+ Reply to Thread
Results 1 to 6 of 6
  1. Senior Member
    Join Date
    Jul 2011
    Posts
    102

    Certifications
    GCIA, GCIH, GPEN, GWAPT, GCFA, GREM, ACE
    #1

    Default Which came first the CISSP or the CISA

    Hello Guys,

    I am looking to Study for the CISA and CISSP for 2012, I was wondering from the people who have both which did you go after first? Also if you can go back which would you have gotten first. I know they have 2 different overall objectives but they do overlap.
    Reply With Quote Quote  

  2. SS -->
  3. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,531

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #2
    I have both. I went after the CISSP first, (CISA wasn't even on my radar at the time though.) Yes they overlap some, but not as much as you think! I would recommend the CISSP first, because looking back, I don't feel that if I had taken CISA first that I would have gained anything from the CISA that was readily available to complement the CISSP. CISA is just a wonky, frustrating test (to me.) I didn't feel that it was relevant at all to real world, and even though some may make the same argument for CISSP, the material for CISA just appears to be from another planet, quite frankly.

    A sample CISA test question: (from CISA Sample Questions 11-20)
    Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
    1. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings.
    2. not include the finding in the final report because the audit report should include only unresolved findings.
    3. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit.
    4. include the finding in the closing meeting for discussion purposes only.
    An easy question, but no relevance whatsoever to anything you would see on the CISSP exam. Not to mention the questions geared toward financial institutions.

    Some others: (from 100 CISA Questions by ExamCram - Practice Test 2)

    1. An IS auditor is using a statistical sample to inventory the tape library. Whattype of test would this be considered?
    A.Substantive
    B. Compliance
    C. Integrated
    D. Continuous audit

    Answer: A

    81. Which of the following uses a prototype that can be updated continually tomeet changing user or business requirements?
    A. PERT
    B. Rapid application development (RAD)
    C. Function point analysis (FPA)
    D. GANTT

    Answer: B

    As you can see, the CISA covers material that is not relevant to the CISSP. I would go with the CISSP first.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jul 2011
    Posts
    102

    Certifications
    GCIA, GCIH, GPEN, GWAPT, GCFA, GREM, ACE
    #3
    So my original plan is to do the CISA in June and CISSP later in the year. I don't really want to wait till Dec to do the CISA. do you think i will be fine.
    Reply With Quote Quote  

  5. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,531

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #4
    Sure, it's doable... it's just not the easiest way to them, in my opinion. Good luck!
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Aug 2011
    Location
    Little Rock, AR
    Posts
    818

    Certifications
    CISSP, CCNA (R&S, Sec), WGU BS:IT Sec, MCTS: Win 7 Config, Sec+, Project+, Storage+, Net+, A+
    #5
    From those example questions, it sounds like a project management cert would help. I knew question 81 from my Project+ studies and question 1 from Storage+. The first sample question is specifically IS auditing which is not covered in the CISSP CBK.

    I haven't taken the CISA yet, but those examples let me know that I should try for it, maybe in December. The CISSP is a rough exam. I can't wait to take the ISSAM concentration.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Feb 2012
    Location
    Rochester, UK
    Posts
    8

    Certifications
    OSCP, CREST, CISSP, CISA
    #6
    I have recently passed my CISSP on June 2012 (was a very difficult exam, thank God I didn't have to re-sit it), and am now planning to take CISA end of this year (December 2012). Personally I think for someone who have neither of those certs yet, should really go for CISA first. Reason #1 is because CISA exam is only offered twice a year, so the sooner you get it the better. Secondly, I've only started skimming through a Sybex book for CISA and thought it is much less harder to digest compared to CISSP, and some of the domains do seem to overlap with CISSP. This will help prepare you for taking CISSP next, which is something you should really look at passing on the first try. Obviously I haven't taken CISA yet, so I can't say for sure this is the best way to do it. My gut feeling believes so. Good luck!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks