PenTest Market Magazine

I wrote an article and published it in Penetration Testing Market Magazine Vol.1 No. 1 Issue 01/2012(01), March.

PenTest Magazine is from Poland.

To download the full version of the magazine, you just have to create a free account on www.pentestmag.com.

Only members can download the magazine.

CISSP or CISA?

Many people are getting confused with CISSP and CISA. But there really should be no confusion on the two because they are very different from each other.

The CISSP or Certified Information Systems Security Professional is a certification managed and governed by the International Information Systems Security Certification Consortium or (ISC)2 for IT professionals in the information security field. The CISSP falls under the IT industry and is a very popular certificate for systems security. It is very different from CISA because CISSP is strictly IT in nature.

CISA on the other hand is an auditing certification. CISA stands for Certified Information Systems Auditor. While both CISSP and CISA may contain the words Information Systems, CISSP is for security and CISA is for auditing. CISSP is needed if you are thinking of information systems security career path. This is a highly technical exam but is also in high demand these days. CISA is needed if your career path is for becoming an auditor in information systems. This is a management-type exam and based around audit management and compliance. Security does not play a major role in this certification exam.

Both the CISSP and CISA certifications, however, require a minimum of five years experience in order for you to receive the certification. CISA requires three years of education and two years of actual experience. The CISSP requires five years IT security experience (but will also accept four years experience if the candidate has a college degree). Both the CISSP and CISA certification exams are tough but not impossible to pass.

So there you are. While both are based on information systems, their major difference is that the CISSP is for security and the CISA is for audit.

CISSP (Certified Information Systems Security Professional)

If you plan to build a career in information security – one of today’s most visible professions – and if you have at least five full years of experience in information security, then the CISSP^® credential should be your next career goal. It’s the credential for professionals who develop policies and procedures in information security.

A CISSP is an information assurance professional who defines the architecture, design, management and/or controls that assure the security of business environments. The vast breadth of knowledge and the experience it takes to pass the exam is what sets the CISSP apart. The credential demonstrates a globally recognized standard of competence provided by the (ISC)²^® CBK which covers critical topics in security today, including cloud computing, mobile security, application development security, risk management and more.

The CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024. CISSP certification is not only an objective measure of excellence, but a also globally recognized standard of achievement.