Information Security Certification Guide

This guide provides a comprehensive listing of available vendor-neutral information security certifications.

This Content Component encountered an error

By Ed Tittel and Kim Lindros

When it comes to information security, outsourcing is often an important means of acquiring necessary insight, talent and experience -- especially for small- to medium-sized businesses and organizations that may not have the internal resources necessary to develop such competencies in-house. This makes security services, including audits, remediation and ongoing security maintenance an important value-add for resellers, service providers and consultants alike. In this semi-annual survey of information security certifications, we examine those credentials that address information security from a vendor-neutral perspective. By establishing general credibility in information security for their holders, and by extension, for those organizations that employ certified professionals, these kinds of credentials enable out-of-house organizations to present themselves to their customers as competent, capable information security practitioners, ready to handle security assessments and policy, and to deliver on their customers' information security needs.

TABLE OF CONTENTS
   General security -- Basic
   General security -- Intermediate
   General security -- Advanced
   Forensics/antihacking -- Basic
   Forensics/antihacking -- Intermediate
   Forensics/antihacking -- Advanced
   Specialized
   Additional resources

  General security -- Basic  Return to Table of Contents
  • BISA -- Brainbench Information Security Administrator
    This Brainbench certification tests knowledge of networking and Internet security, including authorization, authentication, firewalls, encryption, disaster recovery and more.
    Source: Brainbench

  • BITSF -- Brainbench Information Technology Security Fundamentals
    This Brainbench certification tests basic knowledge of information security concepts, skills and best practices. Topics covered include:
    • Attack recognition, prevention and response
    • Content security
    • Database infrastructure protection
    • General concepts
    • Network infrastructure protection
    • Other applications security
    • Perimeter and Internet security
    • Security management systems and security technologies
    • Systems infrastructure security
    • Web security
    Source: Brainbench

  • GIAC -- Global Information Assurance Certification Program
    This program seeks to identify individuals who can demonstrate knowledge of and the ability to manage and protect important information systems and networks. The SANS organization is well known for its timely, focused and useful security information and certification program. A shining star on this landscape, the GIAC program aims at serious, full-time security professionals responsible for designing, implementing and maintaining a state-of-the-art security infrastructure that may include incident handling and emergency response team management. Available entry-level certifications include the following:
    • GIAC Certified ISO-17799 Specialist (G7799)
    • GIAC Information Security Fundamentals (GISF)
    • GIAC IT Security Audit Essentials (GSAE)
    • GIAC Operations Essentials Certification (GOEC)
    • GIAC Security Essentials Certification (GSEC)
    Source: Global Information Assurance Certification

  • ITAA Information Security Awareness
    This Brainbench certification tests knowledge of computer and Internet best practices, computer ethics and misuse, ID and data information theft, passwords, physical security, sensitive information and viruses and other harmful software. Candidates must pass one exam.
    Source: Brainbench

  • SCNP -- Security Certified Network Professional
    This entry- to mid-level security certification focuses on two primary topics: firewalls and intrusion detection. Related curriculum and exams cover network security fundamentals, and network defense and countermeasures. Individuals who attain this certification will be able to work as full-time IT security professionals with an operations focus.
    Source: Security Certified Program

  • Security+
    This security certification focuses on important security fundamentals related to security concepts and theory, as well as best operational practices. In addition to functioning as a standalone exam for CompTIA, Microsoft accepts the Security+ as an alternative to one of the specialization exams for the MCSA and MCSE Security specializations, and Symantec accepts Security+ as part of the requirements for the Symantec Certified Technology Architect credential.
    Source: CompTIA Security+ Certification Overview

  • SSCP -- Systems Security Certified Practitioner
    The entry-level precursor to the ISC²'s CISSP, the SSCP exam covers seven of the 10 domains in the CISSP Common Body of Knowledge. The exam focuses more on operational and administrative issues relevant to information security and less on information policy design, risk assessment details and other business analysis skills that more germane to a senior IT security professional (and less so to a day-to-day security administrator, which is where the SSCP is really focused).
    Source: (ISC)²

  • TICSA -- TruSecure ICSA Certified Security Associate
    TICSA demonstrates basic familiarity with vendor-neutral system- and network-security principles, practices and technologies. It is an entry-level security certification for network or system administrations and for those interested in climbing the first rung in a security certification ladder suitable for full-time IT security work.
    Source: TruSecure ICSA Practitioner Certification

