Cisa vs cissp

netstatnetstat Member Posts: 65 ■■□□□□□□□□
I need to clear a doubt. Is it just me or else CISA and CISSP contain some conflicting material?

After spending the last 10 months studying CISSP, i now turned to CISA and since the books haven't arrived yet i purchased the CISA exam questions database to see where i stand. I noticed some questions are similar to the CISSP but the reasoning required is completely off from the CISSP's frame of mind. I am trying to think like an auditor but some questions and associated answers to me really do not make sense.

Honestly, i am thinking of stopping with CISA as i am getting frustrated and starting to dislike it. I prefer the CISSP mentality and i don't feel comfortable adopting the CISA mentality instead .. at least for now.

Anyone feels the same?

Comments

  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    The CISA is for Information Assurance auditors. Do you do information systems auditing work? If not, you don't need CISA.
  • netstatnetstat Member Posts: 65 ■■□□□□□□□□
    At the moment not really. Although i have to admit i wouldn't mind being involved in auditing eventually. Hence my interest.

    Another question comes to mind - when vacancies place CISSP and CISA next to each other as a requirement (i see it very often), is it actually the case that both certs are required or that they just don't know what is the difference between them? Let us take the case of a Information Security Officer/Analyst.
  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    The CISA is a narrowed scope of the Information System audit process. Therefore, you'll see some related material covered on the exam that is in the CISSP, but it will be more focused on IS audit. If you do not have any previous audit experience the concepts will be a little bit more difficult to grasp as it's challenging for most people with a heavy technical background to adjust to more of a "business strategy and objectives" mindset.

    In my opinion a CISO would need to know a lot of the material in both the CISSP and CISA domains to be effective at their job as a leader focused on overall IT security strategy. An Analyst would benefit from the material as knowing what to look for, but would need more a technical background from a hands on approach (scripting comes to mind).
  • netstatnetstat Member Posts: 65 ■■□□□□□□□□
    Thanks for your feedback people. What Tekniques said makes sense and i haven't given up. As soon as JD mentioned "Information Assurance" something seems to have clicked in my head. Maybe this was the key that i needed to make me see things from a different perspective.

    cheers
Sign In or Register to comment.