Tag: certification

ISMS Certification vs Conformity

So, as stated here you can certify against ISO/IEC 27001 only. But why certify? Here are some reasons provided by certification bodies.

Certification finds no basis in legislative or regulatory requirement, so why bother? The best answer is to validate that investment in security controls meets business goals and provides business value. Business value is found in managing business risk, achieving high levels of legislative and regulatory compliance, and managing vulnerabilities and threats. The ISO security standards provide a disciplined approach to information security, business risk management, and compliance management. Certification provides an independent validation that the organization has applied that discipline effectively and proves due diligence on the part of executives and management, that they are addressing the information security needs of
the organization.

Continue reading ISMS Certification vs Conformity

CISSP Intro

This starts a series of posts that deals with CISSP CBK (Common Body Knowledge). The summary covers all the ten CBK that are required for the CISSP Exam. One should not use this as a definitive guide in taking the CISSP exam, but rather as an intro to CISSP. All the data is gathered from various sources, starting from study guides for the exam and ending with materials found on the Internet.

As a side notice, there are questions about CISSP vs CISA. The focus of those two certifications is different. While CISSP is focused on building and maintain security (although is not a technical standard), CISA is more focused on auditing and assessing risks and controls. Your choice of certification should be based on what you really want to work with. If you want to be a security professional, CISSP is the choice. If you want to be an IT/IS auditor instead, then you should take CISA. As I’ve been an IT/IS auditor and now is an IS consultant. There is a lot of knowledge supported by both CISA and CISSP.