
INFORMATION SECURITY CAREER ADVISOR
SearchSecurity.com guide to information security certifications
Ed Tittel and Kim Lindros 05.08.2008
Rating: -4.89- (out of 5)




|
For this update to our survey we added only one new vendor-neutral certification, the GIAC Certified Incident Manager, or GCIM. On the other side of the table, numerous items were deleted or removed. 12 full-blown vendor-neutral credentials were dropped for reasons that vary from no information available, to no visible signs of life, to a virus lurking on the program's home Web page. We can't take a security program seriously if its operator lets its website attempt to download viruses to its visitors. We also decided to drop individual Brainbench security exams, because they don't lead to certification in and of themselves, which drops the vendor-neutral count by another 5 items. We also did away with coverage of the GIAC certificate and specialist items to drop another 23 items. Thus, our total dropped item count for vendor-neutral certifications is 39. In addition, 11 vendor-specific credentials were dropped, for reasons that vary from cancellation of the program (Symantec), obsolescence of the platform (Windows Server 2000), lack of information available (Cisco IPS) or lack of substantial security content (NCTE and NCDE).
Of course, it's been a year since we last revisited this material, so it's not too surprising that there's been a lot of change. Although the overall numbers for credentials have dropped by a net of 50 (11 vendor-neutral, 5 Brainbench exams, 23 GIAC specialist items and 11 vendor-specific certifications), there are still many options available for interested IT professionals to ponder.
In fact, the sheer number of credentials can make navigating the security certification landscape a dizzying experience. Simply identifying the vast array of offerings can be time consuming and overwhelming -- never mind determining which certification best fits your situation. This SearchSecurity.com Guide to Infosec Certifications provides an overview of the myriad options, whether you're just embarking on a journey up the information security career la
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com

