phone icon 888.418.7051

Home > Test Pass Academy Blog > Reading Post: Should I take the CISA or CISM Certification Exam?

Should I take the CISA or CISM Certification Exam?

JUNE 20, 2014

Which certification is better for my career or holds more weight?

Let us start off by saying these certifications are for 2 different groups of people. The CISA, which stands for Certified Information Systems Auditor is for IT auditors. The CISM, which stands for Certified Information Security Manager is for IT security managers. They are both part of ISACA's certification program, but that is really the only similarity.

Who is the CISM for?

In our years as an Information Security Training Company we get many requests from attendees who are looking to fulfill the Department of Defense .8570 requirements. The CISM focuses on information risk management as the basis of information security and is intended for those who manage designs, and oversee and assess an enterprise’s information security.

The CISM fits in the DoD Information Assurance Management Level Category and meets the certification requirement for the top 2 levels, level 2 and 3 for this category. If you need to be certified in the top level, which is level 3, then the CISM would do the trick. As a side note, the CISSP is also in this category and meets Management level 3.

Who is the CISA for?

We do see requests from the Department of Defense Contractors for the CISA, but for the most part we see people from Corporate America seeking this certification. The CISA has been around for well over 30 years and is the premier certification for IT systems auditors who audit, control, monitor and assess. In terms of people who became certified, the CISA well out weights the CISM in terms of numbers.

In terms of Department of Defense .8570 requirements the CISA fulfills Information Assurance Technical Level 3, which is the highest level. In 2011, the CISA examination underwent a significant update and was revised from 6 domains down to 5. As another side note, the CISSP is also in this category and meets Technical Level 3.

CISM vs. CISA Exam Objectives

As you can see below, the CISM and CISA will test an individual on different exam objectives. Remember CISA is for the hands-on auditor, while the CISM is for Management level.

CISM Exam Domains:
Domain 1 - Information Security Governance
Domain 2 - Information Risk Management
Domain 3 - Information Security Program Development and Management
Domain 4 - Information Security Incident Management

CISA Exam Domains:
Domain 1—The Process of Auditing Information Systems
Domain 2—Governance and Management of IT
Domain 3—Information Systems Acquisition, Development and Implementation
Domain 4—Information Systems Operations, Maintenance and Support
Domain 5—Protection of Information Assets

In Summary

The CISA and CISM are both higher level certifications and require experience just to be able to take the exam. You will be thoroughly tested on each of the domains as listed by the certification above. If you audit, control, monitor and assess an organization’s information technology and business systems the CISA is the path for you.

If you focus on information risk management issues such as: how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents the CISM is best suited for you.

As you probably noted we mentioned the CISSP in both the CISM and CISA categories. If you already have your CISSP and are looking for another higher level certification the CISM or CISA would complement it nicely. Although we see a lot more job descriptions asking for the CISSP and CISM together versus the CISSP and CISA together.

Certification Image

Why choose Test Pass Academy?

Your Instructor Has Vast Experience in the Field

Quotation MarkThe class went great. Michael was an excellent teacher. He has vast experience in the field and used great real world examples to help understand concepts. Thank you for the opportunity to take this bootcamp with such a qualified teacher.Quotation Mark

Thanks again, Robert
Booz Allen Hamilton

Experience and High Energy Teaching Style

Quotation MarkFred is a fantastic instructor, with his background, experience and high energy teaching style I definitely have a great deal of confidence in passing the test first time through. I definitely will recommend your class for any future CISSP candidates.Quotation Mark

V/R, Chuck US Navy

Instructor for the Course Was Outstanding

Quotation MarkI had a great experience and thought that the test center was top notch. The material that has to be covered for an exam like these is very extensive. The instructor for the course was outstanding, and knew the Windows platform in and out.Quotation Mark

DoD Contractor

I Learned a lot and Passed the Test

Quotation MarkThe Security Plus class went very well!! I learned a lot, passed the test, and Tracy was an excellent instructor. I felt it was very valuable training for my job and was very satisfied with my experience with Test Pass Academy. Thank you for everything.Quotation Mark

Addy - US Air Force

For more information on our Training, call us at 1-888-418-7051 or via email at