Move ahead.

 

Get the training and professional certification you need to get ahead.

All training, exam preparation, and certification exams are offered completely online - live instructor-led or on-demand pre-recorded.

Absolutely no travel or personal appearance is required.

Overview

In a world fraught with personal and corporate financial insecurity, the need for skilled and knowledgeable business professionals has never been greater. Compliance with local and international laws and industry regulations have raised the bar for professional business practices expected of organizations, which have in turn increased the need for professionals who know how to help organizations fulfill and document compliance with the new laws and regulations. Establishing and maintaining a solid risk-based approach to managing information security, business continuity/disaster recovery, and fraud control is no longer simply a good thing for organizations to do. Today, regulators demand it.

Your experience in the field is an important component of your value to an employer. But experience isn’t enough. Employers need something quantifiable and verifiable to show them you have the expertise they need. Certification by a respected accreditation organization is becoming indispensable to the business professional.

Positions in many large corporations and governmental agencies worldwide now require certification, and credentialed practitioners have a higher earning potential and greatly expanded career opportunities.Moreover, being certified makes a statement about who you are. You’ll be recognized as a knowledgeable, serious, dedicated professional – part of a globally recognized family of business professionals. For over 10 years, Certified Information Security has trained business professionals to:

  • Establish and manage effective enterprise risk management programs in conformance with internationally accepted frameworks and best practices.
  • Control internal fraud and abuse.
  • Secure information according to international best practices and stakeholder expectations.
  • Plan, deploy, maintain, and improve business continuity and disaster recovery management according to international best practices to ensure that critical business processes can survive disruptive events, and are restored within recovery time objectives.

With the proper training and certification by Certified Information Security, you can illustrate to employers your documented and proven expertise to fulfil new and urgent needs in each of these three critical areas. 

Benefits of Certification

Being a member of CIS says a lot about who you are, which is, after all, a consummate professional in a world fraught with security threats, including fraud incidents and other business disruptions. Certification gives you the backing, the education, the colleagues, the networking system, and the power to face these threats head on.

With CIS certification, you’ll be part of a globally recognized family of information professionals. You’ll have access to our full spectrum of global resources, inside informational activities, private forums and peer networking, mentoring and sponsoring, research and teaching, and a wealth of ongoing information security, fraud control, and business continuity management opportunities at your fingertips. 

Accreditation of Certifications

atec 250The International Risk Management Certification Board (IRMCB) is an independent Non-Governmental Organization accreditation authority that exists to lead and enhance the effective practice of enterprise risk management in conformance with recognized frameworks and standards of best practice such as ISO 31000 and COSO. The scope of IRMCB extends to related integrated risk management systems including:

  • Compliance Management aligned to the ISO 19600 standard
  • Information Security Governance and Management aligned to the ISO/IEC 27001 specification and related ISO standards
  • Business Continuity Governance and Management aligned to ISO/IEC 22301 specification and related ISO standards
  • Fraud Control Governance and Management
  • Quality Management Systems aligned with ISO 9001:2015
  • Service Governance and Management aligned with ISO/IEC 20000

Certified Information Security is an Authorized Training and Education Center (ATEC) for the International Risk Management Certification Board (IRMCB). CIS certifications are NOT certified and accredited to ISO standard 17024.

Want to advance your career in risk management, compliance, information security, cyber security, fraud control, or business continuity management, or occupational health & safety? Choose according to your interest below:

ISO 31000 Enterprise Risk Managment

ISO 31000 Certified Internal Controls Risk Analyst™ (CICRA)

CICRA 250Because all information security analysis, controls, and processes are essentially a product of risk management, ISO/IEC 31000 and 27005 provides the framework for how to apply proper risk management within the ISO/IEC 27001/27002 ISMS, or within the 22301 BCMS. The CICRA credential by IRMCB certifies your understanding of how ISO/IEC 31000, 31010, and 27005 can be used to develop a custom enterprise risk management program that fulfills the requirements of both ISO/IEC 27001, and ISO 22301. It also helps fulfil the competence requirements of the certifications themselves. Certified Information Security provides the training and credentialing you need to become recognized as an authority in leading or facilitating risk assessment and management according to the ISO/IEC 31000, 31010, and 27005 standards.

ISO 31000 CICRA is the risk management certification supporting a career in risk management, information security management, or business continuity/disaster recovery management. It is appropriate for all members of the BCMS or ISMS committee. This certification validates competence and understanding for developing and managing a custom risk-management methodology based upon the ISO/IEC 31000/27005 Risk Management Frameworks.

