On the security certification path: Vendor-neutral certifications guide

On the security certification path: Vendor-neutral certifications guide

Ed Tittel and Kim Lindros, Contributors

For this update to our IT security certifications guide we made several changes. The following table shows our reporting by the numbers for the previous May 2008 edition and this, the October 2010 edition. The overall numbers for vendor-neutral information

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

security certifications have jumped just more than 10% (overall we’ve added nine credentials to our list). The next paragraph of text adds some commentary as to what was added and what was dropped.

Counts May’08 Oct’10
General

41

45
  Basic

10

12
  Intermediate

17

16
  Advanced

14

17
Forensics & anti-hacking

21

24
  Basic

6

9
  Intermediate

8

8
  Advanced

7

7
Specialized

8

10

TOTALS

70

79

Since the last revision of this material, there's been a lot of change. We decided to drop the Security Certified Professional (SCP) program because we couldn’t find evidence that it is taken seriously in the industry; we also removed numerous Brainbench credentials because they don’t seem to make much difference to anyone but the employers who asked their job candidates to take them. We also backed out the MCSA and MCSE security certs, not because they’re invalid (they haven’t hit that status yet) but because they apply only to Windows Server 2003 at their most current and are otherwise obsolete. With another version of Windows Server due in 2012, the MCSA and MCSE will not be relevant much longer, either.

As usual, there’s been considerable volatility in the SANS Global Information Assurance Certification (GIAC) program: Half of their credentials from the previous survey are gone, but have been replaced by a nearly equal number of new credentials. If you want a single-factor explanation for the slight increase in the number of certifications overall, you’ll find that the EC-Council (the organization behind the Certified Ethical Hacker, or CEH, and lots of other anti-hacking credentials) have more than doubled their total number of certs since mid-2008.

In fact, the sheer number of credentials can make navigating the security certification landscape a dizzying experience. Simply identifying and differentiating among the vast array of offerings can be time consuming and overwhelming, never mind determining which certification best fits your needs. This SearchSecurity.com guide to information security certifications provides a comprehensive overview of the myriad of information security certification options. It’s intended for anyone looking to get on a information security certification path, whether you're embarking on a journey up the information security career ladder or already have security experience and wish to hone your skills in a specialized area.

After you have perused the options available to you, visit our Security School for resources to help you prepare for the CISSP exam and expand your knowledge of information security practices. If you have feedback on how we can improve this guide to information security certifications, please let us know.

TABLE OF CONTENTS
   General security -- Basic
   General security -- Intermediate
   General security -- Advanced
   Forensics/antihacking -- Basic
   Forensics/antihacking -- Intermediate
   Forensics/antihacking -- Advanced
   Specialized
   Additional resources

 


General security -- Basic
Return to Table of Contents

  • Brainbench Basic Security Certifications
    Brainbench offers several basic-level security certifications, each requiring the candidate to pass one exam. Examples of these certifications include:
    • BFAC – Brainbench Firewall Administration Concepts
    • BIS – Brainbench Internet Security
    • BMS – Brainbench Microsoft Security
    • BNS – Brainbench Network Security
    Source: Brainbench

  • Certified Information Systems Security Officer (CISSO)
    This credential from Iowa-based training company mile2 recognizes individuals who can apply risk analysis and mitigation techniques, application security, secure networks and operations, and plan for business continuity and disaster recovery. A CISSO can assess an IT infrastructure for today's threats and risks, and design a security program to mitigate those risks.
    Source: mile2 Certified Information Systems Security Officer Overview (pdf)

  • GIAC -- Global Information Assurance Certification Program
    This program seeks to identify individuals who can demonstrate both knowledge of and the ability to manage and protect important information systems and networks. The SANS organization is well known for its timely, focused and useful security information and certification programs. A shining star on this landscape, the GIAC program aims at serious, full-time security professionals responsible for designing, implementing and maintaining a state-of-the-art security infrastructure, which may include incident handling and emergency response team management. Available entry-level certifications include the following:
    • GIAC Information Security Fundamentals (GISF)
    • GIAC Security Essentials Certification (GSEC)
    • GIAC Information Security Professional (GISP)
    • GIAC Certified ISO-17799 Specialist (G7799)
    • GIAC Certified Forensic Examiner (GCFE)
    Source: Global Information Assurance Certification and GIAC Certifications Roadmap

