Certified Information Systems Security Professional – (CISSP)
Certifying Body: ISC2
The CISSP is considered the "Gold Standard" of security
credentials for mid and senior level security professionals. The
CISSP Certification requires 3 years of verifiable professional
experience, passage of a 6 hour exam, and was designed to
recognize mastery of an international standard for information
security and understanding of a Common Body of Knowledge. The
CISSP CBK includes:
-
Access Control Systems &
Methodology
-
Applications & Systems
Development
-
Business Continuity Planning
-
Cryptography
-
Law,
Investigation & Ethics
-
Operations Security
-
Physical Security
-
Security Architecture &
Models
-
Security Management Practices
-
Telecommunications, Network &
Internet Security
Certified Information Systems
Auditor – (CISA)
Certifying Body: ISACA
Since 1978, the CISA program has been the globally accepted
standard of achievement in the IS audit, control and security
field. Earning the CISA designation requires 5 years of verified
professional experience and passage of a 4 hour exam. The CISA
knowledge domains include:
-
The Information Systems (IS)
Audit Process
-
Management, Planning and
Organization of IS
-
Technical Infrastructure and
Operational Practices
-
Protections of Information
Assets
-
Disaster Recovery and
Business Continuity
-
Business Application Systems
Development, Acquisition, Implementation, and Maintenance
-
Business Process Evaluation
and Risk Management
Certified Information Security
Manager – (CISM)
Certifying Body: ISACA
The CISM is business-oriented and focuses on the mastery of job
practices involved with actually managing information security.
Eight years of verified professional experience and passage of a
4 hour exam are required for certification. The CISM practice
areas include:
-
Information Security
Governance
-
Risk Management
-
Information Security Program
Management
-
Information Security
Management
-
Response Management
INFOSEC
Assessment Methodology – (IAM)
Certifying Body: National Security Agency
The IAM certification specifies the professional capability to
perform a standard set of activities required to complete an
INFOSEC assessment. In other words, the methodology explains the
depth and breadth of the assessment activities that must be
performed to be acceptable within the IATRP. The IAM "sets the
bar" for what needs to be done for an activity to be considered
a complete INFOSEC Assessment. Providers who advertise an
INFOSEC assessment capability and consumers seeking assistance
in performing INFOSEC Assessments should use the IAM as the
baseline for their discussions.
Information System
Security Engineering Professional (ISSEP)
Certifying Body: ISC2 (Co-developed with the National
Security Agency)
The ISSEP is a concentration credential and requires the
holder to possess the CISSP credential prior to testing and
certification. The exam is 3 hours long. As a concentration
credential the ISSEP specializes in 4 cognitive domains of
significant value in protecting the U.S. National
Information Infrastructure. The domains are:
-
System Security
Engineering
-
Certification and
Accreditation
-
Technical Management
-
U.S. Government
Information Assurance (IA) Regulations
Systems Security Certified
Practitioner – (SSCP)
Certifying Body: ISC2
The SSCP Certification was designed to recognize an
international standard for practitioners of information security
[IS] and understanding of a Common Body of Knowledge (CBK). It
focuses on practices, roles and responsibilities as defined by
experts from major IS industries. One year of verifiable
professional experience and passage of a 3 hour exam are
required for certification. The SSCP CBK includes:
