The major focus of the CISSP certification is centered on security technology and management, but the functional areas in the realm of regulation and compliance are “softer” areas that are somewhat removed from security itself.
However, there are compliance-related tasks for which the CISSP certification does not prepare its candidates. Activities such as business controls development, internal audits and the interpretation and application of regulations are barely touched on in the CISSP world. Other certifications, such as the Certified Information Systems Auditor (CISA), focus on controls and internal audits.
From an upcoming article on the adequacy of the CISSP certification in today’s new regulation-centric security environment
CISA is a exam that focuses on IT Audit. CISSP is more of a security manager role. CISM on the other hand is the role preparation for a audit manager
Our company used to offer CISSP training, but preparing to deliver that course was very very time intensive due to the high amount of theory (and after the trainer finished his contract, we haven’t had time to retrain anyone).
Importantly, our clients always expect practical training for all our courses.
As a security expert, which of these programs or other security certifications would you recommend to fulfill the “practical training” requested by our clients?
Well it all depends on what your clients’ needs are? For example, do they require hands-on security training for firewalls and operating system hardening, security software development, internal audit, or security policy and process development? The range of subjects is so vast that I’d be tempted to offer training in specific subject areas that can meet specific needs, rather than attempt to teach a course that is all things to all people.
Hope this helps!