Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
CISA provide over knowledge of IT compliance where ISO27001 is specific to IT security issues
CISA designation encompasses all aspects of IT Organization from, while ISO270001 is highly focused on Information Security. CISA and COBIT are aimed at7 qualities of information:
- Effectiveness
- Efficiency
- Integrity
- Confidentiality
- Compliance
- Availability
- Reliability
ISO270001 or NIST (in the US, although it covers more than ISO270001) only deals with3 aspects in great detail:
- Confidentiality
- Integrity
- Availability
Since many laws and regulations require these3 aspects covered it would mean automatic compliance.
You can think of NIST (ISO) framework as a subset of the COBIT framework and would be good to obtain if you want to specialize in Information Security or Compliance.
But two really important aspects of Information Technology are not covered by NIST (ISO). Those are Effectiveness and Efficiency of Information. These are extremely important for IT Governance to establish IT support measurements and Return on investement into the Technology. But to be honest, most of businesses are not mature enough to realize the importance of these two factors and leave them at the discretion of the CIOs who often know neither business objectives nor finance analysis to successfully manage them in their IT shops.
That situation is common in the West and I would suspect everywhere else where IT is considered as a magical area nobody understands except for the IT people.
So if you are already a CISA and would like to specialize in Information Security obtaining CISSP or ISO would be a good idea, as well as obtaining PMP or Financial designation if you would like to go deep into IT investments and performance.
Feel free to ask more!
Rummaan