Information Security Certifications

SecurityLogoWhile the Information Systems Security Association (ISSA) is not a certification body, and membership does not require one to hold any information security certifications, ISSA Barbados does actively encourage its members to pursue information security certifications as a means of gaining and demonstrating information security knowledge, experience, and a commitment to on-going education in the field. ISSA Barbados also requires Full members to hold at least one advanced-level information security certification as a way of demonstrating their world-class information security status and their relevant experience. Certifications which meet this criterion include CISSP ®, CISA ®, CISM ®, CGEIT ® and CRISC ®.

This page gives a sample of some of the most popular, some of the most advanced, and some of the most useful information security certifications available today. The list given here is far from exhaustive.

The existence of a certification on this list should not be construed as an endorsement of that particular certification by ISSA Barbados, just as the omission of a certification should not be construed as that certification not being held in high regard by ISSA Barbados.

The below certifications are divided into the broad categories of entry-level. mid-level, and advanced level.

Entry-level information security certifications

Security+

This is a general information security certification offered by CompTIA. It has no entry requirements, but those certificated recently are required to adhere to a continuing education policy.

C|EH – Certified Ethical Hacker

This is offered by EC-Council. One must pass a difficult examination to gain the credential. It has no entry requirements, but holders of this credential are required to adhere to a continuing education policy.

C|HFI – Computer Hacking Forensic Investigator

This is offered by EC-Council. One must pass a difficult examination to gain the credential. It has no entry requirements, but holders of this credential are required to adhere to a continuing education policy.

GISF – GIAC Information Security Fundamentals

This introductory security administration course is offered by GIAC. It however requires continuing education. One must pass a 2-hour exam to gain the credential.

Mid-level information Security Certifications

GSEC – GIAC Security Essentials Certification

This security administration certification is offered by GIAC. It requires passing a 5-hour exam and continuing education.

E|CSA – Certified Security Analyst

This is an advanced penetration testing/ethical hacking certification offered by EC-Council. One must pass an examination to gain the credential. It has no entry requirements, but it is targeted toward experienced security professionals. Holders of this credential are required to adhere to a continuing education policy.

SSCP® – Systems Security Certified Practitioner

This is offered by ISC2. It requires one year of practical experience, passing an exam, and adherence to a continuing education policy.

CIPP – Certified Information Privacy Professional

This privacy certification is offered by the Association of Privacy Professionals. It requires one to pass a foundation-level exam and then an exam addressing the particular area of speciality. It requires experience and the adherence to a code of ethics.

CCSK – Certificate of Cloud Security Knowledge

This is offered by the Cloud Security Alliance. It is a certificate to demonstrate security knowledge in the area of cloud computing, and as such complements other information security certifications. An exam must be passed to gain the certificate.

eCPPT – Certified Professional Penetration Tester

This certification is offered by eLearnsecurity. It requires basic ethical testing/pentesting knowledge and to obtain the certification one must perform an actual pentesting assignment over a number of weeks and then submit a satisfactory report.

Advanced-level information security certifications

CISSP – Certified Information Systems Security Professional

This is the best known general information security certification. It is offered by ISC2. It requires years of practical experience, passing a tough 6-hour exam, and a commitment to continuing education and following a code of ethics.

CISM® – Certified Information Security Manager

Offered by ISACA. Requires years of practical experience, passing a tough 4-hour exam, and a commitment to continuing education and following a code of ethics.

GCIH – GIAC Certifed Incident handler

This certification is offered by GIAC. It requires passing a 4-hour examination and continuing education.

GPEN – GIAC Penetration Tester

This certification is offered by GIAC. It requires a 3-hour exam and continuing education.

GCFW – GIAC Certified Firewall Analyst

This certification is offered by GIAC. It requires a 2-hour exam and continuing education.

CISA® – Certified Information Systems Auditor

Offered by ISACA. It requires years of practical experience, passing a tough 4-hour exam, and a commitment to continuing education and following a code of ethics.

CGEIT® – Certified in Governance of Enterprise IT

Offered by ISACA. It requires years of practical experience, passing a tough 4-hour exam, and a commitment to continuing education and following a code of ethics.

CRISC® – Certified in Risk and Information Systems Control

Offered by ISACA. It requires years of practical experience, passing a tough 4-hour exam, and a commitment to continuing education and following a code of ethics.

HISP – Holistic Information Systems Professional

This is offered by the HISP Institute. It requires a high-level certification such as CISSP, CISA, CGEIT or CISM as well as passing a tough exam. Holders of this certification are required to adhere to continuing education as well as a code of ethics.

CFE – Certified Fraud Examiner

This is offered by the Association of Certified Fraud Examiners. It requires years of practical experience, passing a tough exam, and a commitment to continuing education and following a code of ethics.

C|CISO – Certified Chief Information Security Officer

This course is offered by EC-Council. It requires many years of practical experience, passing a tough exam, and a commitment to continuing education.

CASP – CompTIA Advanced Security Professional

This is a new credential being offered by CompTIA. It requires 10 years of practical experience and passing an exam. It also requires continuing education.

CSSLP® – Certified Secure Software Lifecycle Professional

Offered by ISC2. It requires years of experience, passing an exam, and adherence to a code of ethics.

CCFP – Certified Cyber Forensics Professional

This is a new computer forensics credential being offered by ISC2. It requires years of experience, passing an exam, and adherence to a code of ethics.

CAP – Certified Authorization Professional

Offered by ISC2. It requires a minimum of two years of cumulative paid full-time work experience in one or more of the seven domains of the CAP CBK, passing an exam, and a commitment to continuing education and following a code of ethics.

HISPP – HealthCare Information Security and Privacy Practitioner

Offered by ISC2. It requires a minimum of two years of cumulative paid full-time work experience in one or more of the six domains of the HCISPP CBK with one of the two years of experience in the healthcare industry, passing an exam, and a commitment to continuing education and following a code of ethics.