This is a question that arises in many information security and business analysis professional’s mind. Both IIBA CCA and ISO 27001 deal with information security. So, which one should pursue?
I am among very few BA professionals who have done both the certifications. I consulted more than 10 clients to implement ISO 27001 in their organizations and it was indeed a great learning process. I thoroughly enjoyed my ISO 27001 Lead Auditor training.
Similarly, I took IIBA CCA certification few months back and again was pleasantly surprised about new aspects those I learnt as part of my CCA preparations process.
Let's do a comparison between the 2 certifications below.
|
Domain |
IIBA CCA Domains |
ISO 27001 Domains |
|
1 |
Cybersecurity Overview and Basic Concepts |
Information security policies |
|
2 |
Enterprise Risk |
Organization of information security |
|
3 |
Cybersecurity Risks and Controls |
Human resource security |
|
4 |
Securing the Layers |
Asset management |
|
5 |
Data Security |
Access control |
|
6 |
User Access Control |
Cryptography |
|
7 |
Solution Delivery |
Physical and environmental security |
|
8 |
Operations |
Operations security |
|
9 |
|
Communications security |
|
10 |
|
System acquisition, development and maintenance |
|
11 |
|
Supplier relationships |
|
12 |
|
Information security incident management |
|
13 |
|
Information security aspects of business continuity management |
|
14 |
|
Compliance |
IIBA-CCA Recommended -
- Business analysts
- To become enterprise / strategic level BA
- If your organization has IIBA CCA certifications as part of the competency framework
- Part of BA Center of Excellence/BA Competency team
ISO 27001 LA Recommended –
- Members of Organizational Infosec team
- If your organization has ISO 27001 LA certifications as part of the competency framework
- If your organization has implemented or plan
Write Comment