  • Security+
    This security certification focuses on important security fundamentals related to security concepts and theory, as well as best operational practices. In addition to functioning as a standalone exam for CompTIA, Security+ is part of the requirements for the IBM Certified Advanced Deployment Professional - IBM Service Management Security and Compliance V2 credential.
    Source: CompTIA Security+ Certification Overview

  • SSCP -- Systems Security Certified Practitioner
    The entry-level precursor to (ISC)2's CISSP, the SSCP exam covers seven of the 10 domains in the CISSP Common Body of Knowledge (CBK). The exam focuses more on network and administration aspects of information security that are more germane to the duties of a day-to-day security administrator than on the issues of information policy implementation, architecture design and application development security that senior IT security professionals are more likely to handle. Candidates must have at least one year of experience in one or more of the seven domains of the SSCP CBK. (ISC)2 offers the Associate of (ISC)2 credential for candidates who pass the SSCP exam but do not yet meet the experience requirement.
    Source: (ISC)2
     

General security -- Intermediate
Return to Table of Contents

  • BISA -- Brainbench Information Security Administrator
    This certification tests knowledge of networking and Internet security, including authorization, authentication, firewalls, encryption, disaster recovery and more. Candidates must pass eight exams.
    Source: Brainbench

  • CAP – Certified Authorization Professional
    The CAP aims to identify individuals who can assess and manage the risks that security threats may pose within an organization, particularly in the government and enterprise sectors. This is a credential that deals with processes and practices, and works in tandem with emerging compliance requirements (Sarbanes-Oxley and HIPAA, among others) as well as emerging best industry governance standards (Information Technology Infrastructure Library, or ITIL).
    Source: ISC²

  • CSSLP -- Certified Secure Software Lifecycle Professional
    The CSSLP recognizes individuals who specialize in software security throughout the lifecycle, from conceptualization through design, during coding and testing, and finally deployment. Candidates must have at least four years of direct experience in the software development lifecycle (SDLC), agree to adhere to a code of ethics, answer questions regarding criminal history and background and pass one exam.
    Source: ISC²

  • CWSP -- Certified Wireless Security Professional
    This certification recognizes individuals who can design, implement and manage wireless LAN security. To obtain this credential, candidates must pass two exams.
    Source: CWNP

  • GIAC -- Global Information Assurance Certification Program
    This SANS cert program (described previously in this article) seeks to identify individuals who can demonstrate both knowledge of and the ability to manage and protect important information systems and networks. Available intermediate certifications include the following:
      • GIAC Certified Firewall Analyst (GCFW)
      • GIAC Certified Intrusion Analyst (GCIA)
      • GIAC Certified Incident Handler (GCIH)
      • GIAC Certified UNIX Security Administrator (GCUX)
      • GIAC Certified Windows Security Administrator (GCWN)
      • GIAC Certified Enterprise Defender (GCED)
      • GIAC Certified Penetration Tester (GPEN)
      • GIAC Web Application Penetration Tester (GWAPT)
      • GIAC Security Leadership (GSLC)
      • GIAC Certified Project Manager (GCPM)
      • GIAC Legal Issues (GLEG)
      • GIAC Systems and Network Auditor (GSNA)
  • Source: Global Information Assurance Certification and GIAC Certifications Roadmap
  •  

