Information security certifications

Answer: CISA is a certification issued by ISACA for persons who fulfills pre requisites related to audit of information systems, while ISO 27001 is a certifiable standard applicable to organization's Information Security Management Systems, but which also has a certification to recognize people capable to audit ISMS's compliant with this standard.

2 - if I have certificate of ISO27001LA and COBIT can it dispens of CISA.

Answer: This will depend of the type and depth of the activities you will perform. If your activity focuses on information security management, ISO 27001 LA would be sufficient. If you want to go a little deeper also considering IT governance activities and technical process, COBIT can help enhance your skills. CISA knowledge would help you perform audits that go beyond the scope of information security, also considering the strategic relationships of the information systems and business objectives.

3 - Who can I use ISO 27001 to audit my company step by step.

Answer: ISO 27001 can provide you the requirements you can use to evaluate your company's capability to plan, implement, operate and improve the practices related to information security used in your process. For more information I suggest you to see these articles: How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/ and How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

4 - What is a future of BCM comparing by IS Audit

Answer: Business Continuity Management and Information Security overlap each other in several points and as business needs for stable and always available information systems grow, the need for professionals who can understand, explain and plan solutions which integrates these two fields will also grow, providing great opportunities for competent people. For more information, please see: Where does information security fit into a company? https://advisera.com/27001academy/blog/2016/10/24/where-does-information-security-fit-into-a-company/

These articles will provide you further explanation about certifications:
- ISO 27001 certification for persons vs. organizations https://advisera.com/27001academy/iso-27001-certification/
- CISA vs. ISO 27001 Lead Auditor certification https://advisera.com/27001academy/blog/2015/05/11/cisa-vs-iso-27001-lead-auditor-certification/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/