  • Wireless#
    This entry-level certification recognizes individuals who have an essential understanding of leading wireless technologies such as Wi-Fi, Bluetooth, WiMAX, ZigBee, Infrared, RFID and VoWLAN. It also covers basic WLAN security issues and best related practices. To obtain this credential, candidates must pass one exam.
    Source: Planet3 Wireless

   General security -- Intermediate  Return to Table of Contents
  • BIS -- Brainbench Internet Security Certification
    The BIS seeks to identify individuals with a good working knowledge of Internet security practices, principles and technologies. It is aimed at full-time network or system administrators who must manage systems with Internet connections or access.
    Source: Brainbench

  • BNS -- Brainbench Network Security Certification
    The BNS seeks to identify individuals with a good working knowledge of network security practices, principles and technologies. This cert is aimed at full-time network administrators who must deal with external threats through boundary devices like routers, firewalls or intrusion detection systems, as well as more typical internal threats.
    Source: Brainbench

  • CAP – Certification and Accreditation Professional
    The CAP aims to identify individuals who can assess and manage the risks that security threats can pose within an organization, particularly in the government and enterprise sectors. This is a credential that deals with processes and practices, and works in tandem with emerging compliance requirements (Sarbanes-Oxley, HIPAA, and so forth) as well as emerging best industry governance standards (ITIL).
    Source: ISC²

  • CIW Security Analyst
    Individuals who take and pass the CIW-Security Professional (CIW-SP) exam, submit a completed CIW Certification Agreement, and hold one of the following certifications qualify as a CIW Security Analyst (CIW-SA):
    • Microsoft Certified Systems Administrator (MCSA)
    • Microsoft Certified Systems Engineer (MCSE) 4
    • Microsoft Certified Systems Engineer (MCSE) 2000
    • Certified Novell Engineer (CNE) 4
    • Certified Novell Engineer (CNE) 5
    • Cisco Certified Network Associate (CCNA)
    • Cisco Certified Network Professional (CCNP)
    • Cisco Certified Internetwork Expert (CCIE)
    • Linux Professional Institute (LPI) Level 2
    Individuals who hold this credential can carry out security policy, identify and handle security threats, and apply countermeasures using firewalls, intrusion detection and related systems. The program's Web focus also includes coverage of online payments, transaction processing and related security matters.
    Source: Prosoft Learning Corporation

  • CIW-SP -- CIW Security Professional
    The CIW-SP demonstrates knowledge of Web- and e-commerce-related security principles and practices. It is of primary interest to Web administrators who must implement and manage a secure and working Web presence that may also include e-commerce capabilities.
    Source: Prosoft Learning Corporation

  • CWSP -- Certified Wireless Security Professional
    This certification recognizes individuals who can design, implement and manage wireless LAN security. To obtain this credential, candidates must pass two exams.
    Source: Planet3 Wireless

  • EWSCP -- Enterprise and Web Security Certified Professional
    This certification recognizes systems administrators, managers and IT support personnel, among others, who are responsible for the security of enterprise-wide networks, VPNs and Web communications. To obtain this cert, candidates must attend three core courses and one elective course, and pass all associated exams.
    Source: Learning Tree International

  • GIAC -- Global Information Assurance Certification Program
    This cert program seeks to identify individuals who can demonstrate knowledge of and the ability to manage and protect important information systems and networks. The SANS organization is well known for its timely, focused and useful security information and certification program. A shining star on this landscape, the GIAC program aims at serious, full-time security professionals responsible for designing, implementing and maintaining a state-of-the-art security infrastructure that may include incident handling and emergency response team management. Available intermediate certifications include the following:
    • GIAC Assessing Wireless Networks (GAWN)
    • GIAC Certified Firewall Analyst (GCFW)
    • GIAC Certified Intrusion Analyst (GCIA)
    • GIAC Certified Security Consultant (GCSC)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Certified Windows Security Administrator (GCWN)
    • GIAC Certified UNIX Security Administrator (GCUX)
    • GIAC .NET (GNET)
    • GIAC Secure Internet Presence (GSIP)
    • GIAC Securing Oracle Certification (GSOC)
    • GIAC Security Leadership (GSLC)
    • GIAC Systems and Network Auditor (GSNA)
    Source: Global Information Assurance Certification

