CISSP was more difficult for me because I didn't have the think like a manager mentality at the time of the exam. I had just came from five back-to-back Cisco exams for CCNA/P Security. I failed the CISSP twice. Taking that experience with a non-technical security exam plus 2+ more years of security experience helped when it came time for the CISM. I don't think the content of one is more difficult than the other, but CISSP did have more information to cover in my opinion.