ISACA

cism certification

July 23, 2014 by Bruce Brown Leave a Comment

I have known a few people with the the Certified Information Security Manager – CISM certification. I don’t think it holds as much weight that the CISSP, but then again I am biased. The industries that I have worked in (federal) give CISSP a pretty high level of trust for general security management type work. But I have heard that the financial world (banks, investment firms) give more weight to CISA and CISM.

The CISA (certified Information system auditor) and CISM are closely related and kind of cut from the same cloth. They are both from ISACA. Since both the CISM certification and CISA are on the DoD’s approved list of certifications, its a pretty valuable certification.

I noticed that those with security manager aspirations go for the CISM. Its a well respected certification and is often put on the same level as the CISSP for high level security positions.

risk management association

February 5, 2014 by Bruce Brown Leave a Comment

Security Analysis and Risk Management Association (SARMA) is one of many risk management associations. SARMA is a non-profit dedicated to security practitioners that are in the business of mitigating risks from man made threats.

ISACA is another risk management association with over 100,000 constituents in 180 countries. They are the creators and proprietors of Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and Certified in Risk and Information System Controls (CRISC) certifications. They also created an Risk IT Framework.

More than just a risk management association, the Information Systems Security Association (ISSA) is a non-profit international organization for information security practitioners an managers. I have been a member of this organization, and it has LOTS of great people involved in it. They have local chapters in most major cities in the U.S. They are great at bringing security professionals together to solve common issues in the industry, barter skill sets, teach new skills, train for IT certifications and promote products and services that involve risk management and/or security.

RIMS – Risk Management Society

The Risk Management Society has a vision of becoming the global leading in all aspects of risk management. A VERY tall order.

As the preeminent organization dedicated to advancing the practice of risk management, RIMS, the risk management society™, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS brings networking, professional development and education opportunities to its membership of more than 11,000 risk management professionals who are located in more than 60 countries. For more information on RIMS, visit www.RIMS.org

isaca risk it framework

January 29, 2014 by Bruce Brown Leave a Comment

ISACA is one of the leading international, non-profit organizations putting out what is now one of the world’s most respected set of information security and risk IT framework & IT certifications:

COBIT, Business Framework for Governance and Management of IT Val IT, IT Framework for Business Technology Management
Risk IT, Framework for IT Related Business Risk
CISA, Certified Information System Auditor
CISM, Certified Information System Manager
CGEIT, Certified in Governance of IT
CRISC, Certified in Risk of Information Systems Controls
ISACA used to stand for Information Systems Audit and Control Association, but is now just ISACA.

ISACA Risk IT Framework

The ISACA has a The Risk IT Practitioner Guide

The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx

ISACA Risk IT Framework is more that just a complement to DIARMF/NIST Risk Management framwork, its a complete framework that stands on its own that would be great for a non-government corporate entity to use.