SANS, CTIA and ISACA all offer certifications, although focused slightly differently.
SANS offers the GISF (GIAC Information Security Fundamentals) certification as a continuance of its introductory security course. This demonstrates a general understanding of information assurance. The thing about SANS that may be attractive is the additional set of courses and certifications available to the project manager to continue his/her learning and skills.
CTIA offers the Security+ certification, which is also highly regarded in the industry, and allows more flexibility in what background education the project manager would need to prepare for the certification test.
Finally, if the project manager needs to worry about the audit aspects of the systems/projects, then ISACA offers a few audit-centric certifications focusing on security.
ROI is hard to gauge because it all depends on what the IT project manager needs to do now and in the future. If all that's required is for him/her to get a broad idea of how to secure systems, then any of the certifications will provide a decent return.
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.