Training and Certification

Changes to the CISM Domains

August 11, 2017

Guest Author

CISM, Certified Information Security Manager, is one of the highest-level globally recognized certifications in the InfoSec industry. In December 2016, ISACA announced that there would be changes made to the CISM domains. These changes took effect with the first administration dates of the CISM exam in 2017.

Changes to the CISM Domains

ISACA, in a press release on December 13 2016, stated that the changes to the CISM domains were made to keep up with InfoSec industry changes. Every five years ISACA, reviews the job practice areas to ensure they are up-to-date and relevant in the current industry landscape. Over a period of nine months the CISM Practice Analysis Task Force analyzed the data and restructured the focus percentage of the job practice ares on the CISM exam.

Here is a side-by-side view of the CISM domain changes:

2012-2016 Domains

  • Domain 1: Information Security Governance- 24%
  • Domain 2: Information Risk Management and Compliance- 33%
  • Domain 3: Information Security Program Development and Management- 25%
  • Domain 4: Information Security Incident Management- 18%

2017 Domains

  • Domain 1: Information Security Governance- 24%
  • Domain 2: Information Risk Management- 30%
  • Domain 3: Information Security Program Development and Management- 27%
  • Domain 4: Information Security Incident Management- 19%

While the title of the CISM domains, or job focus areas, did not change themselves, the amount of focus put on those domains in the exam is what was altered. Information Risk Management saw a 3% drop, Information Security Program Development and Management increased by 2%, and Information Security Incident Management increased by 1%. In addition, ther overall domain objectives have been slightly altered to reflect what is now covered by the new scope of the CISM domains.

All but Domain 2 experienced an increase in task and/or knowledge statements. Additionally, it is important to note that the domains statements (knowledge and task) were reworded and expanded upon to reflect the new overall domain objectives. If you are planning to take the CISM exam, you can find the new job practice areas here. You will want to be sure that you are following the next job practice areas as outlined because they are what you will be tested on when you sit for the exam.

CISM Exam Dates

Along with changing the weight of the CISM domains, ISACA also announced a change the testing dates for several certifications. ISACA now offers three “testing windows” during the year. These windows are 3-weeks long and are held in spring, summer, and winter. These changes took effect at the beginning of 2017.

Learn More About The 2017 ISACA Exam Dates 

All You Need To Know About CISM Certification

If you are reading this post about the changes to the CISM domains, then the chances that you are interested in becoming CISM certified are high! If you have yet to begin your journey to becoming CISM certified you will want to check out some great posts regarding CISM certification.

Get CISM Certified

Are you prepared to take the exam with the new CISM domains? Taking a prep course is the best way to know if you’re prepared to take the exam. Find out if you’re ready to take an our exam prep course now!

subscribe by email

Stay Ahead

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.