General security -- Advanced
Return to Table of Contents

  • CERI-ACSS -- Advanced Computer System Security
    The CERI-ACSS seeks to identify law enforcement officials with advanced computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, three years of Microsoft platform analysis, one year of non-Microsoft platform analysis, 40 hours of approved training, a written exam and successful completion of hands-on exercises. (Note: because of its "double coverage" this item also appears in the Forensics/antihacking – Advanced section as well.)
    Source: Cyber Enforcement Resources Inc.
  • CISM -- Certified Information Security Manager
    The CISM demonstrates knowledge of information security for IT professionals responsible for handling security matters, issues and technologies. This cert is of primary interest to IT professionals responsible for managing IT systems, networks, policies, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization's security policy.
    Source: Information Systems Audit and Control Association
  • CISSP -- Certified Information Systems Security Professional
    The CISSP demonstrates knowledge of network and system security principles, safeguards and practices. It is of primary interest to full-time IT security professionals who work in internal security positions or who consult with third parties on security matters. CISSPs are capable of analyzing security requirements, auditing security practices and procedures, designing and implementing security policies, and managing and maintaining an ongoing and effective security infrastructure. CISSP candidates must have five years of experience in two or more of the ten domains of the CISSP CBK (or a college degree plus four years of experience; an approved (ISC)2 credential counts toward one year of experience). (ISC)2 offers the Associate of (ISC)2 credential for candidates who pass the CISSP exam but do not yet meet the experience requirement.
    Source: (ISC)²
  • CPP -- Certified Protection Professional
    The CPP demonstrates a thorough understanding of physical, human and information security principles and practices. The most senior and prestigious IT security professional certification covered in this article, the CPP requires extensive on-the-job experience (nine years or seven years with a college degree), as well as a profound knowledge of technical and procedural security topics and technologies. Only those who have worked with and around security for a lengthy portion of their careers are able to qualify for this credential.
    Source: American Society for Industrial Security (ASIS)
  • CPTEngineer -- Certified Pen Testing Engineer
    An offering from mile2, this credential stresses currency on the latest exploits, vulnerabilities and system penetration techniques. It also focuses on business skills, identification of protection opportunities, testing justifications and optimization of security controls to meet business needs and control risks and exposures. The credential is structured around a five-day course that's backed up by the CPTEngineer exam, delivered online by mile2.
    Source: mile2
  • GIAC -- Global Information Assurance Certification Program
    This SANS cert program (described previously in this article) seeks to identify individuals who can demonstrate both their knowledge of and ability to manage and protect important information systems and networks. Advanced-level to highly advanced-level certifications include the following:
    • GIAC Assessing Wireless Networks (GAWN)
    • GIAC Reverse Engineering Malware (GREM)
    • GIAC Secure Software Programmer .NET (GSSP-NET)
    • GIAC Secure Software Programmer Java (GSSP-JAVA) (Formerly an intermediate credential, which we've decided to upgrade to an advanced level, the GSSP-JAVA requires extensive programming knowledge and experience.)
    • The GIAC Security Engineer (GSE) track is the most senior-level certification in that program. To qualify for this certification candidates must complete three intermediate-level GIAC certifications (such as GSEC, GCIA and GCIH), earning GIAC Gold in at least two of them, and pass a proctored exam that’s given in two parts.
      GIAC Roadmap Source: Global Information Assurance Certification
      GSE Source: Global Information Assurance Certification
  • ISSAP -- Information Systems Security Architecture Professional
    The ISSAP permits CISSPs to concentrate further in information security architecture and stresses the following elements of the CBK:
    • Access control systems and methodologies.
    • Communications and network security.
    • Cryptography.
    • Security architecture analysis.
    • Technology-related business continuity and disaster recovery planning (BCP and DRP).
    • Physical security considerations.

Source: (ISC)2

  • ISSEP -- Information Systems Security Engineering Professional
    The ISSEP permits CISSPs who work in areas related to national security to concentrate further in security engineering, in cooperation with the U.S. National Security Agency (NSA). The ISSEP stresses the following elements of the CBK:
    • Systems security engineering
    • Certification and accreditation (C&A)
    • Technical management
    • U.S. government information assurance governance


Source: (ISC)2

  • ISSMP -- Information Systems Security Management Professional
    The ISSMP permits CISSPs to concentrate further in security management areas and stresses the following elements of the CBK:
    • Enterprise security management practices.
    • Enterprise-wide system development security.
    • Overseeing compliance of operations security.
    • Understanding BCP and DRP, and continuity of operations planning (COOP).
    • Law, investigations, forensics and ethics.
    Source: (ISC)2

