This special report offers a comprehensive review of information security industry certifications, highlighting which ones can best help you achieve goals specific to your information security career path. It's a companion to two other surveys, which cover the vendor-neutral and vendor-specific security certification landscapes in detail.

For this update to our IT security certifications guide, we made several changes. The following table shows our reporting by the numbers for the previous April 2012 edition as well as this May 2013 edition. The overall numbers for vendor-neutral information security certifications went up by three (in total, we added five more credentials to our various lists, but scrubbed two old ones, for an overall net gain of three).

Since the last revision to this material, there's less change than in any of the five previous such surveys we’ve conducted. We removed two EC-Council credentials – the Certified Secure Application Developer (CSAD) and the ESCP (EC-Council Certified Secure Programmer). To make up for those losses, however, we added the CompTIA Advanced Security Practitioner (CASP) and the Prometric Cyber Security Essentials credential, plus three more advanced GIAC credentials (GSSP-JAVA, GREM, and GSE). For the first time ever, this resulted in a small overall delta. It’s starting to look like the information security certification sector is maturing, and may no longer be subject to large-scale entries or defections.

Even so, the sheer number of credentials can make navigating the security certification landscape a dizzying experience. Simply identifying and differentiating among the vast array of offerings can be time-consuming and overwhelming, never mind determining which certification best fits your needs. This SearchSecurity.com guide to information security certifications provides a comprehensive overview of myriad information security certification options. It’s intended for anyone looking to get on the information security certification path, whether you're starting up the information security career ladder or already have security experience and wish to hone your skills in some specialized area.

After you have perused the options available to you, visit SearchSecurity.com's CISSP Essentials Security School for resources to help you prepare for the CISSP exam and expand your knowledge of information security practices. If you have feedback on how we can improve this guide to information security certifications, please let us know.

General security -- Basic

Return to Table of Contents

Brainbench Basic Security Certifications
Brainbench offers several basic-level security certifications, each requiring the candidate to pass one exam. Examples of these certifications include:

• Brainbench Firewall Administration Concepts
• Brainbench Internet Security
• Information Technology Security Fundamentals
• ITAA Information Security Awareness
• Brainbench Microsoft Security
• Brainbench Network Authentication
• Brainbench Network Security
• Security Industry Knowledge (U.S.)

Source: Brainbench

CDRE -- Certified Disaster Recovery Engineer
This credential from Iowa-based training company mile2 recognizes individuals with foundational knowledge of disaster recovery (DR) and business continuity (BC) planning methodologies. A CDRE recognizes real-world risks and vulnerabilities to an IT infrastructure, understands how to safeguard assets against threats, and can write DR and BC plans and policies. No prerequisites or classes are required.

Source: mile2