Your question about security certification is a good one, but the answer really depends on you.
A few years ago when the CISSP certification was 400 hundred strong, there was debate about whether or not it was needed. Today if you're out there competing for jobs, positions and/or advancement, there may be a need for a few initials after your name. If you're a consultant your clients might want you to have these initials. But overall it's up to you.
For 18 years I have been a security professional without a CISSP, because there was no need. However, now there is a need, so I am going to take the test. I have to compete with other security training companies, and although I know I don't need a cert to define my level of understanding, others now do.
Are there other certifications? Yes there are, and they are newer than CISSP. Some are hands-on (AIS) certifications from Security University. There are also online (GIAC) from The SANS Institute, and a few more that are not in the same league. Begin with the CISSP if you have the required four years of security work. If you do not have the four years, you can take hands-on training classes (Security University offers such classes.), and that will help you as you prepare for the CISSP test. But remember, what is recognized by most is the CISSP certification.
For more info on this topic, check out these SearchSecurity.com resources:
This was first published in July 2003