Top security certifications
Some of the top Information security certifications are offered by International Information Systems Security Certification Consortium (ISC)2 and ISACA (previously was known as Information Systems Audit and Control Association, but now just uses the acronym).
There is a very excellent sent of certifications offered by Global Information Assurance Certification (GIAC) which whilst not described here I will be hoping to discuss in future, I currently don't have first hand experience of GIAC and the certifications offered.
Summary of the certifications
Certification
|
Summary
|
Body
|
CISSP
|
The qualification of Certified Information Systems Security
Professional (CISSP) was
created in 1989. It is the one of the most popular and well known security
certification. The CISSP study
programme gives a broad overview of information security. Certification is by
way of a multiple choice examination that covers 10 subject areas, including
'Cryptology', 'Law, Investigation and Ethics'.
|
(ISC)2
|
CISM
|
The Certified Information Security Manager (CISM) programme is
intended to recognise those with the technical and managerial abilities to
oversee an enterprise wide information security system. Individuals in such a
role require an understanding of business goals and IT strategies, as well as
the ability to define sensible security policies, acceptable usage policies
for the use of email and Internet, and the configuration of the organisations
firewall.
The CISM certification is for the individual, who manages, designs,
oversees and/or assesses an enterprise’s information security (IS). The CISM
certification promotes international practices and provides executive
management with assurance that those earning the designation have the
required experience and knowledge to provide effective security management
and consulting services.
|
ISACA
|
CISA
|
The Certified Information Systems Auditor (CISA) is recognised as the
standard of achievement for those who audit, control, monitor and assess an
organization’s information technology and business systems.
With a growing demand for professionals possessing IS audit, and
control skills, CISA has become a preferred certification program by
individuals and organizations around the world. CISA certification signifies
commitment to serving an organisation and the IS audit, control industry
|
ISACA
|
The certifications themselves although overlap on some content have different focuses, the most obvious is the CISA and its focus on auditing, this is a good certification not only for auditors but for those who deal with auditors.
The Venn diagram shows how the certifications complement each other with different focuses on auditing, or strategic, or tactical functions.
ISACA say that earning the CISSP and/or the CISA credential is complementary to the attainment of the CISM credential and is encouraged.
- Defining what it is you examine (the competencies)
- Knowledge, skills and personal attributes
- Examination must be independent
- Examination must be a valid test of competence
CISA domains (2011)
Domain 1
|
The Process of Auditing Information Systems
|
Domain 2
|
Governance and Management of IT
|
Domain 3
|
Information Systems Acquisition, Development and Implementation
|
Domain 4
|
Information Systems Operations, Maintenance and Support
|
Domain 5
|
Protection of Information Assets
|
CISM domains (2011)
Domain 1
|
Information Security Governance
|
Domain 2
|
Information Risk Management and Compliance
|
Domain 3
|
Information Security Program Development and Management
|
Domain 4
|
Information Security Incident Management
|
CISSP Domains (2012
Candidate Information Bulletin)
Domain 1
|
Access Control
|
Domain 2
|
Telecommunications and Network Security
|
Domain 3
|
Information Security Governance and Risk Management
|
Domain 4
|
Software Development Security
|
Domain 5
|
Cryptography
|
Domain 6
|
Security Architecture and Design
|
Domain 7
|
Operations Security
|
Domain 8
|
Business Continuity and Disaster Recovery Planning
|
Domain 9
|
Legal regulations, investigations, and compliance
|
Domain 10
|
Physical and Environmental Security
|
Exam comparison
Exam
|
Length
|
No of Questions
|
Pass score (Scaled)
|
Max score (scaled)
|
Frequency
|
CISA
|
4
|
200
|
450
|
800
|
twice a year
|
CISM
|
4
|
200
|
440
|
800
|
twice a year
|
CISSP
|
6
|
250 *
|
700
|
1000
|
Frequently
|
*25 questions are experimental and not graded
Thanks for sharing this post. This is really helpful information for me and also those are in interested in CISA and CISM. Apart from this if you want more information about this visit this link CISA Training Course
ReplyDelete