Upon completion of this training and certificate program, you will:

  • be equipped with knowledge and skills required to develop, manage, monitor, and improve an Enterprise Risk Management System in line with the ISO 31000 standard of best practice;
  • expand your risk management competency;
  • increase your credibility through gaining international recognition; and
  • improve your résumé and help to increase your earning potential.

ISO 31000 CICRA DETAILS

Achieving your CIS credential is a several-step process:

1
Required Experience – possessing the required number of years for the appropriate credential
2
Study – taking advantage of the educational materials and courses CIS makes available for you to review and refresh your knowledge before taking the credential examination
3
Application– validating your education and/or experience
4
Examination(s) – sitting and passing the appropriate exam(s)
5
Code of Ethics – committing to and abiding by principles and guidelines set forth by CIS
6
Endorsement Process – attesting to your eligibility requirements

Becoming a Member of the CIS Body of Certified Professionals

If you are not already an Associate Member of the CIS body of certified professionals, you must first become a member to pursue a CIS credential. As a member, you will be entitled to such member benefits as:

  • Certification Verification
  • Helpful Links

Membership Dues

Initial membership applications are subject to an application fee of $20.00 USD, plus normal membership dues of $80.00 if approved. Memberships are then renewed annually in January for $80.00 USD. When joining AFTER 30 September of the current year, you will automatically receive membership through 31 December of the following year.

Code of Ethics

All professionals who are certified by Certified Information Security (CIS) recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all CIS members are required to commit to fully support this Code of Ethics (the "Code"). CIS members who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification. CIS members are obligated to follow the ethics complaint procedure upon observing any action by a CIS member that breach the Code. Failure to do so may be considered a breach of the Code pursuant to Canon IV, "Advance and Protect the Profession".

There are only four mandatory canons in the Code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional.

Additional guidance is provided for each of the canons. While this guidance may be considered by the board of directors in judging behavior, it is advisory rather than mandatory. It is intended to help professionals identify and resolve the inevitable ethical dilemmas that they will confront during the course of their information security career.

Code of Ethics Preamble:

  • Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
  • Therefore, strict adherence to this Code is a condition of certification.

Code of Ethics Canons:

  • Protect society, the commonwealth, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principals.
  • Advance and protect the profession.

The following additional guidance is given regarding pursuit of these goals.

Objectives for Guidance

  • In arriving at the following guidance, the committee is mindful of its responsibility to:
  • Give guidance for resolving good versus good and bad versus bad dilemmas.
  • To encourage right behavior such as:
    • Research
    • Teaching
    • Identifying, mentoring, and sponsoring candidates for the profession
    • Valuing the certificate   
  • To discourage such behavior as:
    • Raising unnecessary alarm, fear, uncertainty, or doubt
    • Giving unwarranted comfort or reassurance
    • Consenting to bad practice
    • Professional association with non-professionals
    • Professional recognition of or association with amateurs
    • Associating or appearing to associate with criminals or criminal behavior  

These objectives are provided for information only; the professional is not required or expected to agree with them. In resolving the choices that confront him or her, the professional should keep in mind that the following guidance is advisory only. Compliance with the guidance is neither necessary nor sufficient for ethical conduct. Compliance with the preamble and canons is mandatory. Conflicts between the canons should be resolved in the order of the canons. The canons are not equal and conflicts between them are not intended to create ethical binds.

Protect society, the commonwealth, and the infrastructure

  • Promote and preserve public trust and confidence in information and systems.
  • Promote the understanding and acceptance of prudent information security measures.
  • Preserve and strengthen the integrity of the public infrastructure.
  • Discourage unsafe practice.

Act honorably, honestly, justly, responsibly, and legally

  • Tell the truth; make all stakeholders aware of your actions on a timely basis.
  • Observe all contracts and agreements, express or implied.
  • Treat all members fairly. In resolving conflicts, consider public safety and duties to principals, individuals, and the profession in that order.
  • Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be truthful, objective, cautious, and within your competence.
  • When resolving differing laws in different jurisdictions, give preference to the laws of the jurisdiction in which you render your service.

Provide diligent and competent service to principals

  • Preserve the value of their policies, authorized business processes, and code of ethics.
  • Respect their trust and the privileges that they grant you.
  • Avoid conflicts of interest or the appearance thereof.
  • Render only those services for which you are fully competent and qualified.

Advance and protect the profession

  • Sponsor for professional advancement those best qualified. All other things equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession.
  • Take care not to injure the reputation of other professionals through malice or indifference.
  • Maintain your competence; keep your skills and knowledge current. Give generously of your time and knowledge in training others.

