1 - So, my scenario here is i have been into IT infrastructure Services(Systems/Networks/SOC) for past 5 years and now have taken a short gap from my job and planning to pursue my goals in correct and passionate way. So while looking around i find the Info. Sec. domain as my goal and decided to do pursue further into it leveraging my past experience in IT. But unfortunately i don't hold any of the ISO/ISMS knowledge as of now, but would love to do pursue further into it. For the same seeking your kind advise in what direction should i pursue further as Management/Auditing fascinates me more than technical side of Info Sec. domain. So, shall i go ahead and pursue the ISO 27001 cert ?
Answer: Considering your interest in information security, ISO 27001 certification will be of great help to your career, because not only it presents a systematic way to implement, operate and improve an information security management system, but it is also a world-wide recognized and accepted standard, which will allow you to work in any part of the world.
2 - Which should be pursued first LI/LA as per my case? I have shortlisted onto 3 certification bodies nearer to my place here in New Delhi(India) i.e. PECB / BSI / SGS. PECB is the most expensive and SGS as the least expensive.
Answer: Let's start with the differences:
- ISO 27001 Lead Implementer – this certification recognizes people who have competency on the ISO 27001 implementation process.
- ISO 27001 Lead Auditor – this certification recognizes people who have competency on auditing an ISMS against ISO 27001 requirements and want to become certification auditor (and with this provides more confidence to an organization for being certified).
Considering your stated background, the decision about which one to take will depend on your professional purposes. If you plan to work on the implementation of information Security Management Systems, then you should consider the Lead Implementer certification. If you plan to work on certifying ISMSs, or to ensure implemented ISMSs are complaint with ISO 27001 requirements, then you should consider the Lead Auditor certification.
Regarding certification bodies, world-wide recognized LI/LA courses (also known as accredited courses), which are the first step to LI/LA certification, need to be compliant with ISO 17024 (General requirements for bodies operating certification schemes for persons), which helps ensure that even with different approaches their courses can provide confidence in the skills acquired by the people who pass their exams (PECB, BSI and SGS have accredited courses), so good criteria to select your training provider, besides cost, are the certification body reputation in your country and references from previous students (you may find these on professional social networks like LinkedIn).