The CISM Certificate is designed for professionals who manage, design, and assess Information Security programs. It is common for CISAs and CISSPs to pursue the CISM Certificate to complement their credentials.
Although there are many differences between the CISSP common body of knowledge and the CISM job practice areas, the most obvious differences is in the experience requirements. Only CISM requires information security management experience, in addition to general information security experience. CISSP has no such management requirement. Earning the CISSP and/or the CISA credential is complementary to the attainment of the CISM credential and is encouraged.
The CISM exam will cover five information security management areas, each of which is further defined and detailed through task and knowledge statements.