Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

CISSP or CISM

  • 07-11-2019 05:44PM
    #1
    Neames
    Registered Users, Registered Users 2 Posts: 959 ✭✭✭


    Folks,

    I'm interested in learning more about Information Security with a view to completing some certifications.

    Can anyone advise about certification paths to begin with CISSP or CISM.

    I would like to perhaps move into Security (Management) in the future having worked for many years in management of software development teams.


Comments

  • #2
    horgan_p
    Moderators, Education Moderators Posts: 2,643 Mod ✭✭✭✭horgan_p


    Hey ,


    CISSP will require you to have 5 years of demonstrable experience in IT Security in at least one of the 8 domains.
    Without that experience you will be an associate until you gain the experience.
    CISM : ( this is something I didnt know until 10 minutes ago :

    4. Work Experience
    Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.

    Experience Substitutions
    The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.

    Two Years:

    Certified Information Systems Auditor (CISA) in good standing
    Certified Information Systems Security Professional (CISSP) in good standing
    Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)
    One Year:

    One full year of information systems management experience
    One full year of general security management experience
    Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
    Completion of an information security management program at an institution aligned with the Model Curriculum
    The experience substitutions will not satisfy any portion of the 3-year information security management work experience requirement.

    Exception: Two years as a full-time university instructor teaching the management of information security can be substituted for every 1 year of information security experience.


  • #3
    Neames
    Registered Users, Registered Users 2 Posts: 959 ✭✭✭Neames


    Thanks Horgan_p...

    I've worked in IT in a management role for 15 years...role was mainly in software development but I think I could tick a number of boxes in terms of experience for both CISSP and CISM.

    I may have a chance to get into a management position in the future in Info Security. I suppose my question is which certification to focus on first with a view to taking up a management role?


  • #4
    hmmm
    Registered Users, Registered Users 2 Posts: 11,202 ✭✭✭✭hmmm


    CISSP is more widely recognised.

    CISM is a fine certificate for anyone going down the management route, but I'd start with CISSP.

    Both require substantial experience in security.


Advertisement