The background info is quite useful. Can not differ with you.
Thanks.

Afzal Khan, CISA
Information Security

|---------+--------------------------->
| | William Hugh |
| | Murray |
| | <whmurray@optonl|
| | ine.net> |
| | |
| | 01/08/02 08:22 |
| | AM |
| | Please respond |
| | to whmurray |
| | |
|---------+--------------------------->
>-----------------------------------------------------------------------------------------------|
  | |
  | To: Afzal Khan/New York/ACMC@Alliance Capital |
  | cc: Michael.Tang@i21.com.hk, cisspstudy@securityfocus.com |
  | Subject: Re: CISSP vs CISA |
>-----------------------------------------------------------------------------------------------|

A little background may be useful.

The CISA is a more mature program, more than two decades old. It
is skills based. In order to
determine what is included in the test, ISACA surveys system
auditors to determine how they spend their
time. They then determine what skills are necessary to perform
those activities and test for those
skills. This may account for the fact that some perceive it to
be narrower, if deeper, than the
CISSP. While security is included, the CISA has IT rather than
IT security as its scope.

The CISSP is the newer program, ten years old. The CISSP is
(habitual) knowledge based. It tests to
see whether or not you share the professional knowledge of your
colleagues. Thus, tends to be broader,
if shallower, than the CISA. However, the CISSP is more security
specific than the CISA.

Afzal_Khan@acml.com wrote:

> Michael,
>
> You have answered your own question in the first part of your
> e-mail. I believe both the certifications are good - none is
> better than the other in general. One is better than the other
> depending on where you want to use. While CISA is generally
> preferred in the audit and control world, CISSP is better in
the
> regular IT environment. At the same time, it's my personal
> opinion, CISSP tend to cover more grounds than CISA. Therefore,
> to answer your question of which one is desirable first, I
would
> say CISSP first. However, please bear in mind that CISA is
given
> only once a year and CISSP is offered multiple times (although
at
> different locations). Therefore, you need to plan accordingly.
> Hope this helps.
>
> Afzal Khan, CISA
> Information Security
>
> |---------+--------------------------->
> | | Michael.Tang@i21|
> | | .com.hk |
> | | |
> | | 01/06/02 03:29 |
> | | PM |
> | | |
> |---------+--------------------------->
> >
-----------------------------------------------------------------------------------------------|

> |
|
> | To: cisspstudy@securityfocus.com
|
> | cc:
|
> | Subject: CISSP vs CISA
|
> >
-----------------------------------------------------------------------------------------------|

>
> Hi,
>
> If we want to find a well-know and globally recognized security
> certification or qualification, the answer should not out of
> CISSP or
> CISA. In fact, one is more on technical while the other is more
> on audit
> and control, when comparing with CISSP and CISA. But I would
like
> to ask,
> - which one is more useful?
> - which one is more famous?
> - Which one should be better?
> - Which one should be target first, if we plan to obtain both
> certifications as one by one?
>
> Thanks,
> Michael

______________________________________________________________________
 The information contained in this transmission may contain
privileged and confidential information and is intended only for
the use of the person(s) name above. If you are not the intended
recipient, or an employee or agent responsible for delivering
this message to the intended recipient, any review,
dissemination, distribution or duplication of this communication
is strictly prohibited. If you are not the intended recipient,
please contact the sender immediately by reply e-mail and destroy
all copies of the original message.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]