This is a question that arises in many information security and business analysis professional’s mind. Both IIBA CCA and ISO 27001 deal with information security. So, which one should pursue?
I am among very few BA professionals who have done both the certifications. I consulted more than 10 clients to implement ISO 27001 in their organizations and it was indeed a great learning process. I thoroughly enjoyed my ISO 27001 Lead Auditor training.
Similarly, I took IIBA CCA certification few months back and again was pleasantly surprised about new aspects those I learnt as part of my CCA preparations process.
Let's do a comparison between the 2 certifications below.
|
Domain |
IIBA CCA Domains |
ISO 27001 Domains |
|
1 |
Cybersecurity Overview and Basic Concepts |
Information security policies |
|
2 |
Enterprise Risk |
Organization of information security |
|
3 |
Cybersecurity Risks and Controls |
Human resource security |
|
4 |
Securing the Layers |
Asset management |
|
5 |
Data Security |
Access control |
|
6 |
User Access Control |
Cryptography |
|
7 |
Solution Delivery |
Physical and environmental security |
|
8 |
Operations |
Operations security |
|
9 |
|
Communications security |
|
10 |
|
System acquisition, development and maintenance |
|
11 |
|
Supplier relationships |
|
12 |
|
Information security incident management |
|
13 |
|
Information security aspects of business continuity management |
|
14 |
|
Compliance |
IIBA-CCA Recommended -
ISO 27001 LA Recommended –