COBIT knowledge

EvilAngelEvilAngel Member Posts: 18 ■□□□□□□□□□
Hey all,

I am browsing various job offers in Information Security in the bank/finance area.

Most of them ask to know the COBIT standard.

Which certification would provide a proof of knowledge of COBIT standard?

I thought a certification from ISACA like CISA or CISM.

What do you think?



  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    Any general high level security cert will help. Actually working with the COBIT framework in the workplace is what matters the most.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    CISA would probably be the most apt out of those two, but even that doesn't really go in-depth with it.
  • EvilAngelEvilAngel Member Posts: 18 ■□□□□□□□□□
    @ dynamik

    Do you see a certification that would be better to illustrate COBIT knowledge? Thanks
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Nope. There's that one you found in your other thread, but I personally wouldn't bother with that. CISA will be the closest.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I think that rather than getting a cert in a framework such as COBIT, you should more strive to actually understand the information contained in the framework. Study it, digest it, and try to apply it to scenarios in your personal life or previous work experience.

    Generally for auditing, certs mean far less than experience. This is good for someone with neither, as it means you can study the hell out of the framework and express knowledge in that area in an interview. Besides, while COBIT may be mentioned on the requirements for job postings, its usually only a full requirement for auditors or technology managers.
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
  • BeginCOBITBeginCOBIT Banned Posts: 6 ■□□□□□□□□□
    The main certification to "prove" COBIT knowledge is the COBIT 4.1 Foundation Examination, which is a basic-level certification. ISACA has some higher-lever certifications which can only be obtained by passing long exams (couple of hours) containing hundreds of questions and by having proof of relevant work experience. The certification that most closely uses COBIT is the Certified in the Governance of Enterprise IT (CGEIT) qualification. If you plan to get the CGEIT qualification it would be a good idea to first pass the COBIT 4.1 Foundation Examination, it is not required but it is a good first step towards understanding IT governance which is at the heart of the CGEIT qualification. The proof of work experience for CGEIT requires upto 5 years of documented proof in areas relevant to the CGEIT qualification.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    And just to expand a little on what @BeginCOBIT said - COBIT isn't really a framework for Information Security. It's really a governance framework. The newer version of COBIT shows some promose. For me, v5 seems to do a better job of tie-ing in Risk Management and Project Management disciplines. If you are seeing a jobs in Information Security in US companies which desire COBIT knowledge, most likely those are roles which are more related to governance - a cert like CGEIT or CISM will tend to be more applicable.
Sign In or Register to comment.