I am an IT Professional. I hold MCSA, MCITP, MCSE, and ITIL certifications. I want to move toward consultation and audit services. Will certifying in ISO 27001 Foundations and Lead Auditor be a correct way? I plan to pass the CISA after some years of practice in the audit world.
NOTE: I have no practical experience in Cybersecurity. I just went through the Comptia Security+ course to help me understanding security concept in order to protect my systems and networks.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First is important to note that ISO 27001 certifications cover much more than the field of IT security. ISO 27001 certifications cover information security, i.e. the protection of information wherever it is (e.g., physical and electronic form), including those over information systems, while IT security focuses on protection of IT assets and information stored on, or processed by them. So, certifications on ISO 27001 will allow you to perform activities beyond IT security.
Considering that, the decision about which certification to choose between those related to ISO 27001 an CISA will depend on the type and depth of the audit activities you desire to perform (both are world-wide recognized certifications for auditing). If you want to focus on auditing information security management, you should consider ISO 27001 Lead Auditor. If you want to go beyond auditing the scope of information security, and also consider the audit of strategic relationships between information security and the information systems and business objectives you should consider CISA. Please note that these courses do not exclude each other, they only offer different perspectives about how to audit the way information interact with business.
These articles will provide you a further explanation about personal certifications and consultancy:
- CISA vs. ISO 27001 Lead Auditor certification https://advisera.com/training/iso-27001-lead-auditor-course/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
To see more about the course, please access: https://advisera.com/training/iso-27001-lead-auditor-course/
Regarding consultancy services, besides information security related certifications, you also need to consider competencies related to project management, and accumulate experience, either working with another consultant, or performing activities in the information security field for a company. You also should consider the Lead Implementer certification. For more information, see:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/
Comment as guest or Sign in
Aug 28, 2020