  • NSCP -- Network Security Certified Professional
    The NSCP demonstrates the ability to design and implement organizational security strategies, and secure the network perimeter and component systems. It is an intermediate-level IT security certification aimed at network or systems administrators with heavy security responsibilities or those who work full-time on IT security matters.
    Source: Learning Tree International

  • SCNA -- Security Certified Network Architect
    This is a mid- to senior-level security certification that focuses on concepts, planning and implementation of Private Key Infrastructure and biometric authentication and identification systems. Individuals who attain this certification will be able to implement either or both of these technologies within organizations or as consultants to such organizations.
    Source: Security Certified Program

  General security -- Advanced  Return to Table of Contents
  • AIS -- Advanced Information Security Certification
    Security University's AIS program combines coverage of key information security topics, tools and technologies with a hands-on, lab-oriented learning and testing program. To obtain AIS certification, security professionals must complete eight courses on topics such as:
    • Network penetration testing
    • Firewalls and VPNs
    • Virus analysis, patch management and incident response
    • Computer forensics
    • PKI
    • Intrusion detection
    • Network security policy
    • Architecture security
    Students must also take and pass a demanding exam.
    Source: Security University

  • CCISM -- Certified Counterespionage & Information Security Manager
    The purpose of CCISM is to prepare individuals to study potential sources of threat, defeat attacks and manage information security at an organizational level. CCISM is a management-level certification, where CCISMs generally manage, work with or consult IT organizations, technical specialists and other IT security professionals.
    Source: Espionage Research Institute

  • CERI-ACSS -- Advanced Computer System Security
    The CERI-ACSS seeks to identify law enforcement officials with advanced computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, three years of Microsoft platform analysis, one year of non-Microsoft platform analysis, 40 hours of approved training, a written exam and successful completion of hands-on exercises. (Note: because of its "double coverage" this item also appears in the Forensics/antihacking – Advanced section as well.)
    Source: Cyber Enforcement Resources Inc.

  • CISM -- Certified Information Security Manager
    The CISM demonstrates knowledge of information security for IT professionals responsible for handling security matters, issues and technologies. This cert is of primary interest to IT professionals responsible for managing IT systems, networks, policies, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization's security policy.
    Source: Information Systems Audit and Control Association

  • CISSP -- Certified Information Systems Security Professional
    The CISSP demonstrates knowledge of network and system security principles, safeguards and practices. It is of primary interest to full-time IT security professionals who work in internal security positions or who consult with third parties on security matters. CISSPs are capable of analyzing security requirements, auditing security practices and procedures, designing and implementing security policies, and managing and maintaining an ongoing and effective security infrastructure. CISSP candidates must have four years of experience (or a college degree plus three years of experience; a Master's Degree in Information Security counts toward one year of experience).
    Source: (ISC)²

  • CPTS -- Certified Penetration Testing Specialist
    An offering from Iowa-based training company, Mile2, this credential stresses currency on the latest exploits, vulnerabilities and system penetration techniques. It also focuses on business skills, identification of protection opportunities, testing justifications and optimization of security controls to meet business needs and control risks and exposures. The credential is structured around a five-day course that's backed up by the CPTS or Certified Ethical Hacker exam, both delivered by Prometric.
    Source: Mile2

  • CPP -- Certified Protection Professional
    The CPP demonstrates a thorough understanding of physical, human and information security principles and practices. The most senior and prestigious IT security professional certification covered in this article, the CPP requires extensive on-the-job experience (nine years or seven years with a college degree), as well as a profound knowledge of technical and procedural security topics and technologies. Only those who have worked with and around security for some time are able to qualify for this credential.
    Source: American Society for Industrial Security (ASIS)

  • CWPSS -- Certified Web Professional Security Specialist
    Obtaining this credential requires passing the CIW Security Professional exam and meeting additional work experience requirements. Please see the CIW-SP listing for more information.
    Source: International Webmasters' Association (IWA)

  • GIAC -- Global Information Assurance Certification Program
    This cert program seeks to identify individuals who can demonstrate knowledge of and the ability to manage and protect important information systems and networks. The SANS organization is well known for its timely, focused, and useful security information and certification program. A shining star on this landscape, the GIAC program aims at serious, full-time security professionals responsible for designing, implementing and maintaining a state-of-the-art security infrastructure that may include incident handling and emergency response team management. The GIAC Security Engineer (GSE) track is the senior-level certification. Candidates must complete three intermediate-level GIAC certifications (GSEC, GCIA and GCIH), earning GIAC Gold in at least two of them, and pass two proctored exams.
    Source: Global Information Assurance Certification