Annual Maintenance Fees and CPE Requirements

Annual Maintenance Fees and Continuing Educational Credit Requirements

Payment of Annual Maintenance Fees (AMFs) and maintaining your membership in the CIS Body of Certified Professionals (CISBCP) ensures that the organization has the necessary financial resources to maintain member records, ensures certification continues to meet the needs and requirements of the market, and ensures that the organization will continue to be a functional, dynamic entity far into the future. Although you are not required to post or record CPEs, CPEs must be made available upon demand should you be selected for random audit.

  • CFCM's, CICA's, ISO 27001 Lead Auditors, and CBCM's are required to earn and retain a minimum of 20 CPE credits (of the 120 CPE credits required in the three-year certification cycle) and pay the corresponding Annual Maintenance Fee during each year of the three-year certification cycle.
  • CPFCS's, CFCP's, CBCS'es, CBCA's, and ISO 27001 Lead Implementers  are required to earn and retain a minimum of 10 CPE credits (of the 60 CPE credits required in the three-year certification cycle) and pay the corresponding Annual Maintenance Fee during each year of the three-year certification cycle.
  • CPFCS's, CFCA's, and CICRA's are required to earn and retain a minimum of 10 CPE credits (of the 60 CPE credits required in the three-year certification cycle) and pay the corresponding Annual Maintenance Fee during each year of the three-year certification cycle.

For any certifications starting after 30 September of the current year, AMF requirements shall be waived for the first subsequent year.

separator

CPE Fulfilment

CPE Eligibility

  1. Group A Credits: Subject-matter related activities
    Group A credits relate directly to activities in the areas covered by the specific exam objectives of the respective credential. Examples include:
    • Reading a magazine, book or whitepaper.
    • Publishing a book, whitepaper or article.
    • Attending a conference, educational course, seminar or presentation.
    • Preparing for a presentation or teaching information related to information security.
    • Performing a unique work-related project that is not a part of your normal work duties.
    • Self-study related to research for a project or preparing for a certification examination.
    • Volunteering for government, public sector, and other charitable organizations.
    • Taking a higher academic course.

  2. Group B Credits: Professional Development Knowledge Sharing
    Group B credits are earned for completion of general professional development activities which enhance your overall professional skills, education, knowledge, or competency outside of the  exam objectives associated with the respective certifications. These generally include professional development programs, such as professional speaking or management courses. While these do not apply directly to the relevant exam objectives, CIS recognizes these skills are vital in the growth of all professionals and their credentials. Some examples are shown below:
    • Attending a conference, educational course, seminar or presentation.
    • Preparing for a presentation or teaching information related to professional development.
    • Self-study related to research for a project or preparing for a certification examination.
    • Forming or managing a chapter of a professional organization.
    • Taking a higher academic course.

CPE Calculation

The CPE categories will provide the number of credits you can earn for each activity. Typically, you will earn one CPE credit per one-hour time spent in an educational activity. You can self-record CPEs in 0.25, 0.50 and 0.75 increments. However, some activities are worth more credits due to the depth of study or amount of ongoing commitment involved. In general, CPE credits are not earned for normal on-the-job activities.

If the CPE activity occurred over multiple days, the end date is used to determine eligibility for a particular certification cycle. For example, if the activity started 1 August 2018 and ended on 5 September 2019, the CPE can be applied to any cycle that was active on 5 September 2019.

Auditing of CPE Credits
CIS' CPE Auditors perform random audits of claimed CPE credits by members/associates. Members will need to provide proof of attendance or a brief description of the activity. This is an important process which upholds the integrity of CIS’ credentials as well as keeping in compliance with ANSI/ISO standards for certification.

If you are chosen for an audit, you will receive instructions via email regarding the necessary documentation to support these activities. It is important to respond to this request and to provide the information exactly as instructed within 90 days.

Certification Re-Activation

Suspension

Suspension of certification can only be lifted when the minimum annual CPE and AMF requirements are met. From the date of suspension, members will have a grace period of 90 days to get their CPE credits and AMFs up to date. If a member does not fulfill all CPE and AMF requirements within this 90 days, the member's membership will be terminated, and his or her certifications will be revoked.

 

Regaining Membership and Certification if Certification Has Been Terminated

If your certification is terminated, you will need to:

  1. Re-apply and purchase a new CIS Associate Membership, and pay for all membership renewals missed.
  2. Retake and pass your examination(s) to become certified again. Any outstanding AMF payments will need to be submitted prior to sitting for the exam(s). Once you have passed the exam, you will need to contact Member Services to reactivate your certification.

Certification holders that allow their credential to expire will be subjected to a $35 USD reinstatement fee upon re-certification through re-passing the required examination(s).