ISO 27002 Foundations of Information Security

N2IT

Has anyone sat for this exam? I am currently reading a book from Van Haren preparing for this exam. I really wanted to security plus, but I had purchase this book and have really found the material interesting. It is hard for me to put this book down sometimes.

I am not sure if getting S+ along with this would be worth it at this time. Any one care to elaborate on the 2 if at all possible?

I do like ISO 27002 because it interfaces with the ISO 20000 and ITIL frameworks.

eMeS

I'm planning to do this one and the advanced one, but just haven't gotten around to it....maybe in a couple of weeks.

I get them 1/2 off through Exin, and I only get 2 at that price per year, so I need to act soon to get them done this year.

I would say if anything S+ is going to have much more market recognition than either of the ISO27k exams. Having the ISO27k stuff would be something that qualifies your for a company looking specifically for that knowledge, whereas S+ testifies to more general knowledge of security.

MS

N2IT

eMeS wrote: »

I'm planning to do this one and the advanced one, but just haven't gotten around to it....maybe in a couple of weeks.

I get them 1/2 off through Exin, and I only get 2 at that price per year, so I need to act soon to get them done this year.

I would say if anything S+ is going to have much more market recognition than either of the ISO27k exams. Having the ISO27k stuff would be something that qualifies your for a company looking specifically for that knowledge, whereas S+ testifies to more general knowledge of security.

MS

MS the foundational book from Van haren has been a very nice read. It goes through a lot of the security processes which address and refer back to the ISO 20000 International framework. You can really see the interface of processes and ownership. You should be able to pick this up in no time.

I am already 2/3 through the book. I banged out over 80 pages last night and that is with highlighting and taking internal notes in the book.

I'll keep you posted on the results.

**** Side note ****

I probably have more IT management framework and process knowledge than most IT managers and I work in a helpdesk. LMAO Pathetic!

eMeS

N2IT wrote: »

I probably have more IT management framework and process knowledge than most IT managers and I work in a helpdesk. LMAO Pathetic!

I agree...you suck.

Based on my experience with the ISO 20k exam from several years ago, which was the absolute hardest exam I've ever done, I would focus 100% of my time reading the actual release from ISO/IEC, in this case exclusively 27002.

MS

N2IT

eMeS wrote: »

I agree...you suck.

Based on my experience with the ISO 20k exam from several years ago, which was the absolute hardest exam I've ever done, I would focus 100% of my time reading the actual release from ISO/IEC, in this case exclusively 27002.

MS

Well not saying the ISO 20000 foundation exam was harder than the consultant exam, but it was no picnic. It was way harder than the ITIL V3 exam. Not harder than the OSA though.

By the way I do suck you don't have to tell me. I am very sensitive about my help desk status lol

I think if I am stuck in the help desk for another year I am going to get my PHD so I can answer the phones Dr Wheeler.

eMeS

N2IT wrote: »

Well not saying the ISO 20000 foundation exam was harder than the consultant exam, but it was no picnic. It was way harder than the ITIL V3 exam. Not harder than the OSA though.

By the way I do suck you don't have to tell me. I am very sensitive about my help desk status lol

Oh, I just meant that you suck in general. I don't think that you work on a help desk makes you suck; in fact, it's likely the other way around. You working on a help desk makes all help desks suck. You suck like a Dyson, or a prominent member's mother.

I'm not sure about the Exin ISO 20k exams, because that's not the one that I took. They really broke those down into so many things that you have to take around 9 tests to get them all...personally I don't feel like ISO 20k needs that much of a break down in terms of credentials. I suspect that the Exin version of ISO 27k consultant/expert (whatever it is at the moment) will be easier than the ISO 20k consultant exam that I took, but definitely challenging.

MS

N2IT

eMeS wrote: »

Oh, I just meant that you suck in general. I don't think that you work on a help desk makes you suck; in fact, it's likely the other way around. You working on a help desk makes all help desks suck. You suck like a Dyson, or a prominent member's mother.

I'm not sure about the Exin ISO 20k exams, because that's not the one that I took. They really broke those down into so many things that you have to take around 9 tests to get them all...personally I don't feel like ISO 20k needs that much of a break down in terms of credentials. I suspect that the Exin version of ISO 27k consultant/expert (whatever it is at the moment) will be easier than the ISO 20k consultant exam that I took, but definitely challenging.

MS

The two that interest me are the management and improvement which I think would be like the CSI and the support of it services which would be like the OSA I just sat for.

Agree?

eMeS

N2IT wrote: »

The two that interest me are the management and improvement which I think would be like the CSI and the support of it services which would be like the OSA I just sat for.

Agree?

Yeah, I think you're on target there. I know of only a couple of people who've bought into Exin's scheme with ISO 20k. The numbers that I have seen show that the overall uptake on those is very very low.

