CISM vs CISSP : Difference Between CISM and CISSP Certification

CISM vs CISSP is the most searched comparison in Cyber security. “CISM certification” is for managers, and the “CISSP certification” is for Engineers and Cybersecurity Architecture designers. Our article covers a detailed comparison between CISM and CISSP. Module-based difference between these certifications is also covered. “CISM” course has changed since June 22, and CISM is now more tactical and business-centric than governance based. “CISSP” is even now the same as previously.

Few questions need answering before selecting and picking one between CISM vs. CISSP:

Which has more benefits in CISM vs. CISSP? What are their job titles?

The number of Job titles when we talk of CISSP is more than CISM.

“CISM” is for Management level Information security professional who wants to strengthen their Management-skills. CISSP covers titles like Security Managers, Security consultants, managers, security auditors, analysts, architects, and IT directors.

What are the prerequisites for applying for these courses? How did it turn out to be under CISM vs. CISSP?

CISSP Prerequisites:

  • It requires Five years of paid work experience in two or more domains out of all eight domains.
  • Work should be full-time, which means 2080 hours in a year.
  • You can get a one-year waiver if you have taken four years degree course or anything equivalent.
  • The registration fee for CISSP is $749.

CISM Prerequisites:

  • It requires Five years of experience in Information security and Three years in Information security management in three or more CISM domains.
  • There is a registration fee of $760 for nonmembers of ISACA, and $575 for members of ISACA.
  • Also, you can apply for the exam and try to gain it within five years after passing the certification.
  • And, if the applicant has the CISSP or CISA certification, then he can do well with two years less in information security though, three years of information management experience will still be required.

What is an experience criterion for both? Do you have it?

Experience is required as explained in prerequisites for both CISM and CISSP,

Do you have expertise in the security domains required for CISM vs. CISSP?

Experience in two or more domains from the required domains for CISSP and an experience in three or more domains from the required four domains in CISM is a must.

Domains as per CISSP’s Common body of knowledge are:

  • Security Risk Management
  • Asset security
  • Security Architecture and Engineering
  • Communications and Networks Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software development security

Domains as per CISM’s Common body of knowledge are:

  • Information security Risk governance
  • Information security risk management
  • Information security program management and development
  • Information Security Incidence response management

Can Applicants do these courses without experience?

Yes, Applicants can get an associate degree in CISSP and get the required five years in the next six years. The Applicants can also get the CISM certification by passing and getting the Experience within the next five years. Score the required CPE to ensure your certification is up to date.

Can you assure the score?

  • CPE means continuing professional education.
  • You need to get 40 CPE credits each year and 120 CPE credits overall in the next three years after getting the CISSP certification.
  • For CISM as well, a minimum of 120 CPE credits in three years after passing is necessary.

A CPE hour is equivalent to 50 minutes of active participation in ISACA-certified conferences, workshops, seminars, meetings, and chapter programs. “Lunch hours” are excluded from CPEs, and other breaks. CPEs are obtainable for free by attending virtual conferences and online webinars. Same rules apply for the CPE under (ISC)^2.

What Goals have you fixed for your career?

It’s essential, and you need to decide whether you want to be a manager in Cyber Security or want to play a role covering critical technical tasks.

  • In the first case, you need to do CISM.
  • In the second case, you need to do CISSP.

Which is brighter for you to select from CISM vs. CISSP?

Both are equally bright.

  • CISSP-Certified Professionals” currently have more jobs than headcount.
  • “CISM,” however, has a lesser number of jobs than a head count, but both don’t lead to any chances of unemployment.

The maximum salary of the CISM certified ($118000) is more than CISSP certified ($110000) as its managerial position.

What is the annual maintenance fee for CISM vs. CISSP?

  • The CISSP certification holders pay an annual maintenance fee of $125.
  • They must retake the exam after three years.
  • And otherwise, their certification is canceled.
  • The annual maintenance fee for the CISM is $85.
  • The CISM certification expires every three years, and applicants retake the exam every three years.

