Information systems and security professionals wanting to add a security credential to their CV may now have further opportunity to do so, following the launch of a new international security management certification. The Certified Information Security Manager (CISM) qualification is the latest designation to be launched worldwide by the Information Systems Audit and Control Association (ISACA), a non-profit US organisation which focuses on IT control and governance issues.

According to ISACA's CISM certifications board chairperson Leslie Macartney, CISM has been geared towards experienced information systems managers with security management responsibilities and aims at addressing the increasing specialisation of professionals in the security management space.

To gain the certification, applicants need to sit a four-hour exam, the first of which will be administered in Australia by Professional Exams Service on behalf of ISACA and conducted in all mainland capital cities on June 14 2003.

The CISM exam will consist of 200 multiple-choice questions, each corresponding to ISACA's five main "job practice areas": security governance, risk management, response management, information security program management and information security management.

Eligibility for the exam is based primarily on work experience. Macartney said those interested in undertaking the exam will need to have a minimum of five years work experience with information security, as well as a minimum of three years of information security management experience involving three of the five specified job practice areas.

Those who do not want to sit the exam can still gain the CISM credential under ISACA's grandfathering program until the end of 2003, but will need to show additional work experience in four of the five specified job practice areas.

Once the exam has been completed, certified professionals must then adhere to ISACA's conditions for maintaining their qualification. These conditions include completing at least 20 additional hours of professional education training annually, as well as attaining 120 hours of professional education within the first three years of undertaking the exam.

The cost of the exam will be US$345 for ISACA members, and $US465 for non-members. A maintenance fee of $US35 to $US40 will also apply to retain the certification each year.

To help applicants prepare for the exam, the ISACA publishes a CISM review manual, available from the ISACA and its partner organisations. A list of these partner organisations is posted on the ISACA Web site.

As well as CISM, ISACA also offers a Certified Information Systems Auditor (CISA) qualification, which recognises educational achievement in information systems auditing, development control and security. Since the CISA qualification was established in 1978, 26,000 professionals have gained accreditation worldwide, ISACA officials said.

More information on the CISM and CISA qualifications is available on the ISACA Web site: http://www.isaca.org/cism.htm