In other words, I think that the last thing that the market is asking more is more ITSM certifications. What the market really wants is people to deliver on some of the promises of ITSM in general. Certifications don't do that it seems.....

MS

N2IT

eMeS wrote: »

Yeah, I think you're on target there. I know of only a couple of people who've bought into Exin's scheme with ISO 20k. The numbers that I have seen show that the overall uptake on those is very very low.

In other words, I think that the last thing that the market is asking more is more ITSM certifications. What the market really wants is people to deliver on some of the promises of ITSM in general. Certifications don't do that it seems.....

MS

You are correct they sure don't but people in upper management spots who breezed through a foundational course don't seem to be the answer either.

BTW why you dogging on my Exin certs? I'm to lazy to look at other websites for certifications.

And another thing, when are you going to offer a ITIL / ISO class that I can actual take. I have funds coming in around December.

eMeS

N2IT wrote: »

You are correct they sure don't but people in upper management spots who breezed through a foundational course don't seem to be the answer either.

It could be worse; most of the upper management types I see don't do the full foundation course...usually the most they can sit through is a 1-day "Awareness" course...

Everyone thinks they are special....

MS

N2IT

eMeS wrote: »

It could be worse; most of the upper management types I see don't do the full foundation course...usually the most they can sit through is a 1-day "Awareness" course...

Everyone thinks they are special....

MS

That is so wrong.

Is that like going to a two day seminar and becoming Six Sigma Yellow Belt?

or wait that would be like a one day class and getting your White Belt. Would you even list that on a certification? Please tell me you have seen it. The entertainment value in that alone is worth 2000k

eMeS

N2IT wrote: »

That is so wrong.

Is that like going to a two day seminar and becoming Six Sigma Yellow Belt?

or wait that would be like a one day class and getting your White Belt. Would you even list that on a certification? Please tell me you have seen it. The entertainment value in that alone is worth 2000k

I've never seen white belt, but I have seen yellow belt. Green belt is just as pointless. Then again, most of the "degrees" that people list are at best questionable...

MS

N2IT

eMeS wrote: »

I've never seen white belt, but I have seen yellow belt. Green belt is just as pointless. Then again, most of the "degrees" that people list are at best questionable...

MS

Are you referring to non brick and morter?

You know I was interested in learning about Six Sigma. I was hoping to take some of the formulas and statistical methods and use it to analyze an IT environment. It seems now they have specialized ones that go into health care, IT and manufacturing.

eMeS

N2IT wrote: »

Are you referring to non brick and morter?

No, not specifically. There's plenty of B&M degrees that are as equally worthless as the most worthless online degrees. For me the modality is irrelevant (I took C programming in college on a BBS using a 9600 baud modem). What is relevant is the reputation of the school/program.

N2IT wrote: »

You know I was interested in learning about Six Sigma. I was hoping to take some of the formulas and statistical methods and use it to analyze an IT environment. It seems now they have specialized ones that go into health care, IT and manufacturing.

I think Six Sigma is sound in its techniques. However, the problem is that Six Sigma is very statistically/scientifically oriented, which business tends to only pay lip service to. Also, people have trouble grasping many of the advanced statistical techniques that are used, so it will never be something that everyone in an organization can understand.

The other thing that's really wrong with it is that there is no governance over the different certifications...

MS

N2IT

eMeS wrote: »

No, not specifically. There's plenty of B&M degrees that are as equally worthless as the most worthless online degrees. For me the modality is irrelevant (I took C programming in college on a BBS using a 9600 baud modem). What is relevant is the reputation of the school/program.



I think Six Sigma is sound in its techniques. However, the problem is that Six Sigma is very statistically/scientifically oriented, which business tends to only pay lip service to. Also, people have trouble grasping many of the advanced statistical techniques that are used, so it will never be something that everyone in an organization can understand.

The other thing that's really wrong with it is that there is no governance over the different certifications...

MS

I understand what you mean.

As far as my degree goes, I wish I would of majored in a computer science or development, but whats done is done. I am proud of the University however.

I do agree about the type of school you go to. I am eyeing up Washington University at the moment, top 10 business school in CONUS, and I know I have the drive and aptitude to get through it. However my wife is currently finishing up nursing school (less than 8 months) and is looking to push through into a nurse anesthetist program. My primary goal is to knock off the easy stuff now (Certs).

I joined in April and since then I have accomplished quite a bit, and a lot of thanks goes to you and the rest of the forum. This has truly been a God send.

My next goal is to cert up in all the certs I want and once she is done with her advance nursing school, which requires 2 years I will be ready to rock and roll. Ill be 37-38 which is a bit dated, but I will finally grab the skills and validation that I desire.