Just being aware of all the headlines is enough to realize that new threats and vulnerabilities in the field of information security are constantly emerging. As a result, it is essential for a company to be able to rely as much on the preparation of their security professionals as it is their IT governance strategy.
That means there is just one question – what is the best way for both professionals to obtain the adequate training (which makes them more employable), and for businesses to do the same with protocols and security procedures (demonstrating a sense of security to their customers)?
The correct solutions would be the security certifications which allow for a combinations of minimal requirements, a standardized language, and a common, professional code of ethics.
If we as both professionals and leaders within an organization decide to take up a course in IT security management, it is recommended that we opt for certifications given by international and independent organizations.
With this in mind, here are some of the most relevant certifications available:
CISA / CISM
CISA and CISM are the two main accreditations issued by ISACA (Information Systems Audit and Control Association), an international association that has been sponsoring certificates and methodologies since 1967, and is currently made up of more than 95,000 members.
CISA (Certified Information Systems Manager) is newer than CISA, and offers accreditation in the knowledge and experience of IT security management.
What defines CISM are the basic standards of competence and professional development that an IT security director should possess in order to lead or design an IT security program.
The Certified Information Systems Security Professional (CISSP) awarded by the ISC is one of the most valued certificates in the sector. Organizations such as the NSA or the United States Department of Defense use it as a reference.
The certificate is also known as being “a mile wide and an inch deep”—indicating the wide breadth of knowledge (a mile wide) that the exam covers and that many questions don’t go into nitty-gritty details of the concepts (only an inch deep).
COBIT 5 (the latest version tested) is defined as being a reference point used by governments and for IT management in businesses. It is managed by the ISACA in conjunction with the IT Governance Institute.
COBIT is deigned to adapt itself to businesses of all sizes (including SMEs), different business models, and corporate cultures. Its standards are applied to fields such as information security, risk management, or decision making regards cloud computing.
ITIL (IT Infrastructure Library) can be described as a reference of good practice and recommendations for the administration of IT services, with a focus on the administration of processes. The entity that manages this certificate is the OGC (Office of Government Commerce) in the UK.
While COBITS works on the management and standardization of the organization, ITIL centers itself on the processes – COBIT defines the what, and ITIL the how.
ISO / ISEC 27000
The standard that is published by the ISO (International Organization for Standardization) and by the IEC (International Electro-technical Commission) to act as a reference point for a group of standards that provide a framework of IT security management to be used by any type of organization (be they non-profit, public or private, big or small).
As opposed to the other certificates which are aimed at individuals, this one is directed more towards businesses.