CISM vs. CISSP: What’s the True Value?

CISM and CISSP are two of the most highly acknowledged certifications for cybersecurity practitioners and leaders, but their demand isn’t trivial. Both require a considerable investment of time and money — so It’s important to decide which certification is right for you. In this article, we have tried to make you decide which certification is proper for you.

Image for post
Image for post

CISM (Certified Information Security Manager)

Becoming CISM certified is a multi-step method. You need a passing score on the CISM exam, which is a 200-question multiple-choice test that includes these topics:

1. Information risk management and compliance

2. Information security management

3. Information security program development and management

4. Information security incident management

Read: Best Approach to Triumph over the CISM Exam

You also require a minimum of 5 years of information security work within the ten years before you sit for your CISM exam, and 3 of those five years must be in management. There are some acceptable changes — a CISSP certification, for example, can work as two years of experience.

And finally, there is a continuing education policy. To maintain your certification, you require 20 CPE credits per year, 120 CPEs over three years, and a dedication to adhering to a Code of Professional Ethics.

CISSP (Certified Information Systems Security Professional)

Similar to CISM, CISSP is a certification ordinarily designed to experienced security practitioners in executive or management positions, but also achieved by experienced security analysts and engineers. CISSP certified experts are in high demand and highly paid as compared to other IT certifications.

The CISSP certification process demands that you satisfy several criteria: first, you need to pass an applicant background check. You should also have five years of experience as a security professional in 2 of the eight domains in the (ISC)2 Critical Body of Knowledge (CBK). Those areas are:

1. Security and risk management

2. Security engineering

3. Asset security

4. Communication and network security

5. Identity and access management

6. Security assessment and testing

7. Security operations

8. Software development security

If you do not meet the work experience prerequisite, you can join as an Associate of (ISC)2, which demands a shorter test and qualifies you for ongoing training as a member of (ISC)2. This program is an excellent intermediate step towards a full CISSP.

Supposing you have the relevant work experience, you then require to pass a 250-question test within a 6-hour time limit. (ISC)Two updated the exam in April of 2018, but not so much that the older preparation materials are outdated. The test includes questions from all eight domains of the CBK.

Read: 8 Ways ISC2 CISSP Certification can Boost your Cybersecurity Career

Once you pass the examination, you need an endorsement from a current (ISC)2 member in good standing. Hopefully, you know a current CISSP.

To maintain your certification, you need to maintain your membership status with (ISC)2. Members need to pay their annual membership fees and obtain 120 CPEs per 3 years.

CISM vs. CISSP: What’s the True Value?

Salaries are equivalent between the two certifications

  • There are 8,906 CISM jobs listed on LinkedIn
  • There are 21,714 CISSP jobs listed on LinkedIn

CISM and CISSP both need a certain number of CPE credits to keep your certification. There are many ways you can earn CPE credits — you can participate in webinars on cybersecurity topics, attend conferences, or attend regional CISSP or CISM meetings. You can also earn credits by joining for some cybersecurity events and mentoring other members. CISM and CISSP have their guidance, and you should become familiar with them and get ready for the dedication to keep your certification as part of the decision on which path to follow.

Regardless of which certification you wish to obtain, you are doing both yourself and your infosec career a great favor. Both options open the door to a higher salary, new jobs, and new professional issues. Whether you start with CISM or CISSP, you can be confident you’re making an intelligent career decision.

Hello there, i am IT professional and passionate blogger

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store