CISM Certification and CRISC Certification of ISACA, Which Is More Suitable for You?


CISM (Certified Information Security Member) is a registered information security manager certification established by ISACA. It is dedicated to management and focuses on information security strategy, evaluation system and policy. Since its launch in 2002, CISM has been highly praised by senior information security managers all over the world. Up to now, more than 28,000 people have obtained this certificate. CISM focuses on the management level, which is globally recognized as the recognition of the individual ability to develop, establish and manage enterprise information security systems. The maintenance rate of CISM certificate is more than 95%.


Other information security certification focuses on specific technology, operation platform or product information, or the initial work of information security work. Only CISM aims at information security managers, and the focus is no longer on individual technology or skills, but on the information security management of the whole enterprise.


CISM(spoto exam) is aimed at individual managers who manage and supervise the information security of enterprises. Many of them may have held relevant certification in other fields. Because it focuses on the needs of management, work experience is relatively important. Therefore, CISM requires at least five years of experience in information security management, and the content of the examination is also focused on the daily work of information security managers.


CIO / Senior IT Manager / Enterprise Information Security Director CSO / Information Center Director, Information System Audit Professionals, IT Auditors, managers and technicians in charge of information system security management and planning, information security professionals, it or security consultants, anyone who needs to manage, design, supervise or evaluate the organization’s information security has about 3-5 years of information security management experience.


Certified in Risk and Information Systems Control (CRISC), which is established by ISACA, is mainly designed for personnel with experience in IT risk management and is control design, implementation, supervision and maintenance. Risk refers to the uncertainty of deviation from the goal. ISACA points out in COBIT5 that all it risks are business risks. CRISC fully supports COSO, Basel II / III, GAMP and other enterprise risk control. In 2017, the Chinese mainland simplified Chinese examination was launched in mainland China.


CRISC is a global top it professional certification. CRISC can be targeted at the IT Chief Risk Officer (CRO) in the financial / banking industry, or similar decision-making roles in other industries (such as oil, medicine, listed companies and multinational groups). CRISC, like CISA / CISM, is certified by the U.S. Department of defense and relevant standards organizations and can work with a certificate. According to the statistics of the United States in 2015, the average salary of CRISC holders among IT employees is the highest in the world, with an annual salary of more than $120,000.


Information security manager, risk manager; Control manager, compliance manager; Other IT risk related personnel; CRISC candidates, etc; CIO, CSO, head of risk management, control and compliance, it manager and person in charge; It auditors.


CRISC focuses on risk and strategic security, while CISM focuses on information security management and executors.
read more about cism vs cisa


Be Sociable, Share!



    Leave a response