Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

How relevant is ISO270001 for an IT auditor containing CISA designation?

user-image
Question ajoutée par Muhammad Wasif Riaz , Senior Manager IS Audits , Pakistan Telecommunication Limited
Date de publication: 2013/09/04
Zafar Ayub
par Zafar Ayub , Manager IT , IMGC Global

CISA provide over knowledge of IT compliance where ISO27001 is specific to IT security issues     

Utilisateur supprimé
par Utilisateur supprimé

CISA designation encompasses all aspects of IT Organization from, while ISO270001 is highly focused on Information Security. CISA and COBIT are aimed at7 qualities of information:

- Effectiveness

- Efficiency

- Integrity

- Confidentiality

- Compliance

- Availability

- Reliability

ISO270001 or NIST (in the US, although it covers more than ISO270001) only deals with3 aspects in great detail:

- Confidentiality

- Integrity

- Availability

Since many laws and regulations require these3 aspects covered it would mean automatic compliance.

You can think of NIST (ISO) framework as a subset of the COBIT framework and would be good to obtain if you want to specialize in Information Security or Compliance.

But two really important aspects of Information Technology are not covered by NIST (ISO). Those are Effectiveness and Efficiency of Information. These are extremely important for IT Governance to establish IT support measurements and Return on investement into the Technology. But to be honest, most of businesses are not mature enough to realize the importance of these two factors and leave them at the discretion of the CIOs who often know neither business objectives nor finance analysis to successfully manage them in their IT shops. 

That situation is common in the West and I would suspect everywhere else where IT is considered as a magical area nobody understands except for the IT people.

So if you are already a CISA and would like to specialize in Information Security obtaining CISSP or ISO would be a good idea, as well as obtaining PMP or Financial designation if you would like to go deep into IT investments and performance.

Feel free to ask more!

Rummaan

 

 

 

More Questions Like This