CISM® vs. CISSP®
Understanding the Differences and their True Value
There’s lots to know about the differences between the Certified Information Security Manager (CISM®)and the Certified Information Systems Security Professional (CISSP®).
I have a unique perspective regarding skill and credentials for the successful IT professional. With a background in HR and IT Training, I’ve worked very closely with IT professionals of all levels; including expert IT practitioners and IT executives, and have learned the true value of certification. So let me start there, since both of these certifications are of great value.
Certification proves your experience and knowledge to prospective companies, and the companies most certainly look to hire people with key experience and associated certifications. For companies, certification provides a validated knowledge base, higher quality work ethics, and equates to more value to their customers.
Top Security Certifications
The CISM and the CISSP are considered the top recognized security certifications in the world, and the demand for skilled information security professionals is on the rise with the on-going security crisis.
2013 IT Skills & Salary Report® from Global Knowledge reports salaries of CISM at $108,467 and CISSP at $103,229, respectively. (Depending on personal experience level, the corporation and location.)
Difficult Exams for sure!
Both certifications are very difficult examinations:
*CISM is 4 hours/200 questions= requires a score of 450 or more to pass.
*CISSP is 6 hours/250 questions = requires a minimum of 70% to pass.
The Main Difference between the CISM and the CISSP
Okay, now the main difference between the two:
*CISM is business-oriented and focuses on information risk management while addressing management, design, and technical security issues at the conceptual level. It is for the IS Professional who must maintain a big picture view by managing, designing, overseeing, and assessing an enterprise’s information security. It is for the IS professional developing their management skills.
*CISSP is more technically oriented — and it deals with in-depth critical security topics such as: cryptography, mobile security, networking, cloud computing, operation security, access control, application development security, etc.
Comparing the Two… side-by-side:
*CISM has 4 domains providing a management level of information security.
*CISSP has 10 domains providing a deeper knowledge of information systems security.
Both the CISM and the CISSP require at least 5 years of specific work experience in the information security sector.
CISSP requires experience in two of the 10 domains, but only the CISM requires 3 of the 5 years to be specifically information security management work related experience.
Obtaining CISSP certification demonstrates required experience for the job, both in terms of years in the industry and as practical knowledge of the topic.
Maintaining the CISM and the CISSP:
Now that you’ve earned this highly acclaimed credential, what do you need to do to keep it!
*CISM requires an individual to earn a minimum of twenty (20) continuing professional education hours annually and one hundred and twenty (120) continuing professional education hours for every three-year cycle.
*CISSP requires re-certification every 3 years by participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Common Body of Knowledge, and service in professional organizations.
Bottom line, the CISM and the CISSP complement each other. They are important independently and together; each is a force to be reckoned with! They prove competency and excellence. They are highly coveted computer security certifications.
As cyber security attacks continue to grow, organizations value of certified computer security professionals will too, and they will continue to be the fastest growing certification in the IT industry.
MEGAMIND Training Institute
As a vendor-neutral training organization, Megamind offers training for both the CISSP and the CISM. They are equally very beneficial. Megamind offers a 5-Day Boot Camp Training and a 2-Day Prep Exam Live, Online Virtual Training for both the CISSP and the CISM, and they are both available worldwide.
All of Megamind’s training classes are available onsite, including CISSP & CISM.
For more information send an email to: email@example.com
To learn more about Megamind’s CISM and CISSP Training:
CISM® is a Registered Trade Mark of ISACA
CISSP® is a Registered Trade Mark of (ISC)²