Thanks for your recent e-mail and for your mention of the CISM -- it's a new one to me and sounds like a worthwhile credential. I see on the ISACA Web site that the exam won't be ready until June, 2003, so my lack of coverage of that credential in the latest survey won't slow anybody down much. Thanks very much for bringing this to my attention.
Likewise, while I was aware of the DRII stuff, I look at that as more orthogonal (or tangential, if you will) to standard infosec certs. I need to think some more on whether I want to mention DRII in the context of out-and-out infosec (and yes, I do recognize that continuity/disaster recovery is one traditional knowledge domain in the general infosec field) certs. Maybe it should go into a sidebar entitled "Related certs" into which I could move CIA, CISA and some of the other tangential/orthogonal certs as well.
Thanks again for the feedback.
This was first published in September 2002