dder or wish to hone your skills in a specialized area. After you have perused the options available to you, visit our Security School for resources to help you prepare for the CISSP exam and expand your knowledge of information security practices. If you have feedback on how we can improve this Guide to Infosec Certifications, please let us know.
TABLE OF CONTENTS
[IMAGE] General security -- Basic
[IMAGE] General security -- Intermediate
[IMAGE] General security -- Advanced
[IMAGE] Forensics/antihacking -- Basic
[IMAGE] Forensics/antihacking -- Intermediate
[IMAGE] Forensics/antihacking -- Advanced
[IMAGE] Specialized
[IMAGE] Additional resources
[TABLE]Source: Global Information Assurance Certification
Security Certified Network Specialist (SCNS)
This entry-level security certification focuses on tactical perimeter defense -- firewalls, intrusion detection and router security. The SCNS is the starting point for individuals who want to attain the Security Certified Network Professional and Security Certified Network Architect certifications. (Please note that the SCNS and a revised version of the SCNP will be available some time during the second quarter of 2007.)
Source: Security Certified Program
Security+
This security certification focuses on important security fundamentals related to security concepts and theory, as well as best operational practices. In addition to functioning as a standalone exam for CompTIA, Microsoft accepts the Security+ as an alternative to one of the specialization exams for the MCSA and MCSE Security specializations, and Symantec accepts Security+ as part of the requirements for the Symantec Certified Technology Architect credential.
Source: CompTIA Security+ Certification Overview
SSCP -- Systems Security Certified Practitioner
The entry-level precursor to the ISC²'s CISSP, the SSCP exam covers seven of the 10 domains in the CISSP Common Body of Knowledge. The exam focuses more on operational and administrative issues relevant to information security and less on information policy design, risk assessment details and other business analysis skills that more germane to a senior IT security professional (and less so to a day-to-day security administrator, which is where the SSCP is really focused).
Source: (ISC)²
Wireless#
This entry-level certification recognizes individuals who have an essential understanding of leading wireless technologies such as Wi-Fi, Bluetooth, WiMAX, ZigBee, Infrared, RFID and VoWLAN. It also covers basic WLAN security issues and best related practices. To obtain this credential, candidates must pass one exam.
Source: Planet3 Wireless
[TABLE]Source: Global Information Assurance Certification
SCNP -- Security Certified Network Professional
This mid-level security certification focuses on strategic infrastructure security, including packet structure analysis, security policies, risk analysis, ethical hacking techniques, Internet security, cryptography, and hardening Linux and Windows systems. Individuals who attain this certification will be able to work as full-time IT security professionals with an operations focus. As of Q2 2007, the SCNS (described in the section on entry level certifications in this guide) is required as a pre-requisite for those pursuing this credential.
Source: Security Certified Program
SCNA -- Security Certified Network Architect
This is a mid- to senior-level security certification that focuses on concepts, planning and implementation of enterprise security topics, such as Private Key Infrastructure, biometric authentication and identification systems, digital certificates, cryptography and more. Individuals who attain this certification will be able to implement these technologies within organizations or as consultants to such organizations.
Source: Security Certified Program
[TABLE]Source: (ISC)²
ISSEP -- Information Systems Security Engineering Professional
The ISSEP permits CISSPs who work in areas related to national security to concentrate further in security engineering, in cooperation with the NSA. The ISSEP stresses the following elements of the CBK:
Source: (ISC)²
ISSMP -- Information Systems Security Management Professional
The ISSMP permits CISSPs to concentrate further in security management areas and stresses the following elements of the CBK:Source: (ISC)²
PSP -- Physical Security Professional
Another high-level security certification from ASIS, this program focuses on matters relevant to maintaining security and integrity of the premises, and access controls over the devices and components of an IT infrastructure. Key topics covered include physical security assessment, and selection and implementation of appropriate integrated physical security measures. Requirements include five years of experience in physical security, a high school diploma (or GED) and a clean criminal record.
Source: ASIS International: Physical Security Professional
QIAP -- Qualified Information Assurance Professional
Security University's QIAP certification combines coverage of key information security topics, tools and technologies with a hands-on, lab-oriented learning and testing program. To obtain QIAP certification, security professionals must complete three courses on topics such as:
Students must also take and pass three exams, one per course.
Source: Security University
QISP -- Qualified Information Security Professional
Security University's QISP certification combines coverage of key information security topics, tools and technologies with a hands-on, lab-oriented learning and testing program. SU offers QISP certification with four concentrations: analyst/penetration tester, Security hacker/defender, edge protection and forensics. To obtain QISP certification security professionals must complete five courses, depending on their concentration. Students must also take and pass a demanding exam.
Source: Security University
QSSE -- Qualified Software Security Expert
Security University's QSSE certification combines coverage of key software security topics, tools and technologies with a hands-on, lab-oriented learning and testing program. To obtain QSSE certification, security professionals must complete a software security bootcamp and six courses on topics such as:
Source: Security University
[TABLE]
[TABLE]In addition, candidates should have at least 18 months of experience performing forensic analysis of Windows FAT and NTFS file systems and writing forensic analysis reports. Candidates must have no criminal record.
Source: CyberSecurity Institute
ECSA -- EC-Council Certified Security Analyst
The ECSA identifies security professionals capable of using advanced methodologies, tools and techniques to analyze and interpret security tests. Candidates must pass a single exam to achieve certification. The EC-Council recommends that candidates take a five-day training course to prepare for the exam.
Source: EC-Council
GIAC -- Global Information Assurance Certification Program
This cert program seeks to identify individuals who can demonstrate knowledge of and the ability to manage and protect important information systems and networks. The SANS organization is well known for its timely, focused, and useful security information and certification program. A shining star on this landscape, the GIAC program aims at serious, full-time security professionals responsible for designing, implementing and maintaining a state-of-the-art security infrastructure that may include incident handling and emergency response team management. The program includes one mid-level forensics certification -- GIAC Certified Forensics Analyst (GCFA). Source: Global Information Assurance Certification
[TABLE]
[TABLE]
[TABLE] About the authors
Ed Tittel is a full-time freelance writer, trainer and consultant who's written more than 140 books including his latest Guide to TCP/IP third edition with lead author Laura Chappell. Ed has been active in the computing industry for more than 20 years as a software developer, manager, writer and trainer.
Kim Lindros has more than 20 years of experience in the computer industry, from technical support specialist to network administrator to book and course content manager. She has edited and developed more than 300 IT-related books and online courses, and co-authored two certification books and numerous online articles with Ed. Kim runs Gracie Editorial, a content development company.
 |

|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com. Register now
to start rating these tips. Log in if you are already a member.
|


');
// -->
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
 |
|
|
 |
|
 |