  • PSP -- Physical Security Professional
    Another high-level security certification from ASIS, this program focuses on matters relevant to maintaining security and integrity of the premises, and access controls over the devices and components of an IT infrastructure. Key topics covered include physical security assessment, and selection and implementation of appropriate integrated physical security measures. Requirements include five years of experience in physical security, a high school diploma (or GED) and a clean criminal record.
    Source: ASIS International: Physical Security Professional
  • QIAP -- Qualified Information Assurance Professional
    Security University's QIAP certification combines coverage of key information security topics, tools and technologies with a hands-on, lab-oriented learning and testing program. To obtain QIAP certification, security professionals must complete three courses on topics such as:
    • Access, authentication and public key infrastructure (PKI)
    • Network security policy and security-oriented architecture
    • Certification and accreditation
    Students must also take and pass three exams, one per course.
    Source: Security University

  • QISP -- Qualified Information Security Professional
    Security University's QISP certification combines coverage of key information security topics, tools and technologies with a hands-on, lab-oriented learning and testing program. SU offers QISP certification with four concentrations: analyst/penetration tester, ethical hacker, forensics and network protection. To obtain QISP certification, security professionals must complete four courses, depending on their concentration. Students must also take and pass a demanding exam.
    Source: Security University

  • QSSE -- Qualified Software Security Expert
    Security University's QSSE certification combines coverage of key software security topics, tools and technologies with a hands-on, lab-oriented learning and testing program. To obtain QSSE certification, security professionals must complete a software security bootcamp and seven courses on topics such as:
    • Penetration testing
    • Breaking and fixing Web applications
    • Breaking and fixing software
    • Secure software programming
    • Software security ethical hacking
    • Software security testing best practices
    • Reverse engineering

Source: Security University

 

Forensics/Antihacking -- Basic
Return to Table of Contents

  • BCF -- Computer Forensics (U.S.)
    The Computer Forensics (U.S.) certification is designed for experienced individuals who can analyze and collect evidence, recognize data types, follow proper examination procedures and initial analysis, use forensic tools, prepare for an investigation and report findings.
    Source: Brainbench

  • CCCI -- Certified Computer Crime Investigator (Basic)
    The CCCI is one of four computer forensic certifications aimed at law enforcement and private-sector IT professionals seeking to specialize in the investigative side of the field. Basic requirements include three years of experience (law enforcement or corporate), 40 hours of computer crimes training and documented experience from at least 10 investigated cases.
    Source: High Tech Crime Network certifications

  • CCFT -- Certified Computer Forensic Technician (Basic)
    The CCFT is one of four computer forensic certifications aimed at law enforcement and private IT professionals seeking to specialize in the investigative side of the field. Basic requirements include three years of experience (law enforcement or corporate), 40 hours of computer forensics training and documented experience from at least 10 investigated cases.
    Source: High Tech Crime Network certifications

  • CERI-CFE -- Computer Forensic Examination
    The CERI-CFE seeks to identify law enforcement officials with basic computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, one year of Microsoft platform analysis, six months of non-Microsoft platform analysis, 40 hours of approved training, a written exam and successful completion of hands-on exercises.
    Source: Cyber Enforcement Resources Inc.

  • ECIH -- EC-Council Certified Incident Handler
    The ECIH is geared toward incident handlers, risk assessment administrators, penetration testers, cyberforensic investigators, vulnerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers and IT professionals, among others. To obtain ECIH certification, a candidate needs to complete a two-day course and pass one exam.
    Source: EC-Council

  • ECSS -- EC-Council Certified Security Specialist
    The ECSS identifies individuals with fundamental security skills in information security, network security and computer forensics. To obtain ECSS certification, a candidate needs to complete a two-day course and pass one exam.
    Source: EC-Council

  • ECVP -- EC-Council Certified VoIP Professional
    The ECVP identifies individuals with experience in VoIP technologies concepts, implementation, deployment and security. To obtain ECVP certification, a candidate needs to pass one exam.
    Source: EC-Council

  • EDRP -- EC-Council Certified Disaster Recovery Professional
    The EDRP identifies individuals with experience developing disaster recovery plans in an enterprise environment. This includes creating a secure network by implementing appropriate policies and procedures, and restoring a network in the event of a disaster. To obtain EDRP certification, a candidate must take a two-day course and pass one exam.
    Source: EC-Council

