CISM or CRISC?

ecuisonecuison CISSP, CCSP, TOGAF v9 Certified, Security+, Network+Member Posts: 131 ■■■■□□□□□□
in ISACA
From those that are certified in either or both, do you feel that having one or both of these certs have been beneficial to you from a knowledge/job standpoint?  I'm really looking at doing the CRISC, but want to get others opinions!  Thanks!
Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
· Share on FacebookShare on Twitter

Comments

  • DZA_DZA_ Untitled. Member Posts: 438 ■■■■■■□□□□
    Hey OP, 

    Given that you have your CISSP in your signature and you are debating whether to write CISM or CRISC, I can give you the following personal observations and feedback. 
    • I hold both the CISSP and the CISM certification and I can tell you for one is that there are ton of overlap between the CISSP and CISM. 
    • Each InfoSec managerial certification has their own way of "thinking" e.g. ISC2 has theirs and ISACA has their own framework.
    • Depending on your organization, your org can have a certain mindset; here the majority of the larger security team is heavily certified in ISACA vs ISC2. This shouldn't influence your decision as much but just something to think about
    • If you do pursue the CISM certification, I think you would spend your time more worth while to write the CRISC. Why you say? Being a part of a manager or a technical resource who understands how to manage risk is very important and how to convey that to the business.There is a lot of business element to the CRISC that IT professionals should understand at a senior as well as managerial perspective. There was elements regarding risk in the CISM exam but it just touches the surface.
    • I don't see a lot of postings externally asking about CRISC but its definitely something you can bring up demonstrating your level of understanding to potential employers which would be a benefit
    If you had to chose between the two, I would say you would have more value in writing the CRISC. Good luck with your next exam!

    Cheers,
    · Share on FacebookShare on Twitter
  • ecuisonecuison CISSP, CCSP, TOGAF v9 Certified, Security+, Network+ Member Posts: 131 ■■■■□□□□□□
    DZA_ said:
    Hey OP, 

    Given that you have your CISSP in your signature and you are debating whether to write CISM or CRISC, I can give you the following personal observations and feedback. 
    • I hold both the CISSP and the CISM certification and I can tell you for one is that there are ton of overlap between the CISSP and CISM. 
    • Each InfoSec managerial certification has their own way of "thinking" e.g. ISC2 has theirs and ISACA has their own framework.
    • Depending on your organization, your org can have a certain mindset; here the majority of the larger security team is heavily certified in ISACA vs ISC2. This shouldn't influence your decision as much but just something to think about
    • If you do pursue the CISM certification, I think you would spend your time more worth while to write the CRISC. Why you say? Being a part of a manager or a technical resource who understands how to manage risk is very important and how to convey that to the business.There is a lot of business element to the CRISC that IT professionals should understand at a senior as well as managerial perspective. There was elements regarding risk in the CISM exam but it just touches the surface.
    • I don't see a lot of postings externally asking about CRISC but its definitely something you can bring up demonstrating your level of understanding to potential employers which would be a benefit
    If you had to chose between the two, I would say you would have more value in writing the CRISC. Good luck with your next exam!

    Cheers,
    Thank you for your input! I'll be focusing on the CRISC!
    Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
    · Share on FacebookShare on Twitter
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Good luck on the CRISC.
    Just my 2 cents - I found a lot of overlap between the CRISC and CISM. And most of the topics were pretty mundane. The effort to do both the CRISC and CISM if you already have the CISSP is actually pretty low. Personally, ISACA's way of looking at risk and infosec doesn't align with my own way of thinking but it's interesting to get their perspective. 
    · Share on FacebookShare on Twitter
  • ecuisonecuison CISSP, CCSP, TOGAF v9 Certified, Security+, Network+ Member Posts: 131 ■■■■□□□□□□
    paul78 said:
    Good luck on the CRISC.
    Just my 2 cents - I found a lot of overlap between the CRISC and CISM. And most of the topics were pretty mundane. The effort to do both the CRISC and CISM if you already have the CISSP is actually pretty low. Personally, ISACA's way of looking at risk and infosec doesn't align with my own way of thinking but it's interesting to get their perspective. 
    Thank you for your input.  From reading on this forum and other people who have taken ISACA exams is that, "You have to understand it and know it from the ISACA perspective."  Not that it's wrong, but it's their way or no cert way.....
    Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
    · Share on FacebookShare on Twitter
Sign In or Register to comment.