BS7799

In next days , there will be a curse to certify on BS7799 in my city,
is this certification worth to take? is it being demanded in the market
as CISSP and CISA? any comments will be helpful.

In article <1126549926.711573.96010@g44g2000cwa.googlegroups. com>,
AeonFlux <nexurina@yahoo.com> wrote:
>In next days , there will be a curse to certify on BS7799 in my city,
>is this certification worth to take? is it being demanded in the market
>as CISSP and CISA? any comments will be helpful.
>

Do you have to sell your soul to pass?

Sorry.


Claude

"AeonFlux" <nexurina@yahoo.com> writes:
> In next days , there will be a curse to certify on BS7799 in my city,
> is this certification worth to take? is it being demanded in the market
> as CISSP and CISA? any comments will be helpful.

I work in the security services division at a large multinational
corporation. I've not so much as heard of BS7799, nor CISA.

CISSP, and the SANS/GIAC certs are common currency among folks in our
division, however.

Best Regards,
--
Todd H.
http://www.toddh.net/

In article <84u0gqgk9o.fsf@ripco.com>, Todd H. <comphelp@toddh.net> wrote:
>"AeonFlux" <nexurina@yahoo.com> writes:
>> In next days , there will be a curse to certify on BS7799 in my city,
>> is this certification worth to take? is it being demanded in the market
>> as CISSP and CISA? any comments will be helpful.
>
>I work in the security services division at a large multinational
>corporation. I've not so much as heard of BS7799, nor CISA.
>
>CISSP, and the SANS/GIAC certs are common currency among folks in our
>division, however.
>
>Best Regards,
>--
>Todd H.
>http://www.toddh.net/

Spelling jokes aside, BS7799 is a standard, related to ISO 17799,
and CISA is the acronym for "Certified Information Systems Auditor"

http://www.isaca.org/Template.cfm?Se..._Certification

and in certain orbits is a valuable certification.

Claude

Besides CISSP , which others certifications of security are worth to
study?

"AeonFlux" <nexurina@yahoo.com> writes:
> Besides CISSP , which others certifications of security are worth to
> study?

SANS GIAC goodies are very well respected in the circles I'm in:
http://www.giac.org/

--
Todd H.
http://www.toddh.net/

I sense some confusion here. Maybe I can help?

Firstly, unlike CISSP, BS7799 is not a personal certification, it is an
organizational one. In other words, the organization, or part of it,
becomes certified against BS7799. You do not.

The concept of having the letters BS7799 following your name,
therefore, does not apply.

In terms of BS7799, individuals can however become qualified to audit
against it. There are lead auditor qualifications and so on, to equip
you and enable you to perform recognized audits.

BS7799-2, or indeed ISO 27001, which is replacing it, are focused very
much on the organization.

If you are interested in this area, it sounds like you need to do a
little research on the wider concepts of BS7799, ISO 27001 and ISO
17799. For this, the following resources may help:

ISO 17799 Central: http://www.17799central.com
ISO 17799 Newsletter (I edit this): http://17799-news.the-hamster.com
ISO 27001 Online: http://www.27001-online.com

There is also a user group dedicated to the standard at:
http://www.17799.com. There is even a wiki for the standard at:
http://iso-17799.safemode.org

Hopefully this will give you the basics of a fairly complex arena.

Best fo luck.

Sue


AeonFlux wrote:
> In next days , there will be a curse to certify on BS7799 in my city,
> is this certification worth to take? is it being demanded in the market
> as CISSP and CISA? any comments will be helpful.

Sue,

I have clear that BS7799 is an standard for management of IT security
and that became an auditor is just being able to know if the processes
of a company follow or not the standards. Now, to became an auditor I
need to take a curse and an exam, both a little expensive (I live in
Mexico) so my friends and I are investigating if this skill is demanded
in security IT market or not so we can evaluate if it worth the efforth
or not.

In article <1126624575.574056.86970@g49g2000cwa.googlegroups. com>,
AeonFlux <nexurina@yahoo.com> wrote:
>Sue,
>
>I have clear that BS7799 is an standard for management of IT security
>and that became an auditor is just being able to know if the processes
>of a company follow or not the standards. Now, to became an auditor I
>need to take a curse and an exam, both a little expensive (I live in
>Mexico) so my friends and I are investigating if this skill is demanded
>in security IT market or not so we can evaluate if it worth the efforth
>or not.
>

Hi

I'm not Sue, but I can perhaps help a bit.

#1 "course" not "curse"... two different things. Your
English, however, is miles ahead of my Spanish so that isn't the point.

#2 Auditing. In the US, there is a fairly recent law (Sarbanes-Oxley Act)
that requires companies over a certain monetary value to periodically
certify that their information systems are accurately processing
financial data under pain of imprisonment and fine for corporate officers.
I believe that there are also similar European regulations, but I am
not sure about Mexican law. Providing these certifications has provided
much work for competent auditors. Many companies also rely on IT auditors
to determine the degree to which corporate security policies are being
followed. This has also led to an increase in the demand for IT auditors
who are comfortable with the various technologies as well as the
business practices. You will probably need to do some homework on your
own as to whether there are any such legal requirements in Mexico. If
so, then IS auditing will be a good career choice for the future.

In any case, good luck

Claude

Claude,

Thanks for your comments, Mexico just started making an effort to set
some laws on the IT Goverment field, most because the companies in US
are asking for this regulations to implemented by their associates in
Mexico.



Sorry for my ortography, "curse" and "course" is a very common mistake
from me if I don't pay attention.

Regards,

In article <1126632115.656328.92360@z14g2000cwz.googlegroups. com>,
AeonFlux <nexurina@yahoo.com> wrote:
>Claude,
>
>Thanks for your comments, Mexico just started making an effort to set
>some laws on the IT Goverment field, most because the companies in US
>are asking for this regulations to implemented by their associates in
>Mexico.
>
>
>
>Sorry for my ortography, "curse" and "course" is a very common mistake
>from me if I don't pay attention.
>
>Regards,
>

Like I said, your English is way better than my Spanish...

Government regulation is the engine that pulls the gravy train...


Claude