Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

CISSP or CISM

  • 07-11-2019 5:44pm
    #1
    Neames
    Registered Users Posts: 951 ✭✭✭


    Folks,

    I'm interested in learning more about Information Security with a view to completing some certifications.

    Can anyone advise about certification paths to begin with CISSP or CISM.

    I would like to perhaps move into Security (Management) in the future having worked for many years in management of software development teams.


Comments

  • #2
    horgan_p
    Moderators, Education Moderators Posts: 2,603 Mod ✭✭✭✭horgan_p


    Hey ,


    CISSP will require you to have 5 years of demonstrable experience in IT Security in at least one of the 8 domains.
    Without that experience you will be an associate until you gain the experience.
    CISM : ( this is something I didnt know until 10 minutes ago :

    4. Work Experience
    Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.

    Experience Substitutions
    The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.

    Two Years:

    Certified Information Systems Auditor (CISA) in good standing
    Certified Information Systems Security Professional (CISSP) in good standing
    Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)
    One Year:

    One full year of information systems management experience
    One full year of general security management experience
    Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
    Completion of an information security management program at an institution aligned with the Model Curriculum
    The experience substitutions will not satisfy any portion of the 3-year information security management work experience requirement.

    Exception: Two years as a full-time university instructor teaching the management of information security can be substituted for every 1 year of information security experience.


  • #3
    Neames
    Registered Users Posts: 951 ✭✭✭Neames


    Thanks Horgan_p...

    I've worked in IT in a management role for 15 years...role was mainly in software development but I think I could tick a number of boxes in terms of experience for both CISSP and CISM.

    I may have a chance to get into a management position in the future in Info Security. I suppose my question is which certification to focus on first with a view to taking up a management role?


  • #4
    hmmm
    Registered Users Posts: 11,205 ✭✭✭✭hmmm


    CISSP is more widely recognised.

    CISM is a fine certificate for anyone going down the management route, but I'd start with CISSP.

    Both require substantial experience in security.


Advertisement