Expert Advice Community

Guest

Change profile from incident management to security compliance domain

  Quote
Guest
Guest user Created:   Feb 10, 2021 Last commented:   Feb 10, 2021

Change profile from incident management to security compliance domain

I would like to take advice from you regarding my plans to change my current profile i.e., from IT Incident management and to move completely to IT Security Management which involves audits and risk assessment. I don't have any technical background and knowledge in security except having only 7 years of work experience into service desk/service management. I work in India. Currently, I am working with *** from 3.5 years in Incident management which at times involves a few security based incidents that's it. Challenge is that I want to internally move into *** into security management domain but do not have any previous experience, so what's shall I do to get a suitable role of IT Auditor in security management within organization (***) and if not within organization than at least in a different but my first preference will be to move within the organization.

I am going through a big dilemma as to which certification shall I pursue either ISO 27001 Lead Auditor OR CISA OR CISSP because all the three are very costly.

Will look forward to your suggestions and advise.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 10, 2021

Considering the mentioned certifications and your background, you should consider ISO 27001 Lead Auditor or CISA. CISSP is more indicated to people who want to work in technical areas. For the choice between ISO 27001 Lead auditor and CISA, you need to consider the type and depth of the activities you desire to perform (both are world-wide recognized certifications for auditing).

If you want to focus on auditing information security management, you should consider ISO 27001 Lead Auditor. If you want to go beyond auditing the scope of information security, and also consider the audit of strategic relationships between information security and the information systems and business objectives you should consider CISA. Please note that these courses do not exclude each other, they only offer different perspectives about how to audit the way information interacts with the business. ISO 27001 Lea Auditor would also need to be considered if you which to work for certification bodies, as a certification auditor.

These articles will provide you further explanation about personal certifications:
- CISA vs. ISO 27001 Lead Auditor certification https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-lead-auditor-course/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

To see more about the ISO 27001 Lead Auditor Course, please access: https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-lead-auditor-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 10, 2021

Feb 10, 2021