For the past 20 years, the Certified Information Security Manager ® (CISM®) has served as the global credential that ensures alignment between an organization’s information security program and its broader strategic goals. Both for better and for worse, much has changed in information security during that time.
Consider that when CISM first came on the scene in 2002, modern-day security focal points such as weaponized malware, the proliferation of connected devices, smartphones, widespread data breaches and General Data Protection Regulation (GDPR) were not on information security professionals’ radars.
Growing adoption of various emerging technologies also has complicated the role for information security managers and their teams.
“As much as companies wish to onboard emerging technologies rapidly and effectively to gain more of a competitive advantage, there are potential security concerns that information security managers need to help their organizations navigate through due to operational complexity, visibility of data and processes controls,” said Goh Ser Yoong, CISA, CISM, CGEIT, CRISC, CDPSE, CISSP, MBA. “The balancing act has certainly grown much harder around maintaining the Confidentiality, Integrity and Availability (CIA) triage for information security managers with the emerging technology adoption trends.”
At the same time, expectations have risen dramatically for information security managers to be business enablers, even as the threat landscape has exploded in recent years.
“We are in an era of almost an infinite number of platforms, technologies and tools,” said Sandeep Godbole, CISM, CISA, CISSP, CGEIT, information security professional and author. “Racing to learn and adapt to the dynamic environment has become quite difficult. Simply vetoing a technology or solution is not an acceptable response. The expectation is to secure whatever is being developed or used.”
While working in the infosec realm has become increasingly challenging, many industry changes have been positive ones. Among the major areas of progress for information security leaders since CISM debuted is how seriously their work is taken, all the way to the highest levels of the organization. That means CISMs are in high demand and command higher salaries.
“Information security managers now have a seat at the table in most boardrooms, and cybersecurity is largely viewed as an organizational issue, rather than simply an IT concern,” said Josh Hamit, senior vice president and CIO, Altra Federal Credit Union, and member of ISACA’s Emerging Trends Working Group. “Going back 10 or 20 years, it was not uncommon to see security driven by compliance, which often resulted in doing the minimum instead of proactively developing a robust program. Thankfully, that former mentality has shifted dramatically, though it unfortunately took catastrophic breaches to generate more support for security,”
More than 65,000 people have become CISM-certified during the credential’s first 20 years. The CISM certification has stayed up to date through the many changes to the industry with regular refreshes to the exam’s job practices, including a new update to the exam coming on 1 June. Find out more about CISM and the new exam at www.isaca.org/cism, and download a new infographic, “Managing Two Decades of Change in Information Security.”