Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: CISM or CISSP first

from [Richard Lane] Network Security [Permanent Link]
Subject: RE: CISM or CISSP first
Date: Sat, 25 Aug 2007 21:47:16 +1000 
Mamo,

I've just passed the CISM exam, waiting for the certification to come
through, and have just started CISA.  I don't have CISSP, but an MSc in
Information Security.

Your question is one that comes up a lot, and provokes a lot of discussion
between the haves and have nots generally around whether or not CISSP has
become a "checkbox" qualification (I mean no insult to the haves in this,
and I have every intention of taking it myself).  These days it does appear
that the majority of employers, when initially filtering for security
positions, will use the CISSP as their initial filter.

I've heard the CISSP described as "a mile wide, but an inch deep" when
talking about the material covered.  The CISSP does indeed cover a vast
range of topics, whereas the CISM focuses on 5 areas - Infosec Governance,
Risk Management, Infosec Policy Management, Infosec Program Management and
Incident Management.  CISM goes into more depth in these areas than the
CISSP, which does cover these areas to a certain degree.

As you already have CISA, I would advise taking CISM first, and then sitting
the CISSP afterwards.  I've been told by a friend who writes questions for
the CISM and runs review courses for CISSP that once you have CISM and CISA,
you can pretty much go straight to the CISSP exam without needing to spend
out for the review course.

Hope this helps & good luck

Richard Lane MSc

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of mamo
Sent: 23 August 2007 10:40
To: security-basics@securityfocus.com
Subject: CISM or CISSP first

Hello.

I work as IT Infrastracture and Security cosultant from 10 years for
large organization.

I would like to take a certification in IT Security. I am a technology
guy working on large integration project on security aspect , but
often involved in auditing, policy management and process part of
security (the part often missing, more than the tech stuff). I match
the experience requisite of both cism & cissp. I am already CISA &
ISO27001 certified.

What have been your esperience with cissp or cism certification?
Which one is more value (on the market and as  a way of studing
interesting new stuff)? What topic are better covered by the two
certification? Which one is easier to study and pass?

Can you share with me your thought?

Best Regards,
Mamo
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Protocol analyzer reports, theog
Next by Date:  RE: HTTPS redirections, anthony
Previous by Thread:  Re: CISM or CISSP first, WALI
Next by Thread:  Protocol analyzer reports, guiness.stout
Indexes:  [Date] [Thread] [Top] [All Lists]