  • ISSAP -- Information Systems Security Architecture Professional
    The ISSAP permits CISSPs to concentrate further in information security architecture and stresses the following elements of the CBK:
    • Access control systems and methodologies
    • Telecommunications and network security
    • Cryptography
    • Requirements analysis and security standards, guidelines and criteria
    • Technology-related business continuity and disaster recovery planning (BCP and DRP)
    • Physical security integration
    Source: (ISC)²

  • ISSEP -- Information Systems Security Engineering Professional
    The ISSEP permits CISSPs who work in areas related to national security to concentrate further in security engineering, in cooperation with the NSA. The ISSEP stresses the following elements of the CBK:
    • Systems security engineering
    • Certification and accreditation
    • Technical management
    • U.S. government information assurance regulations
    Source: (ISC)²

  • ISSMP -- Information Systems Security Management Professional
    The ISSMP permits CISSPs to concentrate further in security management areas and stresses the following elements of the CBK:
    • Enterprise security management practices
    • Enterprise-wide system development security
    • Overseeing compliance of operations security
    • Understanding BCP, DRP and continuity of operations planning (COOP)
    • Law, investigations, forensics and ethics
    Source: (ISC)²

  • PSP -- Physical Security Professional
    Another high-level security certification from ASIS, this program focuses on matters relevant to maintaining security and integrity of the premises, and access controls over the devices and components of an IT infrastructure. Key topics covered include physical security assessment, and selection and implementation of appropriate integrated physical security measures. Requirements include five years of experience in physical security, a high school diploma (or GED) and a clean criminal record.
    Source: ASIS International: Physical Security Professional


  • SME – Global Knowledge Security Management Expert
    A high-level security certification from a well-known training company, this program bundles courses for the CISSP, CISA and security essentials into a single package. Individuals who earn this certificate will be able to design, develop and manage organization security policies, and make sure that audit and control practices are in keeping with best industry practices as well as applicable law and regulations.
    Source: Global Knowledge

   Forensics/antihacking -- Basic  Return to Table of Contents
  • BCF -- Computer Forensics (U.S.)
    The Computer Forensics (U.S.) certification is designed for experienced individuals who can analyze and collect evidence, recognize data types, follow proper examination procedures and initial analysis, use forensic tools, prepare for an investigation, and report findings.
    Source: Brainbench

  • CCCI -- Certified Computer Crime Investigator (Basic)
    The CCCI is one of four computer forensic certifications aimed at law enforcement and private IT professionals seeking to specialize in the investigative side of the field. Basic requirements include two years of experience (or a college degree, plus one year of experience), 18 months of investigative experience, 40 hours of computer crimes training and documented experience from at least 10 investigated cases.
    Source: High Tech Crime Network certifications

  • CCFT -- Certified Computer Forensic Technician (Basic)
    The CCFT is one of four computer forensic certifications aimed at law enforcement and private IT professionals seeking to specialize in the investigative side of the field. Basic requirements include three years of experience (or a college degree, plus one year of experience), 18 months of forensics experience, 40 hours of computer forensics training and documented experience from at least 10 investigated cases.
    Source: High Tech Crime Network certifications

  • CEECS -- Certified Electronic Evidence Collection Specialist Certification
    The CEECS identifies individuals who successfully complete the CEECS certification course. No prerequisites are required to attend the course, which covers the basics of evidence collection in addition to highly technical terminology, theories and techniques.
    Source: International Association of Computer Investigative Specialists

  • CERI-CFE -- Computer Forensic Examination
    The CERI-CFE seeks to identify law enforcement officials with basic computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, one year of Microsoft platform analysis, six months of non-Microsoft platform analysis, 40 hours of approved training, a written exam and successful completion of hands-on exercises.
    Source: Cyber Enforcement Resources Inc.

