Problem solve Get help with specific problems with your technologies, process and projects.

Should I go for a CISSP or a BS7799?

I'm working as a network security engineer for two years now. I would like to go for some security management courses. Should I go for a CISSP or BS7799? Also in the BS7799 should I do the implementation or auditor course?

I am WatchGuard-certified -- will a certification on Check Point help?

The route you take in training should reflect the direction that you want your working life to take. The BS7799/ISO17799 has rather more to do with standard compliance evaluation, planning, and implementation whereas the CISSP is more a credential for working security practitioners who can cover the whole range of security topics and activities.

Thus, if you'd prefer to focus on BS7799/ISO17799 stuff, do the implementation training to make that happen or the auditing stuff to evaluate the work of others in implementing those standards. This seems to lead one into large corporations or government agencies where such efforts would be ongoing and constant, or into consulting work where one would help (or evaluate) customers to come into compliance.

On the other hand, the CISSP appears (at least to me) to offer a broader entry into the field and would support working as a full- or part-time security professional, along with network engineering. It could also permit a move into security management, development work, planning, auditing, risk assessment, and all kinds of other fields.

Though, in the end only you can decide what fits your interests and abilities best.

This was last published in September 2004

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.