COBIT foundation

Hey all,

In various InfoSec job (at policy level more than technical level) offers, I see often reference to COBIT.

I googled and found the "COBIT foundation certification".

I understood that this certification is like the first step in Cobit. It prooves that you have an overview of COBIT without being an expert.

Am I right ?

It does not seem to be too hard (1 hour exam and 40 questions) and too expensive.

Any feedback appreciated
Thanks

Find more posts tagged with

Comments

dynamik

Ew, it's an online exam, but you have to get your own proctor? That's odd.

Have you looked for it on the job boards at all? That's the first time I've seen it.

I personally don't think it has a great deal of value; you'd be better off with the CISA. However, if you lack the experience and are just trying to get something ISACA/COBIT related on your resume, I guess it might be worth pursuing.

sexion8

EvilAngel wrote: »

Hey all,
I understood that this certification is like the first step in Cobit. It prooves that you have an overview of COBIT without being an expert.

Am I right ?

It does not seem to be too hard (1 hour exam and 40 questions) and too expensive.
Thanks

Cobit is nothing more than an IT governance slash security framework written by ISACA which is almost 80% of the content you'll find on both the CISA and CISM exams. (COBIT - IT Governance Framework - Information Assurance Control | ISACA) I'm not sure that being "Cobit certified" will help you go anywhere since it will only show you've read about the framework and were able to answer some questions.

If I were you, I would determine what it is you want to do and go from there. If you go the CoBIT and or ITIL route, you're sure to land a non-technical role which will be more geared towards developing and or double checking policies and procedures. As for certifying based on CoBIT, it's rather something new to me as ISACA has no "CoBIT certification" of their own so I would be skeptical at the value of whatever you found.

The current ISACA (who developed CoBIT) certifications are, CISM, CISA, CGEIT and CRISC (IT Certification - Audit - Security - Governance - Risk | ISACA) There is no mention of anything "CoBIT" certified. Anyhow, I say, define what your ultimate goal is (management, technical), create a plan and go from there. This is NOT to say whatever you found is bad/wrong/horrible, its solely to say... "Since you want to focus on CoBIT, aim high... Go to the source. Do you want to be a security manager... CISM. Auditor... CISA...Want to be responsible for the entire kit and kaboodle... CGEIT... Risk whet your appetite... CRISC"

dynamik

I think he's referring to this: CobiT Foundation Course, CobiT Exam, ISACA Training, CobiT For Sarbanes-Oxley, ISO 20000 Trainings, ITIL Foundation Course (that actually took more time than I would like to admit to find).

You only need 28/40 questions to pass, and it's online and "proctored." Like you said, they don't even bother putting it up there with the CISA, CISM, etc. It really doesn't stand out as being worthwhile IMHO.

EvilAngel

Thanks for point of view.

In addition, as you mentionned, you need a proctor. I found a "proctor certified" center close. But of course they take extra fees.
Make it expensive if not paid by a company...