Which provides more jobs while comparing CISM vs. CISSP?

  • CISSP professionals currently have more job options as compared to CISM.
  • “Managers” are fewer, and that’s the reason.
  • Both are, however, equally good enough.

What’s the difference between the exam formats of CISM vs. CISSP?


  • CISSP follows Computerized adaptive testing, and you cannot review answered questions.
  • From June 2022 onwards, the exam has 125-175 questions.
  • “25 pretest questions” do not count in the final scoring.
  • New questions are from the chapter which you answer correctly.

“Chapter-weightage” is still the same, and as below:

  • Security and Risk Management: 15%
  • Asset Security: 10%
  • Security Architecture and Engineering: 13%
  • Communication and Network-based Security; 13%
  • Identity and Access Management: 13%
  • Security Assessment and testing:12%
  • Security Operations: 13%
  • Software development Security: 11%r

Exam length is 4 hours

  • The passing grade is 700 out of 1000
  • Test centers: (ISC)^2 authorized testing centers
  • Exam Languages: English, Chinese, German, Spanish, Japanese, Korean
  • Also, (ISC)^2 does “Job Task Analysis,” and applicants are asked questions based on their roles in the job.
  • And we provide a 100% money bank guaranteed Exam Dump with loads of questions for practice.
  • The question bank is updated regularly.


  • The CISM exam comprises 150 questions answerable in 4 hours, and you can review the answers.
  • CISM is not CAT based, so keep this in mind.
  • However, questions are relatively easy compared to CISSP.
  • We advise you to pass CCNA and CCNP before CISSP and CISSP before CISM.
  • And you need to get 450 or + more marks to clear the certification.
  • Since June 2022, the exam pattern has changed, and each domain has a different weight.
  • The governance weightage has reduced, and others have increased.
    • Information Security Governance: 10% (17-7) =10 questions
    • Information Security Risk Management: 20% -10%= 30 questions
    • Information Security Program-33+6% =50 questions
    • Incident Management: 30+11% = 45 question

What is the difference between the job titles while comparing CISM vs. CISSP?

It is in the first question.

Explain CISM vs. CISSP.

Let’s take an example.

  • We have domain identity and access management in CISSP.
  • “New techniques” like single sign-on, biometric-based, third-party app token-based, and various other modes of access management are now available in the market.
  • We need to study all of these to pass this domain.
  • The same thing applies to CISM.

The central idea behind the explanation is we need elaborate and go through various sets of question banks related to these courses to pass them. We don’t want you to learn textbooks though a quick sneak peek through them. You already have job experience by the time you register for the certification. Hence, you have the hands-on and theoretical “experience” necessary. Though, the questions are hard. You require more practice with the question bank. More you will practice better will be your chances of clearing the certification. You are paying a lot of money. We advise you to prepare hard and as much as you can. You might have heard many on the Internet taking it lightly and telling you can retake the exam after failure without warnings. You are paying, and you need to register again if you fail. It is not that tough to pass these exams if you have worked properly during your work tenure and you prepare with the help of a question bank and solve as many questions as possible before sitting in the examination. Work hard and try to get the best marks on the first attempt. It is not that tough if you prepare well.

Please feel free to contact us for details. We will guide you through.


CISM can help you earn more, and CISSP will provide you with more diverse jobs. You will have more options. In the case of a manager in the Cyber Security domain, you need to do CISM, and for critical technical and analytical jobs, we need to do the CISSP. Please note that you are paying money. Every time you fail, you need to give a re-exam. You need to register again and pay registration fees. You require full-heart preparation. You can always reschedule the exam if you are not ready. But do that one month before. After that, you are not allowed to reschedule. Get our question bank, and we will provide you with all that you need to prepare at a reasonable cost. We will also provide you with sample question papers for preparation. So, do not hesitate and register for both or one after analyzing your career goals to select in between CISM vs CISSP.

About the author


Youssef is a Senior Cloud Consultant & Founder of

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Related posts