  • NSA -- EC-Council Network Security Administrator
    The NSA identifies individuals who can evaluate internal and external security threats against a network, and develop and implement security policies. One exam is required.
    Source: EC-Council

 

Forensics/Antihacking -- Intermediate
Return to Table of Contents

  • CCE -- Certified Computer Examiner
    The CCE, by the International Society of Forensic Computer Examiners, seeks to identify individuals with no criminal record who have appropriate computer forensics training or experience, including evidence gathering, handling and storage. In addition, candidates must attend authorized training, have 18 months of experience conducting digital forensic examinations, have documented self study in digital forensics deemed appropriate by the Certification Board, pass an online examination and successfully perform a hands-on examination.
    Source:  International Society of Forensic Computer Examiners

  • CEH -- Certified Ethical Hacker
    The CEH identifies security professionals capable of finding and detecting weaknesses and vulnerabilities in computer systems and networks by using the same tools and applying the same knowledge as a malicious hacker. Candidates must pass a single exam, and take approved training or complete an eligibility form.
    Source: EC-Council

  • CFCE -- Computer Forensic Computer Examiner
    The International Association of Computer Investigative Specialists (IACIS) offers this credential to law enforcement and private industry personnel alike. Candidates must have broad knowledge, training or experience in computer forensics, including forensic procedures and standards, as well as ethical, legal and privacy issues. Certification requires an intensive peer review, hands-on performance-based testing, as well as a written exam.
    Source: International Association of Computer Investigative Specialists

  • CHFI -- Computer Hacking Forensic Investigator
    The CHFI is geared toward personnel in law enforcement, defense, military, information technology, law, banking and insurance, among others. To obtain CHFI certification, a candidate needs to successfully complete one exam.
    Source: EC-Council

  • CNDA -- Certified Network Defense Architect
    The CNDA is geared toward IT personnel who act as penetration testers or legitimate hackers to test the strength and integrity of a network's defense. The CNDA exam is identical to the CEH exam; however, the CNDA program was designed for U.S. government agencies. To obtain CNDA certification, a candidate needs to successfully complete one exam and be employed by the U.S. government.
    Source: EC-Council

  • CSFA -- CyberSecurity Forensic Analyst
    The CSFA aims to identify individuals who can perform a comprehensive and sound forensic examination of a computer system and other digital/electronic devices within a limited time frame. Suggested prerequisites include attendance of the CyberSecurity Institute's Computer Forensics Core Competencies course and/or at least one of the following certifications:
    • AccessData Certified Examiner (ACE)
    • Certified Forensic Computer Examiner (CFCE)
    • Certified Computer Examiner (CCE)
    • Computer Hacking Forensic Investigator (CHFI)
    • EnCase Certified Examiner (EnCE)
    • GIAC Certified Forensics Analyst (GCFA)
    In addition, candidates should have at least two years of experience performing forensic analysis of Windows FAT and NTFS file systems and writing forensic analysis reports. Candidates must have no criminal record.
    Source: CyberSecurity Institute

  • ECSA -- EC-Council Certified Security Analyst
    The ECSA identifies security professionals capable of using advanced methodologies, tools and techniques to analyze and interpret security tests. Candidates must pass a single exam to achieve the certification. The EC-Council recommends that candidates take a five-day training course to prepare for the exam.
    Source: EC-Council

  • GIAC -- Global Information Assurance Certification Program
    This SANS cert program (described previously in this article) seeks to identify individuals who can demonstrate their knowledge of and ability to manage and protect important information systems and networks. The program includes one mid-level forensics certification -- GIAC Certified Forensics Analyst (GCFA). Candidates must pass one proctored exam.
    Source: Global Information Assurance Certification

 

Forensics/Antihacking -- Advanced
Return to Table of Contents

  • CCCI -- Certified Computer Crime Investigator (Advanced)
    The CCCI is one of four computer forensic certifications aimed at law enforcement and private IT professionals seeking to specialize in the investigative side of the field. Advanced requirements entail five years of experience (law enforcement or corporate), 80 hours of training, involvement as a lead investigator in 20 cases with involvement in over 60 cases overall and documented experience from at least 15 investigated cases.
    Source: High Tech Crime Network certifications

