+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 35

Thread: CISM and CISA

  1. Junior Member dcooper24's Avatar
    Join Date
    Oct 2006
    Location
    Washington, D.C
    Posts
    13

    Certifications
    A+, Network+,Security+,MCP, CAP, FITSP-M, CISM
    #1

    Default CISM and CISA

    Which exam is more difficult, the CISA or the CISM? Which exam holds more weight if your goal is to work in information security management?
    Reply With Quote Quote  

  2. SS -->
  3. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #2
    Hello.

    CISA is more popular amongst insurance companies and large CPA firms (for example, a CPA/Auditor who's primary focus is now IT related audits, for things such as SOX, etc.).

    CISM is closer to being parallel to CISSP and more geared towards security management.
    Reply With Quote Quote  

  4. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #3
    Which security management cert is more industry-recognized, the ISACA CISM or the (ISC)˛ ISSMP? And how does the ISSMP expand/improve on the security management topics found in the CISSP?
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  5. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #4
    Good question JD. Having recently been engaged in some study for the ISSMP and working with ISC2 on new exam content, I can tell you that it improves to the point of taking that so called mile wide inch deep description and making it 2 inches wide and a mile deep. It's a ton of mind twisting judgement call scenarios. The good thing about the official content (expected around the end of March 07 ssshhhh), is that it is full of scenarios, then answers to questions, then a break down of the likely outcome of each answer you're asked to choose from. So it really takes out most of the technical stuff and focuses almost exclusively on day to day security management decisions and issues. Disaster recovery responses, attack response, documentation, even how to deal with public disclosure. So I would definitely recommend anyone in or planning to be in a infosec management role to dive into ISSMP, whether you're certifying or not, the information is priceless.
    Reply With Quote Quote  

  6. Member
    Join Date
    Dec 2006
    Location
    Berlin
    Posts
    52

    Certifications
    CISA, CISSP, CWNA, Network+, A+
    #5

    Default CISA

    CISA is a bit like CISSP. You don't have to know so many details like with CISSP to pass it.

    The disadvantages are:
    - a domain about auditing,
    - short exam time (200 questions in 4 hours), and
    - scenario-based questions (which steal your time).

    I've heard a negative opinion about CISM to be a kind of "CISSP imitation for CISAs". Personally I didn't consider passing CISM because of the grandfathering-policy - a lot of people were allowed to literally buy the certificate, without passing the exam. That was why I went for CISSP
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Dec 2006
    Posts
    4

    Certifications
    CPA, CISSP, CISA, CAP (Certification and Accreditation Professional - ISC2), CISM
    #6

    Default Re: CISM and CISA

    Quote Originally Posted by dcooper24
    Which exam is more difficult, the CISA or the CISM? Which exam holds more weight if your goal is to work in information security management?
    Wow, really good question. I would probably say that the CISA is a bit more difficult than the CISM.

    If your goal is to work in information security management, then the CISM would carry more weight I think.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Nov 2006
    Location
    Silicon Hills, Texas
    Posts
    109

    Certifications
    CISSP, ITIL, Masters of Science in Information Assurance
    #7
    Do you need to have the CISA before the CISM or can you jump directly to the CISM?
    Reply With Quote Quote  

  9. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #8
    Quote Originally Posted by drakhan2002
    Do you need to have the CISA before the CISM or can you jump directly to the CISM?
    No, you don't need CISA to earn CISM.
    Reply With Quote Quote  

  10. Member
    Join Date
    Jun 2006
    Location
    dominican Republic
    Posts
    38

    Certifications
    CISSP, CISA, CISM, Security+, IBM Certified Specialist
    #9
    Quote Originally Posted by keatron
    So I would definitely recommend anyone in or planning to be in a infosec management role to dive into ISSMP, whether you're certifying or not, the information is priceless.
    How much time do you think (at least) would be needed to prepare for this Certification, and how many years of experience?
    Reply With Quote Quote  

  11. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #10
    If you're still fresh from your CISSP prep, I would recommend another 3 to 4 months. If not, then 4 to 6. This is assuming you have about 2 hour per day for reading and research.
    Reply With Quote Quote  

