Identify and manage information security risks. Create a program to implement the information security strategy. Implement an information security program. Oversee and direct information security activities to execute the information security program.
Who can do
To qualify for the CISM certification, one must have a minimum of five years experience in information security, of which three years or more must be in information security management work.