Security Management Strategies for the CIOIn my last security certification tip, I promised to begin coverage of the various TruSecure/ICSA certifications in my next tip. But in the meantime, the folks at searchSecurity have asked me to put together a general security certification overview tip, to warm up for my upcoming chat on the subject on January 30, 2001. Just goes to show that plans were indeed made to be broken.
What I'd like to do now is throw you into a big bowl of alphabet soup by exposing all the security-related certification programs -- and their inevitable acronyms -- that I've uncovered so far. For each one, I'll also give a brief explanation and provide a pointer to more information if you want to learn more. In future tips I'll cover all of these in more detail, returning to the TruSecure/ICSA ICSA certification in my next tip, as promised.
CCO -- Certified Confidentiality Officer
Demonstrates management level expertise in information security.
Source: Business Espionage Controls Countermeasures Association (BECCA)
For more information on:
Requires Free Membership to View
CCO CCSA -- Certification in Control Self-Assessment
Demonstrates knowledge of internal control self-assessment procedures.
Source: Institute of Internal Auditors
For more information on: CCSA
CFE -- Certified Fraud Examiner
Demonstrates ability to detect financial fraud and other white-collar crimes.
Source: Association of Certified Fraud Examiners
For more information on: CFE
CIA -- Certified Internal Auditor
Demonstrates knowledge of professional financial auditing practices.
Source: Institute of Internal Auditors
For more information on: CIA
CISA -- Certified Information Systems Auditor
Demonstrates knowledge of IS auditing for control and security purposes.
Source: Information Systems Audit and Control Association
For more information on: CISA
CISSP -- Certified Information Systems Security Professional
Demonstrates knowledge of network and system security principles, safeguards and practices.
Source: International Information Systems Security Certifications Consortium (aka (ICS)2 pronounced "ICS-squared")
For more information on: CISSP
CIW-SP -- Certified Internet Webmaster-Security Professional Demonstrates knowledge of Web- and e-commerce-related security principles and practices.
Source: Prosoft Training, Inc.
For more information on: CIW-SP
CPP -- Certified Protection Professional
Demonstrates thorough understanding of physical, human and information security principles and practices.
Source: American Society for Industrial Security (ASIS)
For more information on: CPP
GIAC - Global Incident Analysis Center
Demonstrates knowledge of and the ability to manage and protect important information systems and networks.
Source: The System Administration, Networking and Security (SANS) Institute
For more information on: GIAC
ICSA -- TruSecure/ICSA Certified Security Associate
Demonstrates basic familiarity with vendor-neutral system and network security principles, practices and technologies.
Source: TruSecure Corporation
For more information on: ICSA
ICSE -- TruSecure/ICSA Certified Security Engineer
Demonstrates deep and serious knowledge of vendor-neutral system and network security principles, practices and technologies. ICSA is pre-requisite.
Source: TruSecure Corporation
For more information on: ICSE
ICSP -- TruSecure/ICSA Certified Security Professional
Trainer certification to enable individuals to teach ICSA and ICSE classes.
Source: TruSecure Corporation
SSCP -- System Security Certified Professional Demonstrates basic knowledge of network and system security principles, safeguards and practices. Covers seven of the 10 knowledge domains covered in the CISSP and is a great stepping-stone to the CISSP. Source: International Information Systems Security Certifications Consortium (aka (ISC)2 pronounced "ISC-squared") For more information on: SSCP
SNSCP -- System and Network Security Certified Professional
Demonstrates ability to design and implement organizational security strategies, securing the network perimeter and component systems.
Source: Learning Tree International
For more information on: SNSCP
Certified Network Security Associate (CNSA)
Entry-level credential for a "stepping-stones to GIAC and CISSP" training and cert program, aims to certify general IT security knowledge and ability. Also serves as the first rung on a well-defined ladder of CCTI certifications.
Source: Colorado Computer Training Institute (CCTI)
For more info on: CNSA
Certified Network Security Expert (CNSE)
Identifies competent, practicing security professionals with strong technical knowledge and specific industry experience. Top rung in the CCTI security certification ladder. Requires obtaining a CNSP and CNSM, plus two elective exams, and written and hands-on lab exams.
Source: Colorado Computer Training Institute (CCTI)
For more info on: CNSE
Certified Network Security Manager(CNSM)
Identifies individuals who manage security professionals, with an understanding of technical security fundamentals and of related topics in security forensics, law, or incident response handling. Middle (management) rung in the CCTI security certification ladder.
Source: Colorado Computer Training Institute (CCTI)
For more info on: CNSM
Certified Network Security Professional (CNSP)
Identifies individuals who have moved from security fundamentals to coverage of advanced, complex security topics and technologies. Middle (technical) rung in the CCTI security certification ladder.
Source: Colorado Computer Training Institute (CCTI)
For more info on: CNSP
Obviously, there is no shortage of options for would-be computer security experts to choose from. Today, the CISSP, the SANS GIAC and the CPP are probably the best-known and most widely-followed computer security certifications. Numbers of certified individuals in these programs vary from a low of 3,000 to a high of 8,000. This is likely to change with TruSecure's entry into the market, given that this organization has a huge global footprint and is highly regarded throughout the business and computing communities. The other certifications mentioned here are more specialized and appeal to auditors, intelligence-types and those with a law-enforcement bent.
Please let me know if my survey of this landscape missed anything. I can't claim to know, see, or be able to find everything, so all help will be gratefully acknowledged. As always, feel free to e-mail me with feedback, comments, or questions at etittel@lanw.com.
About the author:
Ed Tittel is a principal at a content development company based in Austin, Texas and the creator of the Exam Cram series. He's worked on numerous certification titles on Microsoft, Novell, CIW and Sun related topics and is working on several security certification books for delivery in 2001.
This was first published in January 2001
Join the conversationComment
Share
Comments
Results
Contribute to the conversation