JUNE 20, 2014
Let us start off by saying these certifications are for 2 different groups of people. The CISA, which stands for Certified Information Systems Auditor is for IT auditors. The CISM, which stands for Certified Information Security Manager is for IT security managers. They are both part of ISACA's certification program, but that is really the only similarity.
In our years as an Information Security Training Company we get many requests from attendees who are looking to fulfill the Department of Defense .8570 requirements. The CISM focuses on information risk management as the basis of information security and is intended for those who manage designs, and oversee and assess an enterprise’s information security.
The CISM fits in the DoD Information Assurance Management Level Category and meets the certification requirement for the top 2 levels, level 2 and 3 for this category. If you need to be certified in the top level, which is level 3, then the CISM would do the trick. As a side note, the CISSP is also in this category and meets Management level 3.
We do see requests from the Department of Defense Contractors for the CISA, but for the most part we see people from Corporate America seeking this certification. The CISA has been around for well over 30 years and is the premier certification for IT systems auditors who audit, control, monitor and assess. In terms of people who became certified, the CISA well out weights the CISM in terms of numbers.
In terms of Department of Defense .8570 requirements the CISA fulfills Information Assurance Technical Level 3, which is the highest level. In 2011, the CISA examination underwent a significant update and was revised from 6 domains down to 5. As another side note, the CISSP is also in this category and meets Technical Level 3.
As you can see below, the CISM and CISA will test an individual on different exam objectives. Remember CISA is for the hands-on auditor, while the CISM is for Management level.
CISM Exam Domains:
Domain 1 - Information Security Governance
Domain 2 - Information Risk Management
Domain 3 - Information Security Program Development and Management
Domain 4 - Information Security Incident Management
CISA Exam Domains:
Domain 1—The Process of Auditing Information Systems
Domain 2—Governance and Management of IT
Domain 3—Information Systems Acquisition, Development and Implementation
Domain 4—Information Systems Operations, Maintenance and Support
Domain 5—Protection of Information Assets
The CISA and CISM are both higher level certifications and require experience just to be able to take the exam. You will be thoroughly tested on each of the domains as listed by the certification above. If you audit, control, monitor and assess an organization’s information technology and business systems the CISA is the path for you.
If you focus on information risk management issues such as: how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents the CISM is best suited for you.
As you probably noted we mentioned the CISSP in both the CISM and CISA categories. If you already have your CISSP and are looking for another higher level certification the CISM or CISA would complement it nicely. Although we see a lot more job descriptions asking for the CISSP and CISM together versus the CISSP and CISA together.
Your Instructor Has Vast Experience in the Field
The class went great. Michael was an excellent teacher. He has vast experience in the field and used great real world examples to help understand concepts. Thank you for the opportunity to take this bootcamp with such a qualified teacher.
Thanks again, Robert
Booz Allen Hamilton
Experience and High Energy Teaching Style
Fred is a fantastic instructor, with his background, experience and high energy teaching style I definitely have a great deal of confidence in passing the test first time through. I definitely will recommend your class for any future CISSP candidates.
V/R, Chuck US Navy
Instructor for the Course Was Outstanding
I had a great experience and thought that the test center was top notch. The material that has to be covered for an exam like these is very extensive. The instructor for the course was outstanding, and knew the Windows platform in and out.
I Learned a lot and Passed the Test
The Security Plus class went very well!! I learned a lot, passed the test, and Tracy was an excellent instructor. I felt it was very valuable training for my job and was very satisfied with my experience with Test Pass Academy. Thank you for everything.
Addy - US Air Force
For more information on our Training, call us at 1-888-418-7051 or via email at firstname.lastname@example.org