Early registration deadline: 10 February 2016 US$450 US$635 Final registration deadline: 8 April 2016 US$500 US$685 Exam registration changes: Between 9 April and 22 April 2016, charged a US $50 fee, with no changes accepted after 22 April 2016 Refunds: By 8 April 2016, charged a US $100 processing fee, with no refunds after that date Deferrals: Requests received on or before 22 April 2016, charged a US $50 processing fee. Requests received from 23 April through 27 May 2016, charged a US $100 processing fee. Requests received from 28 May through 8 June 2016, charged a US $125 processing fee. After 8 June 2016, no deferrals will be permitted All deadlines are based upon Chicago, Illinois, USA 5 p.m. CT (central time) To request a deferral, please go to No refunds or exchanges will be given for study aids, associated taxes, shipping and handling charges, or membership dues. Exam registration and membership fees are non-transferable. Available Study Materials From ISACA: Passing an ISACA exam can be achieved through an organized plan of study. To assist individuals with the development of a successful study plan, ISACA offers study aids to exam candidates. Visit for more complete details including detailed descriptions of the products, costs, and languages available. Order early as delivery time can be one to two weeks, depending on geographic location and customs clearance practices. CISM Review Manual, 14th Edition Member price: $ Non-member price: $ CISM Review Questions, Answers & Explanations, 11th Edition Member price: $ Non-member price: $130.00

9 R E G I S T R A T I O N F O R M SUBJECT: CISM (March 12 May 7, 2016) Exam Date 11 June 2016 TO: ISACA SECRETARIAT FAX NO.: (02) / NAME COMPANY NAME COMPANY ADDRESS CURRENT FIELD OF EMPLOYMENT & PROFESSIONAL ACTIVITY YRS OF EXPERIENCE MEMBERSHIP ISACA MEMBER Please specify membership no. PERSONAL PAYMENT: (PLS CHECK ONE) COMPANY CONTACT DETAILS: PERSONAL How did you hear about us? Friend/Co-worker Local Chapter Employer Certification Programs Internet Search Direct Mail IS Control Journal Educational Event Other Publication (Pls. Specify) Other Organization (Pls. Specify) REMARKS (SPECIAL ARRANGEMENT PHYSICAL DISABILITIES, FOOD PREFERENCE, ETC.) ADDRESS: Fees, speakers and date are subject to change Please make your checks payable to INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION Training Fee is inclusive of Training Kit, Refreshments and Training certificate Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Registered attendees who are unable to attend the above course can send replacements subject to one week s notification. Cancellations must be received in writing at least one week prior to course commencement No-shows would be fully charged (REGISTRATION FORM IS REQUIRED) I/We hereby agree to the terms and condition as declared by the ISACA Manila Chapter. Name/Representative : Signature : Contact No. : Date :