EH-Net

Hi,

I am considering taking the BCS ISEB Certificate in Information Security Management Principles (CISMP) as this seems to be the only security cert that relates directly to ISO 27001. I have already completed vendor certs like CCSE+, JNCIS-FWV and Security+ but all these seem biased towards US IT Security Legislation.

It seems a bit wateful as I guess this is about the same level as my Security+, certainly the sample 20 questions seemed very straight forward, but I cannot see any other way to train on ISO 27001 other than the BSI Auditors Exam.

Does anyone here have any experience of these qualifications and could they provide a little guidance.

Thanks

Garnet

Hay Garnet,

Correct me if I am wrong but BCS (British computer society) I very much doubt anyone her has done any of their course as most fokes here are from the USA and other countries outside of the UK.

The best way to get an answer might be contact the BCS direct with any question or asking experts in the UK who are in that field that could tell you if its worth while.

Sorry could not help more

Jamie - not so fast, plenty of us UK folk active or lurking in EH-Net.

Garnet, afraid I don't have any experience of the ISEB qualifications so can't provide any insight there, but if you're looking training directly relevant it 27001, take a look at SANS' offering MGT411 (https://www.sans.org/security-training/27000-implementation-management-3147-tid). Admittedly I've not taken this either, but I've been looking down a similar path and this is currently my preferred option.

sorry Andrew I only knew of about maybe 5 people from the uk who use this :P

On another note since there are more UK peeps here if you in the midlands you may want pop along to https://www.owasp.org/index.php/East_Midlands (https://www.owasp.org/index.php/East_Midlands)

Thanks for the replies everyone.

SANS MANAGEMENT 411 looks quite interesting but at the moment I think I will aim at CISMP as it is a British Exam and probably better understood in the UK. I have done more reading and it appears to be thought of as more senior than Security+ despite being pretty straight forward. I think also it may be better preparation for the Certificate in Information Risk Management and thus let me aim for BCS CESG.

I will keep you posted on my experience with progress as maybe some of you may be considering it.

Regards

Garnet

One last thing, a useful little link:

http://www.computerweekly.com/feature/IT-qualifications-security-credentialshttp://

hmm yah CISSP is mot well know security related cert but I think it not really a cert for pen tester as it too generic .

Hi,

I think CISM is probably the best known as it has been around the longest. However, ISEB is an Internationally renowned certificate offering which comes from the British Computer Society in parnership with NCS.

Foundation level equates to AMBCS level while the practitioner level equates to MBCS (Honours Degree Level). CISSP is similar to practitioner level but is multiple choice multiple answer not essay based like ISEB.

For me CISSP is like Security+ but longer, a mile wide and an inch thick I have heard said. ISEB is more job focused.

Regards,

Garnt

I've seen a lot of auditors go for the ISO27001 Lead Auditor credential. Here's a UK based training course

http://www.itgovernance.co.uk/products/2753