  • CCFT -- Certified Computer Forensic Technician (Advanced)
    The CCFT is one of four computer forensic certifications aimed at law enforcement and private IT professionals seeking to specialize in the investigative side of the field. Basic requirements include five years of experience (or a college degree, plus one year of experience), 80 hours of computer forensics training, involvement as a lead investigator in 20 cases with involvement in over 60 cases overall and documented experience from at least 15 investigated cases.
    Source: High Tech Crime Network certifications

  • CERI-ACFE -- Advanced Computer Forensic Examination
    The CERI-ACFE seeks to identify law enforcement officials with advanced computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, four years of Microsoft platform analysis, two years of non-Microsoft platform analysis, 80 hours of approved training, a written exam and successful completion of hands-on exercises.
    Source: Cyber Enforcement Resources Inc.

  • CERI-ACSS -- Advanced Computer System Security
    The CERI-ACSS seeks to identify law enforcement officials with advanced computer crime investigation experience and training. Requirements include two years of computer investigation/debugging, three years of Microsoft platform analysis, one year of non-Microsoft platform analysis, 40 hours of approved training, a written exam and successful completion of hands-on exercises. (Note: Because of double coverage, this item is also listed under the General Security – Advanced section as well.)
    Source: Cyber Enforcement Resources Inc.

  • CPTConsultant -- Certified Pen Testing Consultant
    This credential stresses currency on the latest exploits, vulnerabilities and system penetration techniques. It also focuses on business skills, identification of protection opportunities, testing justifications and optimization of security controls to meet business needs and control risks and exposures. The CPTC covers many of the same topics as the lower level CPTE certification but in much more depth and breadth. The CPTConsultant credential is structured around a five-day course that's backed up by the CPTConsultant exam, delivered online by mile2.
    Source: Mile2

  • LPT -- Licensed Penetration Tester
    The LPT identifies security professionals who can thoroughly analyze a network, identify where and how it could be potentially penetrated and recommend appropriate corrective measures. An LPT must adhere to a strict code of ethics, best practices and appropriate compliance requirements while performing penetration tests. Prerequisites include EC-Council's CEH and ECSA certifications, a valid EC-Council Continuing Education account, submission of the LPT application, proof of a clean background check, detailed resume, an agreement to abide by a code of ethics and payment of a license fee.
    Source: EC-Council

  • PCI -- Professional Certified Investigator
    This is a high-level certification from the American Society for Industrial Security (ASIS is also home to the CPP and PSP certifications) for those who specialize in investigating potential cybercrimes. Thus, in addition to technical skills, this certification concentrates on testing individuals' knowledge of legal and evidentiary matters required to present investigations in a court of law, including case management, evidence collection and case presentation. This cert requires five years of investigation experience, with at least two years in case management, a high school diploma (or GED) and a clean criminal record.
    Source: ASIS International

 

Specialized
Return to Table of Contents

  • CCSA -- Certification in Control Self-Assessment
    The CCSA demonstrates knowledge of internal control self-assessment procedures, primarily aimed at financial and records controls. This cert is of primary interest to those professionals who must evaluate IT infrastructures for possible threats to financial integrity, legal requirements for confidentiality, and regulatory requirements for privacy. Candidates must have a four-year college degree or a two-year college degree with one year of control-related business experience, such as CSA, auditing, quality assurance, risk management or environmental auditing. In addition, CCSA candidates must obtain seven hours of acceptable facilitation experience or at least 14 hours of acceptable facilitation training, and submit a character reference. To obtain this certification, candidates must pass an exam.
    Source: Institute of Internal Auditors

