The CISM exam will cover five information security management areas, each of which is further defined and detailed through task and knowledge statements.
Although there are many differences between the CISSP common body of knowledge and the CISM job practice areas, the most obvious differences is in the experience requirements. Only CISM requires information security management experience, in addition to general information security experience. CISSP has no such management requirement. Earning the CISSP and/or the CISA credential is complementary to the attainment of the CISM credential and is encouraged.
The CISM Certificate is designed for professionals who manage, design, and assess Information Security programs. It is common for CISAs and CISSPs to pursue the CISM Certificate to complement their credentials.
The CISA exam covers 5 IS audit, control or security areas, each of which is further defined and detailed through task and knowledge statements.
A candidate is given 4 hours to complete a 150-question multiple-choice exam.
The CISA certification is a clear indication of IT audit proficiency which is valued by companies of all sizes around the globe. As companies and government agencies continue to struggle with regulatory compliance requirements and cybersecurity risks, information system risk and control skills remain in high demand. Nearly every posting for jobs in the IT risk and assurance field (i.e. titles such as IT Auditor, IT Consultant, IT Risk Manager, IT Audit Manager, and Security Professional) list a CISA certification as a mandatory requirement. These same jobs tend to be well compensated, highly visible within the company, and great foundations for career advancement. When you receive your CISA certification, you increase the value you provide to your organization. As you can see, a CISA certification can open doors in your career and give you the edge over your competition.