[kictanet] [Skunkworks] CISA, CISM, CISSP, CCSP, ITIL, etc????

John Walubengo jwalu at yahoo.com
Fri Mar 28 14:53:03 EAT 2008 

--- fyodor <fyodor at hushmail.com> wrote:
As a side note for John, who's aggressively advertising
for the CISA Cert, precisely convince me why I should take
a white hat tailored course. Instead of,lets say, attend
one of those  Black hat Cons where they teach far beyond
what you will get in CISA!!!  

~~~~~~~~~~~0000~~~~~~
fyodor at hushmail.com,

CISA,CISM, CISSP, CCSP, ITIL, CoBIT and many others can
indeed present challenges to prospective security
candidates. What to chose? what to leave? etc.

I wouldnt say one is better than the other, because they
all have their unique objectives that they try to address
in the ICT security market. Its like asking whether a heart
surgeon is preferred to a Brain surgeon or to a
Physiotherapist or to an Optician. They are all medical
practitioners with unique skills that presumes a common
undertanding of medicine.

So it is with all these Security Certifications, they all
offer a common security foundation but with various
tangents  depending on whether you want to drill down to
the 'hands-on' or keep an overall birds-eye view of the IS
security status of an organisation.  

I cannot speak for the other Certifications but for CISA/SM
track of certification, they focus on the overall security
view of the organisation, sort of the architectural
blue-print view of the security status.  From this
perspective, the CISM/SA holder will actually see the need
to hire the hands-on or drill-down hacker-type of techie to
seal any technology specific security issues (e.g what a
Cisco Certified Security Professionals, CCSP would do)...

This is not to imply that CCSP is therefore weaker or
cheaper than CISM/SA since the CCSP will have the
perrogative to charge an arm and a leg for her skills when
called upon by the CISM/SA to provide her services....

Bottom line of the real value of the certification will
eventually be dictated by the domestic market conditions
i.e. what are the appropriate number of CISMs, CISAs, CCSPs
etc that can be absorbed by the Kenyan ICT Security market
annually? If we have too many of each, then automatically
organisations will begin paying peanuts for their
respective services.

walu.





      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

More information about the KICTANet mailing list