CISM, CISA & CRISC – WHICH CERTIFICATION TO TAKE

CISM, CISA & CRISC – WHICH CERTIFICATION TO TAKE?

If you've set your sights on a career in cybersecurity, you've undoubtedly made a prudent decision! The demand for adept information security experts is robust and is expected to remain so in the foreseeable future, promising considerable financial rewards. As per the 2018 IT Skills and Salary Report by Global Knowledge, a substantial 41 percent of U.S. employers express the challenge of sourcing qualified cybersecurity professionals, and those holding certifications tend to earn an average of 22 percent more compared to their uncertified peers.

On the global stage, two prominent names stand out as leaders in cybersecurity certification: ISACA and (ISC)2. At the zenith of (ISC)2's offerings lies the Certified Information Systems Security Professional (CISSP), while ISACA presents three certifications in the security domain: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC).

All of these certifications are tailored for professionals boasting at least five years of work experience in the field. With this in mind, how can you determine the most suitable choice for your needs? To facilitate your decision-making process, let's delve into a comprehensive exploration of each certification.

ISACA Certifications: Key Points at a Glance

Established in 1969, the Information Systems Audit and Control Association (ISACA) holds global recognition and high esteem, boasting a membership of over 140,000 across 180 countries. ISACA provides four distinct credentials tailored to various IT professionals:

Certified Information Systems Auditor (CISA) – Geared towards auditors.
Certified Information Security Manager (CISM) – Targeting security managers.
Certified in Risk and Information Systems Control (CRISC) – Designed for risk management professionals.
Certified in the Governance of Enterprise IT (CGEIT) – Primarily for governance professionals.

Acquiring the Credential

All candidates are required to:

Fulfill rigorous experience prerequisites outlined below.
Successfully pass the relevant exam (priced at $575 for ISACA members; $760 for non-members). Exams are available three times annually, necessitating early application.
Commit to the Code of Professional Ethics and Continuing Professional Education Program.
Satisfy additional stipulations as detailed further.

Maintaining the Credential

ISACA certifications remain valid for three years. An annual maintenance fee ($45 for members, and $85 for non-members) is obligatory. To renew the credential, holders must accumulate 120 Continuing Professional Education (CPE) credits, with a minimum of 20 CPEs earned per year.

CISM

Drawing a comparison with CISSP aids in comprehending CISM. Although both certifications encompass aspects of cybersecurity and management, CISSP specifically delves into the operational and technical dimensions of security. On the other hand, CISM revolves around security's strategic dimension and its alignment with business objectives.