Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
(ISC)²
SSCP
Cisa vs cissp
netstat
I need to clear a doubt. Is it just me or else CISA and CISSP contain some conflicting material?
After spending the last 10 months studying CISSP, i now turned to CISA and since the books haven't arrived yet i purchased the CISA exam questions database to see where i stand. I noticed some questions are similar to the CISSP but the reasoning required is completely off from the CISSP's frame of mind. I am trying to think like an auditor but some questions and associated answers to me really do not make sense.
Honestly, i am thinking of stopping with CISA as i am getting frustrated and starting to dislike it. I prefer the CISSP mentality and i don't feel comfortable adopting the CISA mentality instead .. at least for now.
Anyone feels the same?
Find more posts tagged with
Comments
JDMurray
The CISA is for Information Assurance auditors. Do you do information systems auditing work? If not, you don't need CISA.
netstat
At the moment not really. Although i have to admit i wouldn't mind being involved in auditing eventually. Hence my interest.
Another question comes to mind - when vacancies place CISSP and CISA next to each other as a requirement (i see it very often), is it actually the case that both certs are required or that they just don't know what is the difference between them? Let us take the case of a Information Security Officer/Analyst.
TeKniques
The CISA is a narrowed scope of the Information System audit process. Therefore, you'll see some related material covered on the exam that is in the CISSP, but it will be more focused on IS audit. If you do not have any previous audit experience the concepts will be a little bit more difficult to grasp as it's challenging for most people with a heavy technical background to adjust to more of a "business strategy and objectives" mindset.
In my opinion a CISO would need to know a lot of the material in both the CISSP and CISA domains to be effective at their job as a leader focused on overall IT security strategy. An Analyst would benefit from the material as knowing what to look for, but would need more a technical background from a hands on approach (scripting comes to mind).
netstat
Thanks for your feedback people. What Tekniques said makes sense and i haven't given up. As soon as JD mentioned "Information Assurance" something seems to have clicked in my head. Maybe this was the key that i needed to make me see things from a different perspective.
cheers
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
