Although there are many differences between the CISSP Common Body Of Knowledge and the CISM Job Practice Areas, the most obvious differences is in the experience requirements. Only CISM requires information security management experience, in addition to general information security experience. CISSP has no such management requirement.
Candidates who do not meet the CISSP professional experience requirements may become Associates of (ISC)2. To become an Associate of (ISC)2, you will need to complete and submit the examination form and successfully pass the exam. You don't have to wait until you've spent years in the field to demonstrate your competence in information security.
After taking the CISSP examination, you will receive an email from (ISC)2 indicating whether you have passed the exam. Upon successfully passing the exam, you become an Associate of (ISC)2. The (ISC)2 Associate for CISSP designation is valid for a period of 5 years from the date the "pass" email is issued; the (ISC)2 Associate has a maximum of 5 years to obtain the required experience and submit the required endorsement form for certification as a CISSP.
The CISSP credential is ideal for mid-level and senior-level managers who are working toward or have already attained positions such as CISOs, CSOs or Senior Security Engineers.
As a CISSP, you gain access to (ISC)2 services and programs which support and enhance your growth throughout your information security career. These services and programs include:
- Ongoing education
- Peer networking
- Forums Events
- Job postings
- Industry communications
- Concentrations for proven subject matter expertise
- Speaking and volunteer opportunities