  12. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #11

    Default Re: CISA

    Quote Originally Posted by seccie
    Personally I didn't consider passing CISM because of the grandfathering-policy - a lot of people were allowed to literally buy the certificate, without passing the exam. That was why I went for CISSP
    I have a friend who ended up collecting several security and auditing certifications by the "grandfathering" method. At the time, he thought it was a great thing to just fill out some paper work and receive a cert based on his previous certs and documented work experience. However, he now claims to spend nearly $3000US each year just to maintain her collection of professional certifications (e.g., conferences, professional and cert organization fees, etc.). To hear him talk, it sounds as though grandfathering people into certifications is a revenue model for certification organizations to gain members and money. If this is true, it certainly does water-down the value of the grandfather-able certs.

    How much you'll be paying for all those certifications versus what value you will get from them is something to seriously consider.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Mar 2007
    Posts
    1

    Certifications
    CISSP, CISA, CCNA
    #12

    Default Re: CISM & CISA

    [quote="jdmurray"]
    Quote Originally Posted by seccie
    How much you'll be paying for all those certifications versus what value you will get from them is something to seriously consider.
    Good point, however ... consider where the $$$ go for the certs. The biggest amount of the money required in maintaining a CISA or CISM is joining ISACA and the local chapter. The CISA and CISM each cost an additional $40 per year. The CPE requirements are close enough that anything used for one can be used for the other.

    So ... since I already have me CISSP and CISA ... I'll be taking the CISM this December. It'll cost only an additional $40 per year to maintain.

    Brady Hamilton
    CISSP, CISA, CCNA
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    May 2007
    Posts
    2

    Certifications
    MCSE, CISSP, CTT+, PRJ+
    #13
    I just finshed up a CISM Class in which the instructor is a question writer for ISACA and ISC2. Im taking the CISA this June and I'm not taking it lightly though I have the CISSP cert. The instructor said that the CISM is graded on a curve and 45% is needed. I'm hoping the CISA is equvilent and I'm hopeing alot of dumbazz aretaking it the sametime as me... lol, I'm probably their leader.

    BTW: I registered early to take the CISA exam to save on $$$ but I was able to get into a paid seat for a CISM course, I'll take it in Dec.
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    Aug 2006
    Location
    Denmark
    Posts
    11

    Certifications
    Security+, SSCP, CISSP, CISA
    #14
    Quote Originally Posted by dcooper24
    Which exam is more difficult, the CISA or the CISM? Which exam holds more weight if your goal is to work in information security management?
    I'm working as a it-auditor and we are encouraged to take the CISA exam as it's it security from an auditors perspective (which i will right after CISSP). I would say thats its tough just too meet the requrements for the CISM as you have to have 2 years experience as a leader of a systems security section/department. Would be a nice one to have though
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    May 2008
    Posts
    1

    Certifications
    CCNA, CCNP
    #15

    Default New to CISA

    I would like to take the CISA exams in December. Can someone give me a link to get free CISA CBT and learning materials .
    Reply With Quote Quote  

  17. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #16

    Default Re: New to CISA

    Quote Originally Posted by bugusmart
    I would like to take the CISA exams in December. Can someone give me a link to get free CISA CBT and learning materials .
    Sign up for a free account at www.cccure.org and have a look at their CISA discussion forum and study materials. You can take free CISA practice tests at www.freepracticetests.org/quiz/home.php. Also, check the booksellers on amazon.com for discounted CISA exam study books.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  18. Member
    Join Date
    Jun 2006
    Posts
    66

    Certifications
    Macintosh specilisations (A+, ACDT, ACPT, ACSE), CCNA, CST, CNST, SCSA
    #17

    Default CISA question.

    Another question about CISA.

