The security certification landscape: Choices and benefits

Columnist Ed Tittel outlines security certifications and their benefits in this Career Tip.



In my last security certification tip, I promised to begin coverage of the various TruSecure/ICSA certifications in my next tip. But in the meantime, the folks at searchSecurity have asked me to put together a general security certification overview tip, to warm up for my upcoming chat on the subject on January 30, 2001. Just goes to show that plans were indeed made to be broken.

What I'd like to do now is throw you into a big bowl of alphabet soup by exposing all the security-related certification programs -- and their inevitable acronyms -- that I've uncovered so far. For each one, I'll also give a brief explanation and provide a pointer to more information if you want to learn more. In future tips I'll cover all of these in more detail, returning to the TruSecure/ICSA ICSA certification in my next tip, as promised.

CCO -- Certified Confidentiality Officer

Demonstrates management level expertise in information security.

Source: Business Espionage Controls Countermeasures Association (BECCA)

For more information on: CCO


CCSA -- Certification in Control Self-Assessment

Demonstrates knowledge of internal control self-assessment procedures.

Source: Institute of Internal Auditors

For more information on: CCSA


CFE -- Certified Fraud Examiner

Demonstrates ability to detect financial fraud and other white-collar crimes.

Source: Association of Certified Fraud Examiners

For more information on: CFE


CIA -- Certified Internal Auditor

Demonstrates knowledge of professional financial auditing practices.

Source: Institute of Internal Auditors

For more information on: CIA


CISA -- Certified Information Systems Auditor

Demonstrates knowledge of IS auditing for control and security purposes.

Source: Information Systems Audit and Control Association

For more information on: CISA


CISSP -- Certified Information Systems Security Professional

Demonstrates knowledge of network and system security principles, safeguards and practices.

Source: International Information Systems Security Certifications Consortium (aka (ICS)2 pronounced "ICS-squared")

For more information on: CISSP


CIW-SP -- Certified Internet Webmaster-Security Professional Demonstrates knowledge of Web- and e-commerce-related security principles and practices.

Source: Prosoft Training, Inc.

For more information on: CIW-SP


CPP -- Certified Protection Professional

Demonstrates thorough understanding of physical, human and information security principles and practices.

Source: American Society for Industrial Security (ASIS)

For more information on: CPP


GIAC - Global Incident Analysis Center

Demonstrates knowledge of and the ability to manage and protect important information systems and networks.

Source: The System Administration, Networking and Security (SANS) Institute

For more information on: GIAC


ICSA -- TruSecure/ICSA Certified Security Associate

Demonstrates basic familiarity with vendor-neutral system and network security principles, practices and technologies.

Source: TruSecure Corporation

For more information on: ICSA


ICSE -- TruSecure/ICSA Certified Security Engineer

Demonstrates deep and serious knowledge of vendor-neutral system and network security principles, practices and technologies. ICSA is pre-requisite.

Source: TruSecure Corporation

For more information on: ICSE


ICSP -- TruSecure/ICSA Certified Security Professional

Trainer certification to enable individuals to teach ICSA and ICSE classes.

Source: TruSecure Corporation


SSCP -- System Security Certified Professional

Demonstrates basic knowledge of network and system security principles, safeguards and practices. Covers seven of the 10 knowledge domains covered in the CISSP and is a great stepping-stone to the CISSP.

Source: International Information Systems Security Certifications Consortium (aka (ISC)2 pronounced "ISC-squared")

For more information on: SSCP


SNSCP -- System and Network Security Certified Professional

Demonstrates ability to design and implement organizational security strategies, securing the network perimeter and component systems.

Source: Learning Tree International

For more information on: SNSCP


Certified Network Security Associate (CNSA)

Entry-level credential for a "stepping-stones to GIAC and CISSP" training and cert program, aims to certify general IT security knowledge and ability. Also serves as the first rung on a well-defined ladder of CCTI certifications.

Source: Colorado Computer Training Institute (CCTI)

For more info on: CNSA


Certified Network Security Expert (CNSE)

Identifies competent, practicing security professionals with strong technical knowledge and specific industry experience. Top rung in the CCTI security certification ladder. Requires obtaining a CNSP and CNSM, plus two elective exams, and written and hands-on lab exams.

Source: Colorado Computer Training Institute (CCTI)

For more info on: CNSE


Certified Network Security Manager(CNSM)

Identifies individuals who manage security professionals, with an understanding of technical security fundamentals and of related topics in security forensics, law, or incident response handling. Middle (management) rung in the CCTI security certification ladder.

Source: Colorado Computer Training Institute (CCTI)

For more info on: CNSM


Certified Network Security Professional (CNSP)

Identifies individuals who have moved from security fundamentals to coverage of advanced, complex security topics and technologies. Middle (technical) rung in the CCTI security certification ladder.

Source: Colorado Computer Training Institute (CCTI)

For more info on: CNSP


Obviously, there is no shortage of options for would-be computer security experts to choose from. Today, the CISSP, the SANS GIAC and the CPP are probably the best-known and most widely-followed computer security certifications. Numbers of certified individuals in these programs vary from a low of 3,000 to a high of 8,000. This is likely to change with TruSecure's entry into the market, given that this organization has a huge global footprint and is highly regarded throughout the business and computing communities. The other certifications mentioned here are more specialized and appeal to auditors, intelligence-types and those with a law-enforcement bent.

Please let me know if my survey of this landscape missed anything. I can't claim to know, see, or be able to find everything, so all help will be gratefully acknowledged. As always, feel free to e-mail me with feedback, comments, or questions at etittel@lanw.com.

About the author:

Ed Tittel is a principal at a content development company based in Austin, Texas and the creator of the Exam Cram series. He's worked on numerous certification titles on Microsoft, Novell, CIW and Sun related topics and is working on several security certification books for delivery in 2001.


This was first published in January 2001

Dig deeper on Security Industry Certifications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close