CISM (Certified Information Security Member)
CISM (Certified Information Security Member) is a registered information security manager certification founded by ISACA. It is committed to the management level and focuses on the information security strategy, evaluation system and policy. Since its launch in 2002, CISM has been highly praised by senior information security managers around the world. So far, more than 28,000 people have obtained CISM certificate. CISM focuses on the management level, which is a globally recognized recognition of the personal ability to develop, establish and manage enterprise information security systems. The maintenance rate of CISM certificate exceeds 95%.
Other information security certifications focus on specific technology, operation platform or product information, or the initial work of information security. Only CISM is for information security managers, and the focus is no longer on individual technologies or skills, but is transferred to the information security management of the whole enterprise.
CISM is aimed at the individual managers who manage and supervise the enterprise’s information security. Many people may have held relevant certifications in other fields. Because it focuses on the needs of management, so the work experience is relatively important. Therefore, CISM requires at least 5 years of experience in information security management, and the contents of the examination are also focused on the daily work of information security managers.
CISM certificate is suitable for
- CIO / Senior IT Manager / Director of enterprise information security CSO / Director of Information Center
- Information system audit professionals and IT auditors
- Managers and technicians responsible for information system security management and planning
- Information security industry insiders, IT or security consultants
- Any person who needs to manage, design, supervise or evaluate the organization’s information security
- People who have about 3 to 5 years of information security management experience
CRISC (Certified in Risk and Information Systems Control)
CRISC (Certified in Risk and Information Systems Control) founded by ISACA is mainly designed for personnel with experience in IT risk management and IS control design, implementation, supervision and maintenance. Risk refers to the uncertainty of deviation from the achieved goal. ISACA pointed out in COBIT5 that all IT risks are business risks. CRISC fully supports risk control of COSO, Basel II / III, GAMP and other enterprises. In 2017, the government opened the simplified Chinese examination in Chinese mainland.
CRISC is a global top IT professional certification. CRISC can target IT Chief Risk Officer (CRO) in financial / banking industry, or similar decision-making roles in other industries (such as oil, medicine, listed companies, multinational groups). CRISC, like CISA / CISM, is certified by the U.S. Department of Defense and relevant standards organizations. According to the statistics of the United States in 2015, the average salary of CRISC holders among IT employees is the highest in the world, with an annual salary of more than 120,000 US dollars.
CRISC certificate is suitable for
- Information security manager, risk manager; Control manager, compliance manager;
- Other personnel engaged in IT risk;
- CRISC candidates, etc;
- CIO, CSO, director of risk management, control and compliance, IT manager and person in charge;
- IT auditor
The difference between CRISC and CISM
CRISC focuses on risk and strategic security, while CISM pays more attention to information security management and executors.