  • CSAD -- Certified Secure Application Developer
    The EC-Council CSAD identifies application developers who incorporate best practices and are experienced experts in various domains. Candidates must pass a single exam and hold at least one of the following certifications:
    • Linux: LCE / LCA / RHCE / LPI certification
    • Microsoft: MCAD / MCSD / MCTS / MCPD certification
    • Technology Specialist: .NET Framework 2.0 Web Applications
    • Technology Specialist: .NET Framework 2.0 Windows Applications
    • Technology Specialist: .NET Framework 2.0 Distributed Applications
    • Professional Developer: Web Developer
    • Professional Developer: Windows Developer
    • Professional Developer: Enterprise Applications Developer
    • Sun: SCJD / SCEA certification
    • Oracle: OCP certification (DBA)
    • IBM: Websphere certification
      Source: EC-Council
  • CFE -- Certified Fraud Examiner
    The CFE demonstrates ability to detect financial fraud and other white-collar crimes. This cert is of primary interest to full-time security professionals in law, law enforcement or those who work in organizations with legal mandates to audit for possible fraudulent or illegal transactions and activities (such as banking, securities trading or classified operations). The CFE has a long list of qualifications and prerequisites, and eligibility for the credential is based on a point system.
    Source: Association of Certified Fraud Examiners

  • CFSA -- Certified Financial Services Auditor
    The CFSA identifies professional auditors with thorough knowledge of auditing principles and practices in the banking, insurance and securities financial services industries. Candidates must have a four-year college degree or a two-year college degree with three years of experience in a financial services environment, submit a character reference and show proof of at least two years of appropriate auditing experience. To obtain this certification, candidates must pass an exam.
    Source: The Institute of Internal Auditors

  • CGAP -- Certified Government Auditing Professional
    The CGAP identifies public-sector internal auditors who focus on fund accounting, grants, legislative oversight and confidentiality rights, among other facets of internal auditing. Candidates must have an appropriate four-year college degree or a two-year college degree with three years of experience in a public-sector environment, submit a character reference and show proof of at least two years of direct government auditing experience. To obtain this certification, candidates must pass an exam.
    Source: The Institute of Internal Auditors

  • CIA -- Certified Internal Auditor
    The CIA cert demonstrates knowledge of professional financial auditing practices. The cert is of primary interest to financial professionals responsible for auditing IT practices and procedures, as well as standard accounting practices and procedures to ensure the integrity and correctness of financial records, transaction logs and other records relevant to commercial activities. Candidates must have an appropriate four-year college degree or approved work equivalent, submit a character reference and show proof of at least two years of direct government auditing experience. To obtain this certification, candidates must pass a four-part exam.
    Source: Institute of Internal Auditors

  • CISA -- Certified Information Systems Auditor
    The CISA demonstrates knowledge of IS auditing for control and security purposes. This cert is of primary interest to IT security professionals responsible for auditing IT systems, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization's security policy.
    Source: Information Systems Audit and Control Association

  • CRISC -- Certified in Risk and Information Systems Control
    The CRISC identifies IT professionals who have hands-on experience with risk identification, assessment and evaluation, risk response, risk monitoring and information systems control design, implementation, monitoring and maintenance. Professionals with eight or more years of experience may apply (by March 2011) to be grandfathered into the program and achieve certification. Other candidates must have five years of related work experience and pass one exam.
    Source: Information Systems Audit and Control Association

  • ECSP -- EC-Council Certified Secure Programmer
    The ECSP identifies programmers who can design and build relatively bug-free, stable Windows- and Web-based applications with the .NET/Java Framework, greatly reducing exploitation by hackers and the incorporation of malicious code. Candidates must pass a single exam.
    Source: EC-Council

  • Security5
    Security5 certification identifies non-IT office workers and home users who understand Internet security terminology, know how to use defense programs such as antivirus and antispyware applications, can implement basic operating system security and follow safe Web and email practices. Candidates must pass an exam.
    Source: EC-Council

 

Additional Resources
Return to Table of Contents

About the authors
Ed Tittel is a full-time freelance writer, trainer and consultant who's written more than 140 books including his latest CISSP Study Guidefifth edition with J. Michael Stewart and Mike Chapple (Sybex, due out in Dec 2010/January 2011). Ed has been active in the computing industry for more than 20 years as a software developer, manager, writer and trainer.

Kim Lindros has more than 20 years of experience in the computer industry, from technical support specialist, to network administrator, to book and course content manager. She has edited and developed more than 400 IT-related books and online courses, and co-authored two certification books and numerous online articles with Ed. Kim runs Gracie Editorial, a content development company.

This was first published in October 2010

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top