A little background may be useful.

The CISA is a more mature program, more than two decades old. It is skills based. In order to
determine what is included in the test, ISACA surveys system auditors to determine how they spend their
time. They then determine what skills are necessary to perform those activities and test for those
skills. This may account for the fact that some perceive it to be narrower, if deeper, than the
CISSP. While security is included, the CISA has IT rather than IT security as its scope.

The CISSP is the newer program, ten years old. The CISSP is (habitual) knowledge based. It tests to
see whether or not you share the professional knowledge of your colleagues. Thus, tends to be broader,
if shallower, than the CISA. However, the CISSP is more security specific than the CISA.

Afzal_Khan@acml.com wrote:

> Michael,
>
> You have answered your own question in the first part of your
> e-mail. I believe both the certifications are good - none is
> better than the other in general. One is better than the other
> depending on where you want to use. While CISA is generally
> preferred in the audit and control world, CISSP is better in the
> regular IT environment. At the same time, it's my personal
> opinion, CISSP tend to cover more grounds than CISA. Therefore,
> to answer your question of which one is desirable first, I would
> say CISSP first. However, please bear in mind that CISA is given
> only once a year and CISSP is offered multiple times (although at
> different locations). Therefore, you need to plan accordingly.
> Hope this helps.
>
> Afzal Khan, CISA
> Information Security
>
> |---------+--------------------------->
> | | Michael.Tang@i21|
> | | .com.hk |
> | | |
> | | 01/06/02 03:29 |
> | | PM |
> | | |
> |---------+--------------------------->
> >-----------------------------------------------------------------------------------------------|
> | |
> | To: cisspstudy@securityfocus.com |
> | cc: |
> | Subject: CISSP vs CISA |
> >-----------------------------------------------------------------------------------------------|
>
> Hi,
>
> If we want to find a well-know and globally recognized security
> certification or qualification, the answer should not out of
> CISSP or
> CISA. In fact, one is more on technical while the other is more
> on audit
> and control, when comparing with CISSP and CISA. But I would like
> to ask,
> - which one is more useful?
> - which one is more famous?
> - Which one should be better?
> - Which one should be target first, if we plan to obtain both
> certifications as one by one?
>
> Thanks,
> Michael
>
> ______________________________________________________________________
> The information contained in this transmission may contain
> privileged and confidential information and is intended only for
> the use of the person(s) name above. If you are not the intended
> recipient, or an employee or agent responsible for delivering
> this message to the intended recipient, any review,
> dissemination, distribution or duplication of this communication
> is strictly prohibited. If you are not the intended recipient,
> please contact the sender immediately by reply e-mail and destroy
> all copies of the original message.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]