5 Best information security management certifications

Infosec_SamInfosec_Sam CCENT, ITIL Foundation, A+Madison, WIPosts: 199Admin Admin
For anyone looking into the CISSP, here's an article that talks a bit about some other certifications in the same space, and what each of them are best for. Clearly, the CISSP is at the top of the list, as it's widely considered the most in-demand ISM cert. The other certs that were mentioned on this list were:
  • CISSP-ISSMP
  • CISM
  • CISA
  • CCISO
Do you agree with this list, or do you think there are others that better fit the role of Information Security Manager?

Full article here
Community Manager at Infosec!
Who we are | What we do

Comments

  • dinger68dinger68 Posts: 13Registered Users ■■■□□□□□□□
     I personally don't think that CISA should be on the list for a Security Manager.  I also feel that the CCISO is not that difficult to get and doesn't fully represent the skills or knowledge needed to be a CISO.  Again, just my opinion.
  • ClmClm CISSP | CCSK | AWS x 4 | ITIL | Network+ | + More Posts: 436Member ■■■■□□□□□□
    For anyone looking into the CISSP, here's an article that talks a bit about some other certifications in the same space, and what each of them are best for. Clearly, the CISSP is at the top of the list, as it's widely considered the most in-demand ISM cert. The other certs that were mentioned on this list were:
    • CISSP-ISSMP
    • CISM
    • CISA
    • CCISO
    Do you agree with this list, or do you think there are others that better fit the role of Information Security Manager?

    Full article here
    Sam what is your background in Infosec?
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig


  • Infosec_SamInfosec_Sam CCENT, ITIL Foundation, A+ Madison, WIPosts: 199Admin Admin
    dinger68 said:
     I personally don't think that CISA should be on the list for a Security Manager.  I also feel that the CCISO is not that difficult to get and doesn't fully represent the skills or knowledge needed to be a CISO.  Again, just my opinion.
    To be honest with you, I had never even heard of the CCISO before reading this article - I guess now I know why! Do you think it just doesn't cover anything better than the CISSP or CISA?
    Community Manager at Infosec!
    Who we are | What we do
  • Infosec_SamInfosec_Sam CCENT, ITIL Foundation, A+ Madison, WIPosts: 199Admin Admin
    Clm said:
    Sam what is your background in Infosec?
    Thanks for asking! I have 5 years of IT experience, about 1.5 of which are in security. Now, I'm in more of a marketing role as the community manager for Infosec. Along with my work experience, I have an AS degree in Network Security, as well as a couple of entry-level certs. I'm hoping to collect a couple more certs in the next few years here as well. Suffice to say, there are plenty of members here who are much smarter than I am!
    Community Manager at Infosec!
    Who we are | What we do
  • PC509PC509 CISSP, CEH, CCNA: Security/CyberOps, Sec+, CHFI, A+, Proj+, Server+, MCITP Win7, Vista, MCP Server 2 Oregon, USPosts: 754Member ■■■■■□□□□□
    dinger68 said:
     I also feel that the CCISO is not that difficult to get and doesn't fully represent the skills or knowledge needed to be a CISO.  Again, just my opinion.
    That's how I feel about most of EC|Council's certifications. The ones I've taken have been pretty easy and definitely not representative of their relative roles (CEH, CHFI). Good foundations, but I feel they could be much more in depth and more difficult to be where someone could claim those titles. 
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,258Admin Admin
    edited May 16
    This list should be amended to include the GIAC management certs GSLC and GSTRT.

    There are also SANS management training classes with no corresponding GIAC cert, such as MGT535: Incident Response Team Management.

    And yes, there are very few certs designed specifically for information security managers (of people), such as myself. 
  • cyberguyprcyberguypr Senior Member Posts: 6,721Mod Mod
    I think your local flavor of CIPP should be in this list, especialyl if you are in healthcare, finance, or .edu sectors.
  • Infosec_SamInfosec_Sam CCENT, ITIL Foundation, A+ Madison, WIPosts: 199Admin Admin
    I think your local flavor of CIPP should be in this list, especialyl if you are in healthcare, finance, or .edu sectors.
    I've seen some discussion about the CIPP recently, but I'm not exactly sure which type of role it would be best for. I see some mention about compliance specialists benefiting from it, as well as product/security managers. I guess my question is: What does the CIPP do better than some of the other certs on that list?
    Community Manager at Infosec!
    Who we are | What we do
  • paul78paul78 Posts: 2,987Member ■■■■■■■■■■
    I've seen some discussion about the CIPP recently, but I'm not exactly sure which type of role it would be best for. I see some mention about compliance specialists benefiting from it, as well as product/security managers. I guess my question is: What does the CIPP do better than some of the other certs on that list?
    CIPP is targeted at privacy professionals - not necessarily security professionals. However, it's often useful for a security professional that secures data for privacy reasons to understand the various privacy mandates and obligations.

    In the US, privacy is not considered a right like in many other countries (except for maybe in California) and privacy in the US tends to be sectorial in nature and geared towards financial loss. For security managers, it's actually useful to understand the intersection of privacy and security - and where certain topics overlap.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,258Admin Admin
    Realize that there are managers of people, managers of devices, and managers of information. Think of which category a "management" cert fits. Managers of people (like me) are not necessarily interested in certs of the other management types.
  • paul78paul78 Posts: 2,987Member ■■■■■■■■■■
    JDMurray said:
    Managers of people (like me) are not necessarily interested in certs of the other management types.
    That's actually a super good point - I actually didn't have any certs for the first 2 decades of my career. I only got them because I was curious about them.

    @Infosec_Sam ; - I probably should have mentioned re:CIPP - that I learned about that certification from lawyers that I work with. The IAPP was started by a lawyer and I believe that it originally targeted lawyers - at least when I first learned of it, the only people that I knew that had a CIPP were lawyers.
  • Infosec_SamInfosec_Sam CCENT, ITIL Foundation, A+ Madison, WIPosts: 199Admin Admin
    @paul78 @JDMurray Thank you both - that's some really great insight!
    Community Manager at Infosec!
    Who we are | What we do
  • UnixGuyUnixGuy Are we having fun yet? Posts: 3,916Mod Mod
    In consulting, CISA is considered an entry level cert for junior consultants...
    CISSP/CISM are more aligned with InfoSec management positions
    Goal: MBA, March 2020
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,258Admin Admin
    I just found out the SANS MGT517 and MGT535 courses have been discontinued. Details on blog at https://montance.blogspot.com
Sign In or Register to comment.