‘CISSP’ or the ‘Certified Information Systems Security Professional’, CISM or the ‘Certified Information Systems Auditor’, CASP or the ‘CompTIA Advanced Security Practitioner’ and CCISO or ‘Certified Chief Information security officer’ are all Information security domain’s leading certifications. This document compares the four certifications in a broad way.
‘CISSP’ or the ‘Certified Information Systems Security Professional’ from (ISC)2 is the ultimate certification that all cybersecurity professionals aim to achieve in their career. Earning the CISSP demonstrates that you have the capability to “effectively design, implement and manage a best-in-class cybersecurity program” (CISSP – The World’s Premier Cybersecurity Certification)
The CISSP exam covers almost every aspect of Information security in a broad way. It is popularly referred to as the certification that is “a mile wide and an inch deep”!! The CISSP exam is a much more technical and operational certification than other certifications.
Job roles that require the CISSP:
While the CISSP is an internationally accepted certification for all cyber security aspirants, the following job roles would particularly gain from getting the CISSP certification:
Pre-requisite to take the exam:
A CISSP candidate must demonstrate a minimum of 5 years of full-time security experience in two of the eight domains of the (ISC)2 CISSP CBK(Common body of knowledge)
Domains in the CISSP:
In order to pass the CISSP exam, the candidate needs to have mastery of the following eight domains to pass the exam.
All candidates who pass the exam must complete the endorsement process within 9 months. The application must be endorsed and digitally signed by an (ISC)2 professional. The endorser must attest to the candidate’s work experience in the IT security industry.
Once the candidate receives his CISSP credential from (ISC)2 they become a member of (ISC)2. The candidate should then recertify every 3 years.
Maintaining the certification:
Recertification is done by earning CPEs or ‘Continuing professional education’ and by paying AMF (annual maintenance fees) of 85$.
CPEs can be earned by joining webinars, attending events, reading and writing about Information security articles and books or volunteering.
The ‘Certified Chief Information Security Officer’or CCISO program is a leadership program designed by EC-Council. It is aimed at promoting middle level cyber security professionals to Executive leaders. It is also aimed at Executive leaders to sharpen their skills. It is a natural progression after the CISSP certification for all CISO’s and aspiring CISOs.
There are five domains in the CCSIO program
Maintaining and renewing the certification:
The CCISO certification is valid for one year. It can be renewed by paying 100$ and satisfying continuing education requirements.
The ‘Certified Information Security Manager’ from ISACA is for Information security professionals who would like to move from being a team player in the InfoSec domain to a manager. Unlike, the CISSP, the CISM is a management focused exam and enables InfoSec professionals to move from the technical realm into management.
The average salary of CISM certified professionals in the US is $118K.
“CISM is accredited by the American National Standards Institute (ANSI) under ISO/IEC 17024:2012” (Take your career to the next level – with CISM)
Domains in the CISM exam:
There are four domains in the CISM exam and they are much more focused than the CISSP. They are:
Pre-requisite to take the exam:
Candidates need to have five (5) or more years of experience in Information security out of which 3 years must be in the role of Information security manager in order to take the CISM exam.
However, experience waivers are available for a maximum of two (2) years.
Maintaining the certification:
Once certified, CISM professionals must maintain their certification by keeping their skills current and up to date. This can be done by complying with the continuing professional education (CPE) policy.
The CPE policy requires an individual to earn a minimum of twenty (20) continuing professional education (CPE) hours annually.
The candidate should also earn one hundred and twenty (120) continuing professional education (CPE) hours for every three year cycle.
In addition, an annual maintenance fee of US $45 for ISACA members and US $80 for non-ISACA members is required.
The candidate should also comply with ISACA’s code of Professional Ethics.
The ‘CompTIA advanced security practitioner exam’ (CASP+) is an advanced Information security certification that is suited for InfoSec practitioners who seek a hands on, performance based certification.
From the CompTIA site, here is a description of the CASP+ certification: The “CASP+ covers the technical knowledge and skills required to conceptualize, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise” (CompTIA Advanced Security Practitioner (CASP+))
The CASP+ certification is compliant with ISO 17024 standards and approved by the US DoD(Department of Defense) to meet directive 8140/8570.01-M requirements.
Job roles that require CASP+:
While the CASP+ certification would benefit all professionals in the InfoSec domain, the following job roles definitely require CASP+:
The candidate should have a minimum of 10 years of experience in IT administration out of which 5 years should include technical hands on security experience.
The candidate is tested on the following areas:
Maintaining and renewing your certification:
The CASP+ certification is valid for three years from the date of receiving it. In order to stay current with the skills that evolve each year, candidates can extend their certification by three years, by participating in the CompTIA continuing education program (CE).
In the CE program, candidates can participate in training programs and activities according to their certification to renew it. They have to collect 75 CEUs (Continuing Education Units) and upload it to their account within three years to automatically renew their certification.
The CASP+ certification plus the CE program also carries the ISO/ANSI accreditation status.
Career advancement with CISSP, CISM and CASP:
Once the candidate achieves the CISSP, CISM and/or CASP credential under their belt, candidates will get more respect and credibility in the Information security community! CISSP/ CISM/ CASP+ candidates will be exposed to better job opportunities for a brighter career.
Many job titles demand advanced certifications like CISSP, CISM or CASP+. Here are a few of them:
These are a few job descriptions that require a CISSP, CISM which have been posted on popular job portals in India and USA.
Here is a gist of the comparison of the different certifications:
The organization administering it
Job roles that require the certifcation
|CISM is designed for those who manage, design, oversee and assess an enterprise’s information security function.
|CISO’s, aspiring CISO’s, middle level cyber security professionals
|A CISSP candidate must demonstrate a minimum of 5 years of full-time security experience in two of the eight domains of the (ISC)2 CISSP CBK(Common body of knowledge)
|Candidates need to have five (5) or more years of experience in Information security out of which 3 years must be in the role of Information security manager in order to take the CISM exam
|The candidate should have a minimum of 10 years of experience in IT administration out of which 5 years should include technical hands on security experience.
|The average salary for CISSP certified professional is $131,030
|The average salary of the CISM certified professionals is $118,412
|The average salary for CASP+ certified professionals is $104,650
|The average salary for CCISO certified professionals is $134,380.
We hope the differences between the CISSP, CISM, CASP+ and CCISO were useful to you. For more information on InfoSec Train’s leading courses and certifications do visit our homepage at this link. https://www.infosectrain.com