Which Certification track is better? ISACA vs. ISC2 vs. SANS vs...?

Don't want to start a "my cert is better than yours" war here, but
which is better?

SANS -- It seems that SANS is very well recognized, but I am curious
about how it is you take a 5 day class and are now ready to test into a
cert. it also seems that they are far more granular, I don't know if
this limited scope is what makes the 5 day class do-able, or if it is
simply a way to generate more revenue by offering more classes and more
tests (SANS classes are some of the most expensive I have seen)

ISC2 -- ISC2 offers the CISSP and several others which are rather broad
in scope and seem more focused on the security manager/exec than the
security implementer or architect.

ISACA -- ISACA offers the CISA and CISM, which seem more global in
scope than the SANS certs and a more middle-of-the-road path between
executive and implementer/architect.

I do realize there are others certs out there (compTIA, Cisco security,
etc.) these are just the three that seem to be the big "spend your
money here" players.

just curious what other security professionals think and why.

thanks,

Erik

Re: Which Certification track is better? ISACA vs. ISC2 vs. SANS vs...?

clusterfsck@gmail.com writes:

> Don't want to start a "my cert is better than yours" war here, but
> which is better?
>
> SANS -- It seems that SANS is very well recognized, but I am curious
> about how it is you take a 5 day class and are now ready to test into a
> cert.

The secret is: Not everyone passes. :-)

> it also seems that they are far more granular, I don't know if
> this limited scope is what makes the 5 day class do-able, or if it is
> simply a way to generate more revenue by offering more classes and more
> tests (SANS classes are some of the most expensive I have seen)
>
> ISC2 -- ISC2 offers the CISSP and several others which are rather broad
> in scope and seem more focused on the security manager/exec than the
> security implementer or architect.

I'd disagree. While CISSP is a fairly broad, shallow cert, it is
probbaly the best recognized out there.

> ISACA -- ISACA offers the CISA and CISM, which seem more global in
> scope than the SANS certs and a more middle-of-the-road path between
> executive and implementer/architect.

This one isn't on my radar, fwiw.

EC-Council also has their Certified Ethical Hacker certs, and the
training and certification are challenging bootcamp style things.
Less than half of a recent class was able to pass the first attempt at
the test. Infosec Institute does a nice job with training on these.
I might add this to your list, though I don't think they are as well
known as SANS or CISSP.

Best Regards,
--
Todd H.
http://www.toddh.net/

Re: Which Certification track is better? ISACA vs. ISC2 vs. SANS vs...?

The simple answer is none are better than the other. Each of the ones
you talk about have their specific positives and negatives and fit
different people for different reasons. Personally I hold both the
CISSP and CISM and intend to go for the ISSMP concentration of the
CISSP. I took a lot of SANS courses before getting the certs but never
followed through with the SANS certs. SANS is more technical and area
specific. I found the CISSP to be more technical than the CISM. The
two sponsoring organizations are very different. The CISM required
much more proof of experience than the CISSP and the exam was quite a
bit different. I also have the Certified Hacking Forensic Investigator
from EC-Council but was very unimpressed with the course. The material
had a lot of errors and since I had background in forensics was overall
a waste of money, glad I did not pay for it but my company did.

Wayne