ISO 27001 Certification?

CyberfiSecurity

Hi Everyone,

I need your advice to see who has the best ISO 27001 Certification for the North America region. I am starting up my own cybersecurity consulting and training company. I spoke with my former classmate at Georgetown University regard to his ISACA CISA and CRISC certifications. He said that if a company would be the best to get ISO 27001 certification instead ISACA. I did research about it, and it seems ISO 27001 is really popular in Europe vs in the North America. I checked out GIAC and EXIN, and they don't have ISCO 27001.

Any guidance is greatly appreciate it.

5ekurity

Are you talking about ISO27001 as opposed to ISACA's COBIT5?

CyberfiSecurity

5ekurity wrote: »

Are you talking about ISO27001 as opposed to ISACA's COBIT5?

Yes! It seems that ISO 27001 Certification is a tough to get through because the Accrediting organization has to come to your company to audit prior issuing provide the quality assurance.

SecMan3000

CyberfiSecurity wrote: »

Yes! It seems that ISO 27001 Certification is a tough to get through because the Accrediting organization has to come to your company to audit prior issuing provide the quality assurance.

I think your confusing the ISO 27001 certification for a company in which a certifying body comes in a performs an audit against ISO 27001 and then certifies the company. There are also 2 ISO 27001 "certifications" for individuals - ISO 27001 Lead Auditor and Lead Implementer. I believe you need come experience either implementing or auditing ISO 27001 for either of those.

CyberfiSecurity

SecMan3000 wrote: »

There are also 2 ISO 27001 "certifications" for individuals - ISO 27001 Lead Auditor and Lead Implementer. I believe you need come experience either implementing or auditing ISO 27001 for either of those.

Do you know which organization issue those certifications for individual? I was searching around Google.com, and found out the one for Company.

SecMan3000

CyberfiSecurity wrote: »

Do you know which organization issue those certifications for individual? I was searching around Google.com, and found out the one for Company.

Bsi does and I'm sure others as well.

EasyPeezy

There are several organisations offering the ISO27001:Lead Auditor exams for individuals... below are a few n the UK

Information Security Management Systems (ISMS) Auditor/Lead Auditor Training Course (BS ISO/IEC 27001:2013) | BSI Group
https://www.pecb.org/en/training/iso-27001-and-information-security/iso-27001-lead-auditor-training
ISO 27001 Auditor Training, Certification and Course | Firebrand Training

grt

Lot of certifying bodies does that, but it still depends on the region you look for. British standards institution, Det Norske Veritas and Bureau veritas are globally acclaimed certifying bodies for 27001.

MelanieWatson

As of 2013, there are 566 certificates throughout America and the standard is growing significantly in the North America region. Check out the ISO Survey 2013 for more details The ISO Survey

ISO27001 is internationally recognized and demonstrates to your stakeholders that you take information security seriously. If you are interested, then I would recommend getting yourself a copy of the standard which sets out the requirements for your information security management system: ISO/IEC 27001 2013 (ISO27001 ISO 27001) ISMS Requirements

P.S. If you decide to get your ISMS certified to ISO27001, please make sure you get it done by a certification body that has been accredited by ANAB , otherwise it will not be legitimate!