  • NSA -- EC-Council Network Security Administrator
    The NSA identifies individuals who can evaluate internal and external security threats against a network, and develop and implement security policies. One exam is required.
    Source: EC-Council

   Forensics/antihacking -- Intermediate  Return to Table of Contents
  • CCE -- Certified Computer Examiner
    The CCE, by the International Society of Forensic Computer Examiners, seeks to identify individuals with no criminal record who have appropriate computer forensics training or experience, including evidence gathering, handling and storage. In addition, candidates must pass an online examination and successfully perform a hands-on examination on three test media.
    Source: International Society of Forensic Computer Examiners

  • CEH -- Certified Ethical Hacker
    The CEH identifies security professionals capable of finding and detecting weaknesses and vulnerabilities in computer systems and networks by using the same tools and applying the same knowledge as a malicious hacker. Candidates must pass a single exam and prove knowledge of tools used both by hackers and security professionals.
    Source: EC-Council

  • CFCE -- Computer Forensic Computer Examiner
    The International Association of Computer Investigative Specialists (IACIS) offers this credential to law enforcement and private industry personnel alike. Candidates must have broad knowledge, training or experience in computer forensics, including forensic procedures and standards, as well as ethical, legal and privacy issues. Certification includes both hands-on performance-based testing as well as a written exam.
    Source: International Association of Computer Investigative Specialists

  • CHFI -- Computer Hacking Forensic Investigator
    The CHFI is geared toward personnel in law enforcement, defense, military, information technology, law, banking and insurance, among others. To obtain CHFI certification, a candidate needs to successfully complete one exam.
    Source: EC-Council

  • CIFI -- Certified Information Forensics Investigator
    Obtaining the credential of Certified Information Forensics Investigator requires adherence to a code of ethics, successful completion of a rigorous exam and fulfillment of specific experience requirements. Aimed at full-time professional practitioners, this certification is vendor-neutral and devoid of sponsored training requirements or the use or purchase of specific products.
    Source: International Information Systems Forensics Association

  • CNDA -- Certified Network Defense Architect
    The CNDA is geared toward IT personnel who act as penetration testers or legitimate hackers to test the strength and integrity of a network's defense. To obtain CNDA certification, a candidate needs to successfully complete one exam.
    Source: EC-Council

  • CSFA -- CyberSecurity Forensics Analyst
    The CSFA aims to identify individuals who are interested in information technology security issues, especially at the hardware level. Prerequisites include at least one certification in computer and software support, networking or security (such as CompTIA's A+, Microsoft's MCSA or MCSE, or SANS GSEC). In addition, candidates should complete computer forensics training on Windows FAT and NTFS file systems, have at least 18 months of experience performing forensic analysis of Windows FAT and NTFS file systems, and have experience writing forensic analysis reports. Candidates must have no criminal record.
    Source: CyberSecurity Institute

  • ECSA -- EC-Council Certified Security Analyst
    The ECSA identifies security professionals capable of using advanced methodologies, tools and techniques to analyze and interpret security tests. Candidates must pass a single exam to achieve certification. The EC-Council recommends that candidates take a five-day training course to prepare for the exam.
    Source: EC-Council

  • GIAC -- Global Information Assurance Certification Program
    This cert program seeks to identify individuals who can demonstrate knowledge of and the ability to manage and protect important information systems and networks. The SANS organization is well known for its timely, focused, and useful security information and certification program. A shining star on this landscape, the GIAC program aims at serious, full-time security professionals responsible for designing, implementing and maintaining a state-of-the-art security infrastructure that may include incident handling and emergency response team management. The program includes one mid-level forensics certification -- GIAC Certified Forensics Analyst (GCFA).
    Source: Global Information Assurance Certification

  Forensics/antihacking -- Advanced  Return to Table of Contents
  • C3C -- Certified Cyber-Crime Expert
    The C3C identifies computer forensics investigators, information technology and security personnel, law enforcement officials, lawyers and others, who must have the knowledge and tools to effectively collect, handle, process and preserve computer forensic evidence. The certification requires successful completion of the Computer Forensic and Cyber Investigation course, and a practical and written exam.
    Source: E-business Process Solutions

  • CCCI -- Certified Computer Crime Investigator (Advanced)
    The CCCI is one of four computer forensic certifications aimed at law enforcement and private IT professionals seeking to specialize in the investigative side of the field. Advanced requirements entail three years of experience (or a college degree, plus two years of experience), four years of investigations, 80 hours of training and involvement as a lead investigator in 20 cases, with involvement in over 60 cases overall.
    Source: High Tech Crime Network certifications

