CISM vs. ISSMP

ajs1976

I'm getting a little bit ahead of myself but I want to start planning for the cert after CISSP and I am trying to decide between CISM and ISSMP. Which do you think is the better of the two? I'm looking at a number of factors.

Prospects / CISM - Job ads in my area that I am interested in usually list "CISSP, CISM, or some other certification required". The third cert tends to be one of the following: CISA, CEH, CCNA, CCNA:Sec, or GIAC. I have never seen the CISSP concentrations listed. Would it be better to get a peer certification with better name recognition or what may look like a higher level certification? Because of name recognition, I'm giving CISM the edge.

Study Materials / CISM - From the reading i have done here, it seems like the study material for the CISM is more insync with the exam and more mature then what is available for the ISSMP. The ISSMP was update in 2013, but the study guide is from 2011.

Baseline knowledge / CISM - Without studying, I did the practice test on the ISACA site for the CISM and scored in the low 70s. Even the ones I missed, I know I could get them with a little bit of preparation. I don't get the same good feeling when I read the ISSMP exam guide from the ISC2 website.

Experience requirement / ISSMP - I believe I meet the experience requirement for the ISSMP now, but I need another year of management experience for the CISM. Even if I take it in June, I will still need another 6 months.

CPE Requirements / ISSMP - ISSMP would be maintained with the CISSP where CISM is a different organization and would require duplicate work. This is a minor issue.

CISM looks like the better choice for me. Are there any other factors I should consider? Some reason to go the other way?

Thanks.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

zxbane

I found myself in this situation earlier this year and chose the CISM do it being much more recognized and listed in job ads than the ISSMP.

Falasi

well. I've done both within 3 weeks or so of each , almost the same information and knowledge/understanding requirements.

my advise to to study for CISM and If you are done focus on ISSMP, since you can schedule the later at any given time while ISACA's have set dates.

GL~

ajs1976

Falasi,

Have you found any advantages to having both the ISSMP and CISM or to having all three CISSP concentrations?

JDMurray

You can take either exam prior to having the necessary professional experience requirement. If you are currently in an InfoSec management job then pass the exams now, accrue the experience afterwards, and apply for full certification when you have the necessary exp. You might as well study for both exams concurrently, because you can take the ISSMP at any time, but the CISM exam is only offered twice per year.

rob1234

JDMurray wrote: »

You can take either exam prior to having the necessary professional experience requirement. If you are currently in an InfoSec management job then pass the exams now, accrue the experience afterwards, and apply for full certification when you have the necessary exp. You might as well study for both exams concurrently, because you can take the ISSMP at any time, but the CISM exam is only offered twice per year.

i thought CISA and CISM exams where 3 times a year?

ajs1976

rob1234 wrote: »

i thought CISA and CISM exams where 3 times a year?

The 2014 Candidate Guide shows three times: June, September, and December.

JDMurray

It was only offered in June And December once upon a time. I didn't see a full year exam schedule on isaca.org.

Falasi

@ajs1976

Depend... we dont fall under DoD so all 3 concentrations have hardly any value in that sense.

one thing though is that the knowledge gained by reviewing the content and comparing it to how we do things here. you end up suggesting what can work for you and how to do it which ends up achieving a better security overall. I believe that my boss trust my judgement (since I'm also a logical person lol) so that always a plus. (I saved few millions for the company I work in by simply challenging a consultant...I wish I can sue him for fraud..... >.>)

my point is that; dont expect a direct promotion. knowledge gained will get you to the door... you or your boss will have to open it.

(or you can simply say that you are one of few people with so and so cert :P )