Security+ or Information Security Foundation based on ISO/IEC

laptoplaptop Member Posts: 214
Which one is more valuable?

CompTIA SECURITY +

OR

Information Security Foundation based on ISO/IEC 27002

Comments

  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,746 ■■■■■■■■■■
    laptop wrote: »
    Which one is more valuable?

    CompTIA SECURITY +

    OR

    Information Security Foundation based on ISO/IEC 27002

    Security+
  • SlowhandSlowhand MCSE: Cloud Platform and Infrastructure / Core Infrastructure, MCSA: Windows Server 2003/2012/2016 Bay Area, CaliforniaMod Posts: 5,161 Mod
    Security+, mainly because it's well-recognized and several organizations require it for their security-related positions. From what I've heard, the Security+ curriculum is also a little bit more comprehensive than Information Security Foundation, but I can't confirm that.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • laptoplaptop Member Posts: 214
    Thanks.
    I will focus on the CompTIA Security+ sometime this upcoming year 2010.
  • eMeSeMeS Member Posts: 1,875
    I'll disagree with you guys on this one...

    Security+ is a good general-purpose certification.

    Information Security Foundation based on ISO/IEC 27002 is valuable in ISO-centric organizations. This is targeted toward people who will in some way be involved in helping an organization achieve or maintain an ISO/IEC 2700* certification.

    I'd also argue that people that can help organizations and maintain ISO certifications probably earn a bit more than the average Security+ holder....if that's what's meant by "valuable".

    Really these certifications are two completely different things. Comparing them is not at all a matter of comparing two like things. Security+ certifies against general and baseline information security knowledge, whereas the ISO/IEC 27002 certifications certify against one's knowledge of the ISO/IEC 2700* standards and codes of practice.

    MS
  • NinjaBoyNinjaBoy Member Posts: 968
    I would say do both. You are comparing two different security certifications that are aimed at different things.

    It's like comparing ITIL/FITS to ISO/IEC 20000 Foundation, Security+ is one of the things you will use to gain/maintain ISO/IEC 27002 for the organisation.

    -Ken
  • DarrilDarril Member Posts: 1,588
    eMes gives good info on the Information Security Foundation cert.

    Similarly, a Department of Defense directive (8570.1) mandates the Security+ certification for Department of Defense employees and contractors. This blog talks about it a little more:
    Security Plus: Get Certified Get Ahead: DoD 8570.1 and Security+

    I couldn't locate any numbers on the Information Security Foundation cert but CompTIA has stated that over 50,000 people have become Security+ certified.

    Good luck.

    Darril Gibson
    Author: CompTIA Security+: Get Certified Get Ahead
    ISBN-10: 1439236364

    Security+ Tip of day Tweets
  • eMeSeMeS Member Posts: 1,875
    Darril wrote: »
    I couldn't locate any numbers on the Information Security Foundation cert but CompTIA has stated that over 50,000 people have become Security+ certified.

    Exin doesn't release these numbers publicly.

    Here's the main page on their ISO/IEC 27000 individual certifications:

    ISO/IEC 27000 - EXIN Exams

    Also, might be fair to point out that they're adding an "Expert" level in 2010....

    MS
Sign In or Register to comment.