CISM and CISSP are two of the most highly acknowledged certifications for cybersecurity practitioners and leaders, but their demand isn’t trivial. Both require a considerable investment of time and money — so It’s important to decide which certification is right for you. In this article, we have tried to make you decide which certification is proper for you.
CISM (Certified Information Security Manager)
CISM is a certification awarded by ISACA that confirms your skills and expertise in controlling enterprise information security teams. Becoming CISM certified places you in high demand with employers around the world that acknowledge the achievement and skill CISM certification presents. CISM confirms that you have complete knowledge of technical expertise and knowledge of business objectives around data security.
Becoming CISM certified is a multi-step method. You need a passing score on the CISM exam, which is a 200-question multiple-choice test that includes these topics:
1. Information risk management and compliance
2. Information security management
3. Information security program development and management
4. Information security incident management
You also require a minimum of 5 years of information security work within the ten years before you sit for your CISM exam, and 3 of those five years must be in management. There are some acceptable changes — a CISSP certification, for example, can work as two years of experience.
And finally, there is a continuing education policy. To maintain your certification, you require 20 CPE credits per year, 120 CPEs over three years, and a dedication to adhering to a Code of Professional Ethics.
CISSP (Certified Information Systems Security Professional)
CISSP is another highly coveted information security certification, presented by (ISC)2. CISSP certification confirms you have the skills to design, implement, and administer a cybersecurity program.
Similar to CISM, CISSP is a certification ordinarily designed to experienced security practitioners in executive or management positions, but also achieved by experienced security analysts and engineers. CISSP certified experts are in high demand and highly paid as compared to other IT certifications.
The CISSP certification process demands that you satisfy several criteria: first, you need to pass an applicant background check. You should also have five years of experience as a security professional in 2 of the eight domains in the (ISC)2 Critical Body of Knowledge (CBK). Those areas are:
1. Security and risk management
2. Security engineering
3. Asset security
4. Communication and network security
5. Identity and access management
6. Security assessment and testing
7. Security operations
8. Software development security
If you do not meet the work experience prerequisite, you can join as an Associate of (ISC)2, which demands a shorter test and qualifies you for ongoing training as a member of (ISC)2. This program is an excellent intermediate step towards a full CISSP.
Supposing you have the relevant work experience, you then require to pass a 250-question test within a 6-hour time limit. (ISC)Two updated the exam in April of 2018, but not so much that the older preparation materials are outdated. The test includes questions from all eight domains of the CBK.
Once you pass the examination, you need an endorsement from a current (ISC)2 member in good standing. Hopefully, you know a current CISSP.
To maintain your certification, you need to maintain your membership status with (ISC)2. Members need to pay their annual membership fees and obtain 120 CPEs per 3 years.
CISM vs. CISSP: What’s the True Value?
If you are in the information security field or looking to get into information security, it’s a nice idea to achieve some certification. Which one you get first is determined by several factors. Some people get both. Most people achieve CISSP first and then earn their CISM afterward, but it doesn’t make a difference in what order you get them. Here are a few other features that might help you determine which certification you should achieve:
Salaries are equivalent between the two certifications
- There are 8,906 CISM jobs listed on LinkedIn
- There are 21,714 CISSP jobs listed on LinkedIn
CISM and CISSP both need a certain number of CPE credits to keep your certification. There are many ways you can earn CPE credits — you can participate in webinars on cybersecurity topics, attend conferences, or attend regional CISSP or CISM meetings. You can also earn credits by joining for some cybersecurity events and mentoring other members. CISM and CISSP have their guidance, and you should become familiar with them and get ready for the dedication to keep your certification as part of the decision on which path to follow.
Regardless of which certification you wish to obtain, you are doing both yourself and your infosec career a great favor. Both options open the door to a higher salary, new jobs, and new professional issues. Whether you start with CISM or CISSP, you can be confident you’re making an intelligent career decision.