Difference between CISM and CISSP


Both CISM and CISSP are certification courses in Information Security. The course study is intended for information security professionals who are responsible for the safe guard of valuable information. CISM refers to Certified Information Security Manager where as CISSP refers to Certified Information Systems Security Professional. Both the courses require minimum 5 years of experience in the area of information security. The courses allow one to enhance their credibility and recognition in the working area. Though the courses look alike there exist certain differences between both of them.

CISM course and Opportunities

CISM certification is gaining popularity now days. The certification course is meant for the individual who designs and manages the information security operations of an organization. The certification is awarded by ISACA (Information Systems Audit and Control Association). The course helps working professionals to demonstrate their expertise in the area. More over the course helps one to have practical knowledge in developing and managing information security programs. The same helps one to have further advancement in their career prospects. To get the certification, one has to attend and pass the examination carried out by the concerned authority. The course is designed in such a way as to cover the following areas

  • Information Security Governance
  • Information Risk Management
  • Information Security Program Development
  • Information Security Program Management
  • Incident Management and Response

CISSP course and Opportunities

The certification course of CISSP is awarded by (ISC) 2 (International Information Systems Security Certification Consortium). The course is based on a common information security framework which is used by information security professionals. This framework is called as CBK (Common Body of Knowledge). These CBK domains are based on principles of Confidentiality, Integrity and Availability. Like CISM, CISSP also improves the career prospects of the professionals.

Key differences between CISM and CISSP

CISSP course is suitable for professionals who have work experience in the area of information security where as CISM is preferred for those who deal with issues related to information security management.

CISSP course requires 5 years of experience in the area of information security. For CISM course among the 5 years experience required in information security 3 years must be dedicated to the area of information security management.



Do you have any question? Please ask:

Questions will be answered on our Forum section