Practical Experience ...

Practical Experience

A minimum of five (5) years of professional information security managing work experience is required. Substitution and waivers of such experience may be obtained as follows:

A maximum of one year of information systems, operating or programming experience or one year of information security experience can be substituted for one year of information systems security management experience. Every two years of experience as a full-time university instructor in a related field (e.g. computer science, accounting, information systems security) may be substituted for one year of information systems auditing, control or security experience. 60 to 120 completed university semester credit hours (the equivalent of a two-year or four-year degree), can be substituted for one or two years, respectively, of experience. Even if multiple degrees have been eared, a maximum of 2 years can be claimed. A bachelor's or master's degree from a university that enforces the ISACA sponsored Model Cu8rricul can be substitut4ed for one year of information systems auditing, control or security experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if three years of experience substitution and educational waiver have already been claimed. A master's degree in information security or information technology from an accredited university can be substituted for one year of experience.

Experience must have been gained within the ten-year period preceding the date of the application for certification. Candidates have five years from the date of their exam in which to apply. After five years, their exam score is void. It is important to note that many individuals choose to take the CISM exam prior to meeting the experience requirements.