Problem solve Get help with specific problems with your technologies, process and projects.

What is the GISP certification and how does it compare to the CISSP certification?

In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about scenarios when the GISP might be appropriate and how industry-relevant it may be.

What is the GISP certification and how does it compare to the CISSP certification?
Honestly, I didn't know what the GISP certification was prior to this question, so thanks for forcing me to broaden my horizons a bit. The GISP certification comes from the SANS institute and is analogous to the (ISC)2's CISSP certification. Both are termed "intermediate"-level certifications and indicate a broad (though not necessarily deep) understanding of information security topics.

In fact, SANS offers a training course specifically for the CISSP exam that can also be used to prepare for the...

GISP test. Since there is a lot more name recognition for the CISSP (as opposed to the GISP), why bother with the GISP?

The only time it's worthwhile to consider the GISP is if you can't qualify for a CISSP, which usually means a lack of experience. The CISSP requires four years of relevant work experience, which a lot of people may not have. Thus the GISP becomes a potential substitute, for a couple of years anyway.

Though as I've written many times in the past, certifications don't necessarily indicate competence.

More information:

This was last published in October 2008

Dig Deeper on Information security certifications, training and jobs