manu27001 wrote: » ISO 27001 LA ( lTo earn ISO 27001 in depth )
manu27001 wrote: » A good career in Information Security has been a dream for many. Currently the Info Sec area is pretty wide and you have to smartly choose your career path in order to make yourself special and valuable in front of potential employers. I have seen roles like, 1. Security Administrator 2. Security Professional 3. Security Manager 4. Wireless Security Professional 5. Ethical Hacking Specialist 6. Cisco Security Professional 7. Security Auditor 8. Forensic Investigator 9. Penetration Tester and many more .. I think, Since each of the above roles require different mix of skills, everyone should wisely choose the certification path they require for their dream job. For me, Since 2000, I am a MCSE, MCDBA, CCNA and has been working as Network Engineer / Manager . Last year I took ITIL certification and now my plan is to concentrate on Info Sec field. I have written CISSP exam , waiting for the result and next I will be doing ISO 27001 LA ( lTo earn ISO 27001 in depth ) CHFI ( I like this) CEH ( To polish my skills ) and then CISM ( Be the Manager ) Keatron , JD , do you think this is a smart move? Your advise will be really helpful. Thanks, Manu
eMeS wrote: » Question: What is ISO 27001 LA? MS
coffeeking wrote: » ISO 27001 is the framework for Information Security best practices; and LA is the lead auditor. ISO 27001 is not an individual certification but something a department or a company as a whole would adopt as their framework and then the LA would go in and audit them against that framework. An LA is ideally a consultant working for a risk and governance services company. There is another role of Lead Implementer (LI); and there is training available for it, this would be the guy in your department if you were to adapt the standard. This guy would design, modify and create procedures, policies and processes that would reflect this standard in a given department of organization. ISO 27001 used be ISO 17799. I can give you more information on it since we have adopted this standard over the period of last year and are currently waiting to be audited and get the certification.
eMeS wrote: » Thanks, but I think my question must not have been clear. I know what the ISO org certs are and what a lead auditor is. What I don't know is where is an official lead auditor certification being offered for individuals. What I was hoping for was a link to the certification program for it, as the only ISO 27K individual certs that I am aware of are the ones currently offered by Exin. Is the lead auditor simply just a training class that training companies put on on their own, or is there some official ISO/IEC backed credential similar to some of the other individual credentials that can be eanred around various ISO certs (e.g., ISO/IEC 20000 Consultant). MS
coffeeking wrote: » My bad, I must have misunderstood it.
coffeeking wrote: » Well, manu27001 has already provided the link for you. I haven't been on the training myself but my colleagues went for it and if I am not mistaken they must gone with BSI. I can confirm that if you like.
eMeS wrote: » BTW, I'm very likely coming to your part of the world soon....perhaps we can get together for some, um, coffee? MS
coffeeking wrote: » Sweet deal...what are you coming for? I am guessing to deliver training courses. But, sure just PM me whenever you are about to be here and I would love to get together, and sure we can have some Coffee. I am out for next couple of weeks; annual leave, but I am assuming that you wouldn't heading down here until after Christmas.
eMeS wrote: » Coming to do an ITIL gap analysis. Details and timing aren't clear yet. I'm willing to do it over Christmas, but it remains to be seen the exact date that the customer wants it. It's likely to occur in January. MS