  • CCFT -- Certified Computer Forensic Technician (Advanced)
    The CCFT is one of four computer forensic certifications aimed at law enforcement and private IT professionals seeking to specialize in the investigative side of the field. Basic requirements include three years of experience (or a college degree, plus one year of experience), 18 months of forensics experience, 40 hours of computer forensics training and documented experience from at least 10 investigated cases. Advanced requirements entail three years of experience (or a college degree, plus two years of experience), four years of investigations, 80 hours of training and involvement as a lead investigator in 20 cases with involvement in over 60 cases overall.
    Source: High Tech Crime Network certifications

  • CERI-ACFE -- Advanced Computer Forensic Examination
    The CERI-ACFE seeks to identify law enforcement officials with advanced computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, four years of Microsoft platform analysis, two years of non-Microsoft platform analysis, 80 hours of approved training, a written exam and successful completion of hands-on exercises.
    Source: Cyber Enforcement Resources Inc.

  • CERI-ACSS -- Advanced Computer System Security
    The CERI-ACSS seeks to identify law enforcement officials with advanced computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, three years of Microsoft platform analysis, one year of non-Microsoft platform analysis, 40 hours of approved training, a written exam and successful completion of hands-on exercises. (Note: because of double coverage, this item is also listed under the General Security – Advanced section as well.)
    Source: Cyber Enforcement Resources Inc.

  • LPT -- Licensed Penetration Tester
    The LPT identifies security professionals who can thoroughly analyze the security of a network and recommend appropriate corrective measures. An LPT must adhere to a strict code of ethics, best practices and appropriate compliance requirements while performing penetration tests. Prerequisites include EC-Council's CEH and ECSA certifications, and candidates must submit an LPT application, endorsement by a sponsoring agency, proof of a clean background check, detailed resume and an agreement to abide by a code of ethics. In addition, candidates must attend a three-day LPT training program through an EC-Council accredited training center.
    Source: EC-Council

  • PCI -- Professional Certified Investigator
    This is a high-level certification from the American Society for Industrial Security (ASIS is also home to the CPP and PSP certifications) for those who specialize in investigating potential cybercrimes. Thus, in addition to technical skills, this certification concentrates on testing individuals' knowledge of legal and evidentiary matters required to present investigations in a court of law, including case management, evidence collection and case presentation. This cert requires five years of investigation experience, with at least two years in case management (a bachelor's degree or higher counts for up to two years of such experience) and a clean legal record for candidates.
    Source: ASIS International

  Specialized  Return to Table of Contents
  • Brainbench HIPAA (Security)
    The Brainbench HIPAA (Security) cert deals with topics and requirements that drive the Health Insurance Portability and Accountability Act (HIPAA) of 1996, to help IT professionals understand and implement related information handling and processing requirements.
    Source: Brainbench

  • CCSA -- Certification in Control Self-Assessment
    The CCSA demonstrates knowledge of internal control self-assessment procedures, primarily aimed at financial and records controls. This cert is of primary interest to those professionals who must evaluate IT infrastructures for possible threats to financial integrity, legal requirements for confidentiality and regulatory requirements for privacy.
    Source: Institute of Internal Auditors

  • CFE -- Certified Fraud Examiner
    The CFE demonstrates ability to detect financial fraud and other white-collar crimes. This cert is of primary interest to full-time security professionals in law, law enforcement or those who work in organization with legal mandates to audit for possible fraudulent or illegal transactions and activities (such as banking, securities trading or classified operations).
    Source: Association of Certified Fraud Examiners

  • CFSA -- Certified Financial Services Auditor
    The CFSA identifies professional auditors with thorough knowledge of auditing principles and practices in the banking, insurance and securities financial services industries. Candidates must have a four-year degree or a two-year degree with three years of experience in a financial services environment, submit a character reference and show proof of at least two years of appropriate auditing experience. To obtain this certification, candidates must pass one exam.
    Source: The Institute of Internal Auditors

  • CGAP -- Certified Government Auditing Professional
    The CGAP identifies public-sector internal auditors who focus on fund accounting, grants, legislative oversight and confidentiality rights, among other facets of internal auditing. Candidates must have an appropriate four-year degree or a two-year degree with five years of experience in a public-sector environment, submit a character reference and show proof of at least two years of direct government auditing experience. To obtain this certification, candidates must pass one exam.
    Source: The Institute of Internal Auditors

