CISM vs CISSP: How to choose the right information security certification

IT professionals in the GCC (Gulf Cooperation Council) countries that have certifications such as CISSP® (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) instantly make themselves more competitive, and can progress their career and earn more money than their peers.

Both certifications require at least five years of relevant work experience and are highly valued among employers in the GCC countries. They provide information security professionals with a globally recognised standard of achievement.

If you are struggling to decide which certification is right for you, we have summarised the benefits of each and who they are best suited for below.

Benefits of gaining the CISM certification

More than 27,000 professionals have earned the CISM certification since it was introduced in 2002, and in the Europe and Africa regions there are almost 7,000 certifications (ISACA certifications by region, 2018).

The CISM qualification is awarded by ISACA® (previously known as the Information Systems Audit and Control Association) and demonstrates the ability to implement information security programmes in line with broader business goals and objectives.

CISM has a strong focus on management rather than technical aspects of information security, and defines four domains on which you will be examined:

  1. Information Security Governance (24% of exam)
  2. Information Risk Management and Compliance (30% of exam)
  3. Information Security Program Development and Management (27% of exam)
  4. Information Security Incident Management (19% of exam)

There are several test centres in GCC countries where you can take the CISM exam, including centres located in Dubai, Abu Dhabi and Ajman (UAE), Rihyadh, Al Khobar and Jeddah (Saudi Arabia), Hawally (Kuwait), and Doha (Qatar). Find a test centre near you >>

Best suited for: Information security professionals looking to take the next step in their career and headed into management. Roles include information security managers (or aspiring), information security consultants and CIOs (chief information officers).

More information about CISM >>

Benefits of gaining the CISSP certification

In the GCC countries, CISSP is also growing in popularity. As of June 2018, there were a whopping 127,734 certifications worldwide, of which 589 CISSP members were located in the UAE, 335 in Saudi Arabia and 120 in Qatar ((ISC)2 Member Counts – CISSP, 2018).

Developed and maintained by (ISC)2 (International Information System Security Certification Consortium), CISSP has become a prerequisite for anyone developing a senior career in information security.

CISSP provides information security professionals with an objective measure of competence and is divided into eight CBK (common body of knowledge) domains:

  1. Security and Risk Management (15% of exam)
  2. Asset Security (10% of exam)
  3. Security Engineering (13% of exam)
  4. Communications and Network Security (14% of exam)
  5. Identity and Access Management (13% of exam)
  6. Security Assessment and Testing (12% of exam)
  7. Security Operations (13% of exam)
  8. Software Development Security (10% of exam)

There are several test centres in GCC countries where you can take the CISSP exam, including centres located in Abu Dhabi and Dubai (UAE), Riyadh (Saudi Arabia), Kuwait City (Kuwait) and Doha (Qatar). Find a test centre near you >>

Best suited for: Mid- and senior-level managers who are working towards, or have already attained, positions as CISOs (chief information security officers), CIOs, IT managers or security systems engineers.

More information about CISSP >>

Take the next step in your career

It’s quite common for information security professionals in GCC countries to gain both CISSP and CISM certifications during their career.

CISSP is usually the first certification IT professionals choose to gain as it enables you to learn the technical skills behind information security, before delving into more advanced topics of managing programmes.

Candidates can prepare for the exam with CISSP training and appropriate revision materials, including the Official (ISC)2 Guide to the CISSP CBK, Fourth Edition, which provides a comprehensive overview of the eight domains.

IT Governance also provide official study materials to help prepare for the CISM exam.

For more advice and resources to help you decide whether CISSP or CISM is the right certification for you, please get in touch with a member of our team by emailing or calling us on +971 56696 7974.


Online exclusive offer: Save 10% when you book online for the Lead Auditor course in Dubai