CISSP is much more expensive and tougher than CISA. By looking at the number of domains that need to be covered and number of questions, you could have an idea on the differences.
a pure CISA certified person is limited to IT auditing and not possible to have a direct transfer to infosec field while CISSP holder is more flexible between audit and infosec. CISSP is almost the equiv of CISM in term of coverage and cost. both are among the most expensive certification exams.

I have a number of work colleagues who are CISM, CISA and CISSP. By asking them the difference, they could tell you better. certification tends to differentiate you from the rest, at least on paper.

This post has been edited by saintcute: Jan 11 2009, 01:59 AM