Table of Contents
CISM (Certified Information Security Member)
CISM is a registered information security manager certification founded by ISACA. It is committed to the management level and focuses on the information security strategy, evaluation system, and policy.
Since its launch in 2002, CISM has been highly praised by senior information security managers around the world. So far, more than 28,000 people have obtained this certificate. CISM focuses on the management level, which is a globally recognized recognition of the personal ability to develop, establish and manage enterprise information security systems. The maintenance rate of the CISM certificate exceeds 95%.
Other information security certifications focus on the specific technology, operation platform or product information, or the initial work of information security. Only CISM is for information security managers, and the focus is no longer on individual technologies or skills but is transferred to the information security management of the whole enterprise.
CISM is aimed at the individual managers who manage and supervise the enterprise’s information security. Many people may have held relevant certifications in other fields. Because it focuses on the needs of management, work experience is relatively important. Therefore, CISM requires at least 5 years of experience in information security management, and the contents of the examination are also focused on the daily work of information security managers.
CISM is suitable for
CIO / Senior IT Manager / Director of enterprise information security CSO / Director of Information Center
Information system audit professionals and IT auditors
Managers and technicians responsible for information system security management and planning Information security industry insiders, IT or security consultants Any person who needs to manage, design, supervise or evaluate the organization’s information security
People who have about 3 to 5 years of information security management experience
CRISC (Certified in Risk and Information Systems Control)
CRISC (Certified in Risk and Information Systems Control) founded by ISACA is mainly designed for personnel with experience in IT risk management and IS control design, implementation, supervision, and maintenance. Risk refers to the uncertainty of deviation from the achieved goal. ISACA pointed out in COBIT5 that all IT risks are business risks. CRISC fully supports risk control of COSO, Basel II / III, GAMP, and other enterprises. In 2017, the government opened the simplified Chinese examination in the Chinese mainland.
CRISC is a global top IT professional certification. CRISC can target IT Chief Risk Officer (CRO) in the financial / banking industry, or similar decision-making roles in other industries (such as oil, medicine, listed companies, and multinational groups). CRISC, like CISA / CISM, is certified by the U.S. Department of Defense and relevant standards organizations. According to the statistics of the United States in 2015, the average salary of CRISC holders among IT employees is the highest in the world, with an annual salary of more than 120,000 US dollars.
CRISC is suitable for
Information security manager, risk manager; Control manager, compliance manager;
Other personnel engaged in IT risk;
CRISC candidates, etc;
CIO, CSO, director of risk management, control, and compliance, IT manager, and person in charge;
The difference between CRISC and CISM
CRISC focuses on risk and strategic security, while CISM pays more attention to information security management and executors.