CISA vs CISM

Hello ,
I am network Security Engineer having 5 Years of experience on the Firewalls (mostly Cisco ) , Routers & Switches.I just passed the CISSP exam & endorsement is under process. I want to move my carrier from configuring the firewalls, routers to Compliance / governance in IT security field. I am thinking of two options below.

1.CISA
2.CISM.

I want to know which one is better option for me . Better means not only in terms of exam easiness but I wish to understand what will be the difference in the job profile CISSP+CISA vs CISSP+CISM certified professionals.

Find more posts tagged with

Comments

riyan

In short:
CISA: If you are interested to join IT audit geeks
CISM: If you want to follow the path of Info Security Manager like setting Info. Security Program, Incident Management, DR program etc.

CISSP will complement the above exams both in terms of exam content and in terms of job searching. It is highly unlikely that you will land a job of IT audit on purse CISA cert. Additionally you will be required to have security experience.

!nf0s3cure

In my opinion, if you do not know IT security then you will be a failure as an auditor as your recommendations/findings will be very poor. So all in all the certifications are different but still lead to the same goal of security.

riyan

!nf0s3cure wrote: »

In my opinion, if you do not know IT security then you will be a failure as an auditor as your recommendations/findings will be very poor. So all in all the certifications are different but still lead to the same goal of security.

Based upon your past experience, may be you can opt to CISA.

kvponkshe

Thanks All!!

aboss3

I would go for CISM, as it'll be an easier exam than your CISSP, giving you a low hanging fruit first. Then focus on CISA. Just my 2 cents.

pgupta101

Hi,
I am aiming CISA.
Found on this forum the reference to CISA AIO guide.
Can someone please confirm if below is the what it means.
thanks.

CISA Certified Information Systems Auditor All-In-One Exam GuideBy: Peter H. Gregory
McGraw-Hill/Osborne © 2010 ISBN: 9780071487559
Book: 672 Pages

eSenpai

aboss3 wrote: »

I would go for CISM, as it'll be an easier exam than your CISSP, giving you a low hanging fruit first. Then focus on CISA. Just my 2 cents.

It always seemed as if there was some debate about this point (which of the two is harder) in many forums and I find myself on the opposite end of your statement now that I have done both. Let's forego "hard" vs "easy" comparisons for the moment and strictly base experiences on time to complete. Personally, I had only like 12 mins left before time expired on the CISM whereas I had 3 hours left on the CISSP after review. Granted, I did them out of the traditional order with the CISM being first and the CISSP being second. Does that make the CISSP easier or did I just get better at taking tests? I lean toward the latter because I completed the PMP in between these two and THAT test taught me everything I wanted to know about reading completely & quickly when answering questions. *shudders* Finished it with under 3mins left. Never want to take the PMP again even if I am probably better at taking tests now (lol) but I did learn from it and changed how I prepared for timed tests.