Quick question, which certification body is the accepted/industry-accepted personal certification for ISO 27001 implementer and auditor certifications?
CISA - Certified Information Systems Auditor is certainly one of the top listings.
I'm not aware of a certification for implementers, though CISA or the related CISM or CISSP are popular amongst those of us who do consulting in that area. All three of these are from ISACA.
Thanks. I have CISSP and CISM. I am working on CRISC and will do CISA in the fall. In 2005, I did two-weeks of BS7799-2003 training that certified you. Now I was think what would be similar in ISO 27001.
BS7799 is basically the father of ISO 27001 so you should be good there.
For personal certifications there's also Information Security Auditor (ISA) from CIS and probably a bunch of others. However, all of those are from this or that organisation, there is not - to the best of my knowledge - any official certification.
For all practical purposes, not many people seem to care except when it comes to the auditors. For the implementers, in all of my time doing 27001, not one customer has even asked to see my CISM certificate.
But this might be a matter of sphere. I'm mostly in private industries, the military or government orgs might see things differently, though the gov customers I've had so far did not.
The CISA certification is known worldwide as the recognized achievement for those who control, monitor and assess an organization’s information technology and business systems.
2. CRISC
CRISC (pronounced “see-risk”) is designed for IT professionals who have hands-on experience with risk identification, assessment and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.
3. CISM
The management-focused CISM is a unique certification for individuals who design, build and manage enterprise information security programs. CISM is the leading credential for information security managers.
4. CGEIT
CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices.