The Difference between Certified Information Systems Auditor and Certified Information Security Manager

By : techNoEdge January 10, 2020


Long gone are the dial-up internet days since AOL shut down its service for rural areas. The briefcase-size mobile telephones also have disappeared as 5G technology looms ahead. These technologies have now become part of the great history of communications. It seems impossible that the world-wide web is only a few decades old and yet we know that information technology (“IT”) is here to stay.

The current state of technology allows for instantaneous connections almost anywhere in the world. Because global connections open up a plethora of opportunities for maleficent individuals to thrive, it is critical there be well-trained, educated, ethical and hard-working individuals to combat the global threats to individuals (in their homes), businesses and governments. As we have become dependent on technology, we also recognize how critical it is that our systems are free and clear of hostile acts. Yes, there are many threats that could impact our lives. Combating profound wickedness is no easy feat unless you are a Certified Information System specialist.

Am I a good fit?

Much like the IT world, where there are no limits to the size of the internet, there are infinite opportunities for individuals interested in the Information Systems (“IS”) arena. Positioning yourself in the IS field, either as a Certified Information Systems Auditor (“CISA”) or Certified Information Security Manager (“CISM”), you will be part of a highly specialized group of individuals interested in the audit, control and security of IS.

Well-respected professionals, CISA and CISM certified individuals have a hand in creating their own future. From IT Auditor (CISA Certification) to Chief Architectural Officer (CISM Certification), you can choose from many jobs to be part of a team or to be a team member managing others.

CISA generally has IT auditors working in security, administration and related jobs. The CISA Certification is the standard that is achieved through progressive learning and work experience. Persons with CISA Certification can anticipate – as an IT Auditor – an average salary of C$90,475 per annum. Entry-level positions start at $70,000 per year while most experienced workers make up to $153,808 per year. Worldwide, less than 80,000 people have a CISA certification.

While the CISM Certification may seem like a natural progression from CISA Certification – better pay and more responsibilities – individuals pursuing this qualification must have a minimum of five years of information security experience and a desire to lead others. Three of those years (or more) must be in information security management work. Additionally, this person not only understands information security management but also comprehends the value to the bottom line in a company or organization’s performance. Salaries for CISM Certified average C$104k per annum.

CISA and CISM Certification exams

Expect the following on the CISA & CISM Certification exams:

CISA – 5 areas of concentration:
– The Process of Auditing Information System (21%)
– Governance & Management of IT (16%)
– Information Systems Acquisition, Development & Implementation (18%)
– Information Systems Operations, Maintenance & Service Management (20%)
– Protection of Information Assets (25%)

CISM – 4 areas of concentration:
– Information Security Governance (24%)
– Information Risk Management (30%)
– Information Security Program Development and Management (27%)
– Information Security Incident Management (19%)

Testing times, fees and exam re-takes may vary; however, both the CISA and CISM Certification exams costs are as follows:
– ISACA Members: $575 USD
– Non-members: $760 USD

Before and After

There are no pre-requisites for taking the CISA exam; however, five years of relative work experience is required.
When you sit for the CISM Certification exam you are expected to already be thinking like a manager.
After you pass the CISA and CISM Certification exams you have additional requirements ranging from Continuing Professional Education (CPE) Program to work requirements. Both CISA and CISM Certifications require you to maintain the Code of Ethics.
CISA – Valid for 3 years with requirements
CISM – Valid for 5 years with requirements

Continuing education and work experience requirements is a small price to pay for the value added in with your CISA or CISM Certification.

Are you a Hall of Famer?

There is no right or wrong in the path you choose. If you care about confidentiality, integrity, and availability than you are an excellent candidate for a career in information systems auditing, control, or security.

Whichever path you take – CISA or CISM Certification – you are courageous and on your way to making our lives safer from evildoers. You are a visionary navigating through unchartered waters. Be steadfast in your learning, work diligently and prosper as you strategically help to make cyberspace safer for us all. Dive deeper to discover high-tech success with your CISA or CISM Certification.

Read our other blog: Become a Certified Information Security Manager

Want to find out more about TechnoEdge Learning?Enquire Today