Is CISM Easier than CISSP?
Both certifications would verify the individual's skills against a standard body of knowledge and take a global information security approach. Each would be required at least five years of work experience in specified domains.
A critical difference between CISM and CISSP certifications would be that the former is considered to be focused more on management and strategy. It would only be covering technical topics in a cursory way, while the latter would be addressing the tactical aspects of security operations and delving much deeper into those areas.
The eight competencies which would be covered by CISSP are:
· Asset security
- Communications and network security
- Identity and access management
- Security and risk management
- Security assessment and testing
- Security engineering
- Security operations
- Software development security
Professionals typically would be taking the CISSP exam, including IT security practitioners like the security consultants, network architects, analysts, auditors, systems engineers, or aspiring CISOs. CISSP is considered to be accredited by the Department of Defense for utilizing in certifying its employees. The agency would require all civilian and military personnel with access to sensitive DoD systems of having specific commercial security certifications.
One thing to consider, because the certification is considered to be highly technical, individuals with more basic knowledge usually would have to invest more time into understanding the concepts which would be covered by CISSP to clear the certification exam.
The CISM would be covering the topics like:
- Cost-benefit analysis of risk mitigation
- Disaster recovery
- Information security governance
- Regulatory issues
- Risk management
IT, as well as IT security managers and directors, auditors, as well as consultants, are the jobs roles which would most frequently pursue CISM. This certification could also benefit the chief information officers (CIOs), CEOs, CISOs, and Chief Financial Officers (CFOs).
Should Practitioners Seek Certification?
According to a survey by the Certification Magazine, 48% of security professionals who would have obtained a certification would be reported receiving a salary increase within one year. However, 68% of respondents conveyed that the growth would be less than 5 percent. A quarter of respondents would have reported a 20 to 25 percent raise, as well as a small group even higher.
Of the 12 security certifications which would be evaluated, the magazine found that CISM would be associated with the highest average salary ($127,063). At the same time, CISSP certified professionals would have reported the second-highest average paycheck ($117,030).
For employers, they would be a screening mechanism that would be able to signal a candidate's in-depth expertise as well as increase that potential employee's credibility as well as caliber.
It is considered a way of measuring the quality of a candidate. However, some employers might rely too much on certifications alone instead of evaluating the person's competency within the company's culture and mission. By itself, a certificate isn't an indicator that a practitioner would be successful at a particular organization.
From a practical standpoint, certified practitioners aren't necessarily more knowledgeable or experienced than their uncertified peers. Other factors, such as the academic background and industry tenure, contribute to job performance and knowledge and play a vital role. Like any other academically-based achievement, certifications would be serving more as a foundation that would be requiring to be applied in practice for a security practitioner to become more successful.
Start the discussion...