Home page logo

basics logo Security Basics mailing list archives

RE: CISM or CISSP first
From: "Richard Lane" <lane.security () gmail com>
Date: Sat, 25 Aug 2007 21:47:16 +1000


I've just passed the CISM exam, waiting for the certification to come
through, and have just started CISA.  I don't have CISSP, but an MSc in
Information Security.

Your question is one that comes up a lot, and provokes a lot of discussion
between the haves and have nots generally around whether or not CISSP has
become a "checkbox" qualification (I mean no insult to the haves in this,
and I have every intention of taking it myself).  These days it does appear
that the majority of employers, when initially filtering for security
positions, will use the CISSP as their initial filter.

I've heard the CISSP described as "a mile wide, but an inch deep" when
talking about the material covered.  The CISSP does indeed cover a vast
range of topics, whereas the CISM focuses on 5 areas - Infosec Governance,
Risk Management, Infosec Policy Management, Infosec Program Management and
Incident Management.  CISM goes into more depth in these areas than the
CISSP, which does cover these areas to a certain degree.

As you already have CISA, I would advise taking CISM first, and then sitting
the CISSP afterwards.  I've been told by a friend who writes questions for
the CISM and runs review courses for CISSP that once you have CISM and CISA,
you can pretty much go straight to the CISSP exam without needing to spend
out for the review course.

Hope this helps & good luck

Richard Lane MSc

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of mamo
Sent: 23 August 2007 10:40
To: security-basics () securityfocus com
Subject: CISM or CISSP first


I work as IT Infrastracture and Security cosultant from 10 years for
large organization.

I would like to take a certification in IT Security. I am a technology
guy working on large integration project on security aspect , but
often involved in auditing, policy management and process part of
security (the part often missing, more than the tech stuff). I match
the experience requisite of both cism & cissp. I am already CISA &
ISO27001 certified.

What have been your esperience with cissp or cism certification?
Which one is more value (on the market and as  a way of studing
interesting new stuff)? What topic are better covered by the two
certification? Which one is easier to study and pass?

Can you share with me your thought?

Best Regards,

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]