    Is it worth taking for a person without any accounting background ?. and generally which industries give preference to CISA's than big auditing, banking and insurance firms ?.
    Reply With Quote Quote  

  19. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #18
    Quote Originally Posted by macwhizard
    Is it worth taking for a person without any accounting background ?
    Searching for the keyword "CISA" on dice.com shows some of the non-accounting positions favor CISA certification:
    • IT Auditor
      IT Security Analyst
      Systems Development Audit Supervisor
      Network Security Analyst
      Information Security Auditor
      Information Security Engineer
      Security Audit Engineer
      Compliance Analyst
      Risk Analyst
      etc.
    It looks like any business or industry that cares about information security needs CISA-certified people.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Aug 2008
    Location
    CA
    Posts
    1
    #19
    JDMurray:

    Thank you so much for the freepracticetests.org reference!

    I just began studying for the CISA, and I love how I can set the quiz to be generated into a platform that suits my current level of knowledge/studying.

    Reply With Quote Quote  

  21. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #20
    Glad to help!
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  22. Junior Member dcooper24's Avatar
    Join Date
    Oct 2006
    Location
    Washington, D.C
    Posts
    13

    Certifications
    A+, Network+,Security+,MCP, CAP, FITSP-M, CISM
    #21
    Thank you guys for all the information given.
    Reply With Quote Quote  

  23. Member
    Join Date
    Jan 2010
    Location
    London
    Posts
    2

    Certifications
    CISA, CISSP, MSc. (Infosec)
    #22

    Default Problem with grandfathering

    It is alright if you have a problem with grandfathering but I do not think that applies solely to the CISM. I have got certifications from both ISACA and ISC2 (CISA & CISSP), am also planning on my CISM...of course none of these through grandfathering...but that is a matter of choice for me. If others choose to go the grandfathering route, do they qualify? Has the body in question put procedures in place to see that this is verified? Whoever goes on to carry a load (maintenance fees) he/she cannot bear, has no one to blame. It does not degrade the quality of the certification, which has strict eligibilty criteria by the way. Arguments such as these have been there for a while and will go on even a bit more. I am gaining from them all and like a said above, its a matter of choice. Remeber it says CISM, SM for Security Management...that's why it allows for grandfathering. The target is for Security Managers. CISSP targets Security Administrators really.

    Quote Originally Posted by seccie View Post
    CISA is a bit like CISSP. You don't have to know so many details like with CISSP to pass it.

    The disadvantages are:
    - a domain about auditing,
    - short exam time (200 questions in 4 hours), and
    - scenario-based questions (which steal your time).

    I've heard a negative opinion about CISM to be a kind of "CISSP imitation for CISAs". Personally I didn't consider passing CISM because of the grandfathering-policy - a lot of people were allowed to literally buy the certificate, without passing the exam. That was why I went for CISSP
    Last edited by Biakpara; 01-27-2010 at 12:12 PM.
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Jul 2003
    Posts
    4
    #23

    Question Just a question

    My concern is after gaining CISA. As u all know that ISACA offer CISA certs to whom who pass the test AND have few years experience in security. A candidate who earns CISA cert but have no previous work experience in auditing, will he face difficulties in getting an auditing job? In other words, what will be the employer perspective about him? What chances he has to start new dimension in his IT career?

    BR,
    Reply With Quote Quote  

  25. Junior Member shamizzle79's Avatar
    Join Date
    Feb 2010
    Posts
    3

    Certifications
    CISSP, Security+
    #24
    I was thinking of starting a new thread but I think this question could be relevant here.

    I've been thinking about studying for and obtaining the CISM certification. I already have a CISSP. After looking at the CISM study guide, I've noticed some material is similar and some is different (little bit more management all-around).

    Do you guys think this is a waste of time, or a good focus towards infosec management.

    Thanks.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #25
    Quote Originally Posted by shamizzle79 View Post
    I was thinking of starting a new thread but I think this question could be relevant here.

    I've been thinking about studying for and obtaining the CISM certification. I already have a CISSP. After looking at the CISM study guide, I've noticed some material is similar and some is different (little bit more management all-around).

    Do you guys think this is a waste of time, or a good focus towards infosec management.

    Thanks.
    There's some debate over the value of the ISACA certs, but putting all that aside, the CISM material is excellent.

    That and the CISA are on-deck for me. If I can do the CISA in June, I'll probably take a stab at the CISM in December. Those might slip six months though (ISACA only offers one exam in June and another in December).

    Welcome to the forums, btw.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks