5 Best information security management certifications

Infosec_SamInfosec_Sam Admin Posts: 527 Admin
For anyone looking into the CISSP, here's an article that talks a bit about some other certifications in the same space, and what each of them are best for. Clearly, the CISSP is at the top of the list, as it's widely considered the most in-demand ISM cert. The other certs that were mentioned on this list were:
  • CISSP-ISSMP
  • CISM
  • CISA
  • CCISO
Do you agree with this list, or do you think there are others that better fit the role of Information Security Manager?

Full article here
Community Manager at Infosec!
Who we are | What we do

Comments

  • dinger68dinger68 Registered Users Posts: 19 ■■■□□□□□□□
     I personally don't think that CISA should be on the list for a Security Manager.  I also feel that the CCISO is not that difficult to get and doesn't fully represent the skills or knowledge needed to be a CISO.  Again, just my opinion.
  • ClmClm Member Posts: 444 ■■■■□□□□□□
    For anyone looking into the CISSP, here's an article that talks a bit about some other certifications in the same space, and what each of them are best for. Clearly, the CISSP is at the top of the list, as it's widely considered the most in-demand ISM cert. The other certs that were mentioned on this list were:
    • CISSP-ISSMP
    • CISM
    • CISA
    • CCISO
    Do you agree with this list, or do you think there are others that better fit the role of Information Security Manager?

    Full article here
    Sam what is your background in Infosec?
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

  • Infosec_SamInfosec_Sam Admin Posts: 527 Admin
    dinger68 said:
     I personally don't think that CISA should be on the list for a Security Manager.  I also feel that the CCISO is not that difficult to get and doesn't fully represent the skills or knowledge needed to be a CISO.  Again, just my opinion.
    To be honest with you, I had never even heard of the CCISO before reading this article - I guess now I know why! Do you think it just doesn't cover anything better than the CISSP or CISA?
    Community Manager at Infosec!
    Who we are | What we do
  • Infosec_SamInfosec_Sam Admin Posts: 527 Admin
    Clm said:
    Sam what is your background in Infosec?
    Thanks for asking! I have 5 years of IT experience, about 1.5 of which are in security. Now, I'm in more of a marketing role as the community manager for Infosec. Along with my work experience, I have an AS degree in Network Security, as well as a couple of entry-level certs. I'm hoping to collect a couple more certs in the next few years here as well. Suffice to say, there are plenty of members here who are much smarter than I am!
    Community Manager at Infosec!
    Who we are | What we do
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    dinger68 said:
     I also feel that the CCISO is not that difficult to get and doesn't fully represent the skills or knowledge needed to be a CISO.  Again, just my opinion.
    That's how I feel about most of EC|Council's certifications. The ones I've taken have been pretty easy and definitely not representative of their relative roles (CEH, CHFI). Good foundations, but I feel they could be much more in depth and more difficult to be where someone could claim those titles. 
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    edited May 2019
    This list should be amended to include the GIAC management certs GSLC and GSTRT.

    There are also SANS management training classes with no corresponding GIAC cert, such as MGT535: Incident Response Team Management.

    And yes, there are very few certs designed specifically for information security managers (of people), such as myself. 
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I think your local flavor of CIPP should be in this list, especialyl if you are in healthcare, finance, or .edu sectors.
  • Infosec_SamInfosec_Sam Admin Posts: 527 Admin
    I think your local flavor of CIPP should be in this list, especialyl if you are in healthcare, finance, or .edu sectors.
    I've seen some discussion about the CIPP recently, but I'm not exactly sure which type of role it would be best for. I see some mention about compliance specialists benefiting from it, as well as product/security managers. I guess my question is: What does the CIPP do better than some of the other certs on that list?
    Community Manager at Infosec!
    Who we are | What we do
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    I've seen some discussion about the CIPP recently, but I'm not exactly sure which type of role it would be best for. I see some mention about compliance specialists benefiting from it, as well as product/security managers. I guess my question is: What does the CIPP do better than some of the other certs on that list?
    CIPP is targeted at privacy professionals - not necessarily security professionals. However, it's often useful for a security professional that secures data for privacy reasons to understand the various privacy mandates and obligations.

    In the US, privacy is not considered a right like in many other countries (except for maybe in California) and privacy in the US tends to be sectorial in nature and geared towards financial loss. For security managers, it's actually useful to understand the intersection of privacy and security - and where certain topics overlap.
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    Realize that there are managers of people, managers of devices, and managers of information. Think of which category a "management" cert fits. Managers of people (like me) are not necessarily interested in certs of the other management types.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    JDMurray said:
    Managers of people (like me) are not necessarily interested in certs of the other management types.
    That's actually a super good point - I actually didn't have any certs for the first 2 decades of my career. I only got them because I was curious about them.

    @Infosec_Sam - I probably should have mentioned re:CIPP - that I learned about that certification from lawyers that I work with. The IAPP was started by a lawyer and I believe that it originally targeted lawyers - at least when I first learned of it, the only people that I knew that had a CIPP were lawyers.
  • Infosec_SamInfosec_Sam Admin Posts: 527 Admin
    @paul78 @JDMurray Thank you both - that's some really great insight!
    Community Manager at Infosec!
    Who we are | What we do
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    In consulting, CISA is considered an entry level cert for junior consultants...
    CISSP/CISM are more aligned with InfoSec management positions
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    I just found out the SANS MGT517 and MGT535 courses have been discontinued. Details on blog at https://montance.blogspot.com
  • isc2cisspbouncrisc2cisspbouncr Member Posts: 12 ■■■□□□□□□□
    dinger68 said:
     I personally don't think that CISA should be on the list for a Security Manager.  I also feel that the CCISO is not that difficult to get and doesn't fully represent the skills or knowledge needed to be a CISO.  Again, just my opinion.
    Agree that CISA should be for auditors.  I know a few CISA folks and they keep going: You should do this and you should do that........... Drove me nuts as I'm a very operations Do this and do that type of person.

    ITIL | PMP | Security+ | CISM | CISSP (Endorsing)
  • isc2cisspbouncrisc2cisspbouncr Member Posts: 12 ■■■□□□□□□□
    I think your local flavor of CIPP should be in this list, especialyl if you are in healthcare, finance, or .edu sectors.
    I'm thinking about going for CIPP GDPR even though I'm not in the EU.  It's so easy to bleed through... users from the EU are a dime a dozen.  These GDPR people are not fooling around.........
    ITIL | PMP | Security+ | CISM | CISSP (Endorsing)
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    GDPR is a serious thing for any organization that does business with EU customers. The fines for violations are very large and very real. We'll see how France does collecting its GDPR fine of Google.

    CIPP/E Certification
  • isc2cisspbouncrisc2cisspbouncr Member Posts: 12 ■■■□□□□□□□
    JDMurray said:
    GDPR is a serious thing for any organization that does business with EU customers. The fines for violations are very large and very real. We'll see how France does collecting its GDPR fine of Google.

    CIPP/E Certification
    Yes, I'm watching the French vs Google case closely too $$$$$$$$$$$
    ITIL | PMP | Security+ | CISM | CISSP (Endorsing)
Sign In or Register to comment.