I haven't taken CISA (yet) but GCCC was good, I enjoyed it. Thought it covered a bit on auditing. I am going to assume it's a bit more technical than CISA though.
I haven't taken CISA (yet) but GCCC was good, I enjoyed it. Thought it covered a bit on auditing. I am going to assume it's a bit more technical than CISA though.
Holy crap. Can't believe I didn't see this reply. Thank you for taking the time to reply. What did you think of the class?
I have done GCCC and looking at CISA material and sample questions, GCCC seems much simpler and technical security related only. CISA is much wider subject. i think GCCC can help, but not much.
CISA goes into auditing from perspective of business processes/strategy/governance/technology/risk etc etc and covers a lot of core audit ground (methodology, sampling, testing controls, deviances from baseline etc etc).
GCCC - covers specifically security controls of SANS top 20 - testing, finding gaps etc - this is limited to this world where as the CISA covers a much broader spectrum.
In industry CISA rules in the auditing world - GCCC is a nice one to have for knowledge if anything so you can apply such knowledge in your audits but its not a deal breaker if you get me.
Dont need GCCC prior to CISA - but would be nice to have just so you can drill down deeper into those security controls when you perform your audits.
Comments
Holy crap. Can't believe I didn't see this reply. Thank you for taking the time to reply. What did you think of the class?
GCCC - covers specifically security controls of SANS top 20 - testing, finding gaps etc - this is limited to this world where as the CISA covers a much broader spectrum.
In industry CISA rules in the auditing world - GCCC is a nice one to have for knowledge if anything so you can apply such knowledge in your audits but its not a deal breaker if you get me.
Dont need GCCC prior to CISA - but would be nice to have just so you can drill down deeper into those security controls when you perform your audits.