  • CIA -- Certified Internal Auditor
    The CIA cert demonstrates knowledge of professional financial auditing practices. The cert is of primary interest to financial professionals responsible for auditing IT practices and procedures, as well as standard accounting practices and procedures to insure the integrity and correctness of financial records, transaction logs and other records relevant to commercial activities.
    Source: Institute of Internal Auditors

  • CISA -- Certified Information Systems Auditor
    The CISA demonstrates knowledge of IS auditing for control and security purposes. This cert is of primary interest to IT security professionals responsible for auditing IT systems, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization's security policy.
    Source: Information Systems Audit and Control Association

  • CSAD -- Certified Secure Application Developer
    The CSAD identifies application developers who follow best practices while developing stable applications for a variety of platforms, including those offered by IBM, Microsoft, Oracle or Sun, and Linux-based apps. Candidates must achieve EC-Council Certified Secure Programmer (ECSP) certification and show proof of an application development certification such as LPI, RHCE, MCAD, SCEA or Websphere, among others.
    Source: EC-Council

  • ECSP -- EC-Council Certified Secure Programmer
    The ECSP identifies programmers who can design and build relatively bug-free, stable Windows- and Web-based applications with the .NET/Java Framework, greatly reducing exploitation by hackers and the incorporation of malicious code. Candidates must attend a Writing Secure Code training course and pass a single exam.
    Source: EC-Council

  • GIAC -- Global Information Assurance Certification Program
    This cert program seeks to identify individuals who can demonstrate knowledge of and the ability to manage and protect important information systems and networks. The SANS organization is well known for its timely, focused, and useful security information and certification program. A shining star on this landscape, the GIAC program aims at serious, full-time security professionals responsible for designing, implementing and maintaining a state-of-the-art security infrastructure that may include incident handling and emergency response team management. Available certificates, which indicate successful completion of a relatively short but highly focused course, include the following:
    • GIAC Auditing Cisco Routers - The Gold Standard (GGSC-0400)
    • GIAC Auditing Wireless Networking (GAWN-C)
    • GIAC Business Law and Computer Security (GBLC)
    • GIAC Contracting for Data Security (GCDS)
    • GIAC Critical Infrastructure Protection (GCIP)
    • GIAC Cutting Edge Hacking Techniques (GHTQ)
    • GIAC Ethics in IT (GEIT)
    • GIAC E-Warfare (GEWF)
    • GIAC Fundamentals of Information Security Policy (GFSP)
    • GIAC HIPAA Security Implementation (GHSC)
    • GIAC Intrusion Prevention (GIPS)
    • GIAC Law of Fraud (GLFR)
    • GIAC Legal Issues in Information Technologies (GLIT)
    • GIAC Payment Card Industry (GPCI)
    • GIAC Reverse Engineering Malware (GREM)
    • GIAC Security Policy and Awareness (GSPA)
    • GIAC Securing Solaris - The Gold Standard (GGSC-0200)
    • GIAC Web Application Security (GWAS)
    • GIAC Securing Windows 2000 - The Gold Standard (GGSC-0100)
    • Stay Sharp Program - Computer and Network Security Awareness (SSP-CNSA)
    • Stay Sharp Program - Defeating Rogue Access Points (SSP-DRAP)
    • Stay Sharp Program - Google Hacking and Defense (SSP-GHD)
    • Stay Sharp Program - Mastering Packet Analysis (SSP-MPA)
    Source: Global Information Assurance Certification

  • Security5
    Security5 certification identifies non-IT office workers and home users who understand Internet security terminology, know how to use defense programs such as antivirus and antispyware applications, can implement basic operating system security and follow safe Web and e-mail practices. Candidates must attend a two-day course and pass one exam.
    Source: EC-Council


  Additional resources  Return to Table of Contents

About the authors
Ed Tittel is a full-time freelance writer, trainer and consultant, who's written more than 100 books, including his latest, The PC Magazine Guide to Spyware, Viruses and Malware. Ed has been active in the computing industry for more than 20 years as a software developer, manager, writer and trainer.

Kim Lindros has more than 15 years of experience in the computer industry, from technical support specialist to network administrator to book and course content manager. She has edited and developed more than 150 IT-related books and online courses, and co-authored two certification books and numerous online articles with Ed. Kim runs Gracie Editorial, a content development company.

This was first published in September 2006

Dig deeper on Information Security Training and Certification

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close