Certifications and Qualifications

CEH - Certified Ethical Hacker

Certified Ethical Hacker is a certificiation offered by EC Council. For more information, visit the website

Certified Identity Theft Risk Management Specialist (CITRMS®)

The Certified Identity Theft Risk Management Specialist (CITRMS®) certification program is the nation’s only training program specifically developed for professionals who are dedicated to educating and assisting clients, customers, businesses, and the general public in combating the epidemic of Identity Theft and related fraud. CITRMS®-qualified professionals are employed by a wide range of organizations including financial institutions; mortgage, real estate, and financial services firms; law enforcement, and other government agencies. Many others are private practitioners including attorneys, CPAs, financial advisors, counselors, and consultants. For more information, visit the website

Certified Information Systems Security Professional

The Certified Information Systems Security Professional (CISSP) is a certification for information security professionals. This certification is obtained through the International Information Systems Security Certification Consortium (ISC)2 for the purpose of recognizing individuals who have distinguished themselves as an experienced, knowledgeable, and proficient information security practitioner. The CISSP certificate also provides a means of identifying those persons who subscribe to a rigorous requirement for maintaining their knowledge and proficiency in the information security profession.

Certification is awarded to those individuals who achieve a prescribed level of information security experience, comply with a professional code of ethics, and pass a rigorous examination on the Common Body of Knowledge of information security. In order to maintain currency in the field, each CISSP must be recertified every three years by participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Common Body of Knowledge, and service in professional organizations.

For more information, see the (ISC)2 website.

Seminar and examination schedules are available on the (ISC)2 site.

ISSA endorses the Certified Information Systems Security Professional (CISSP) certification provided by (ISC)² as the certification for the Information Security Professional.

CIPP – Certified Information Privacy Professional

The Certified Information Privacy Professional (CIPP) debuted in 2004 and has since become the industry-standard certification in corporate compliance with U.S. privacy laws and regulations as well as European requirements for transfers of personal data. Successful candidates have become IAPP members and also have completed and passed the Certification Foundation Examination and the CIPP Examination.

For further information, visit the website. 

CSP – RSA Certified Security Professional

The RSA Certified Security Professional Program offers technology professionals the knowledge, skills, and credentials necessary to deploy and maintain reliable enterprise security systems.

Recertification is required for every major product release and for certain point releases that RSA deems sufficiently important. RSA Security will notify you by e-mail of changes in requirements for any certifications you hold.

•     RSA SecurID Certified Systems Engineer
•     RSA SecurID Certified Administrator
•     RSA SecurID CI
•     RSA Access Manager CSE
•     RSA Digital Certificate Management Solutions CSE
•     RSA Sign-On Manager CSE

For further information, visit their website.

ECSA – EC-Council Certified Security Analyst

EC-Council Certified Security Analyst (ECSA) complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. While CEH exposes the learner to hacking tools and technologies, ECSA takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through groundbreaking penetration testing methods and techniques, ECSA class helps students perform the intensive assessments required to effectively identify and mitigate risks to the security of the infrastructure. For more information, visit thier website.

Global Information Assurance Certification (GIAC)

SANS' GIAC Training and Certification Program is designed to serve the people who are or will be responsible for managing and protecting important information systems and networks. GIAC course specifications were developed through a consensus process that involved more than a hundred members of SANS' faculty and other experienced security practitioners. They combine the opinions, knowledge, and expertise of many of the world's most experienced front-line security and system administrators, intrusion detection analysts, consultants, auditors, and managers.

The GIAC certification program consists of:

•     Information Security KickStart
•     LevelOne Security Essentials
•     LevelTwo subject area modules

GIAC training and certification is presented in live training sessions at SANS conferences. Information Security KickStart, LevelOne Security Essentials, and an increasing selection of LevelTwo courses are also offered over the web with both online course books and (in most cases) audio tracks.

For more information visit the SANS Web Site.

International Systems Security Professional Certification Scheme (ISSPCS)

ISSPCS is a global and open certification scheme for Information and Systems Security Professionals based on essential security principles with the following key features:

•    Internationally independent and professional certification
•    Comprehensive continuous muti-level certification
•    Practical, transparent open resources with real-world focus
•    Customised region-specific content

ISSPCS certification identifies the holder as a knowledgeable and practical individual in the field of Information Security and provides a practical solution to the issue of continually changing information security processes and best practices.

For more information, visit their website.

Licensed Penetration Tester (LPT)

EC-Council’s Licensed Penetration Tester (LPT) is a natural evolution and extended value addition to its series of security related professional certifications. The Licensed Penetration Tester standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field. For additional information, see: http://www.eccouncil.org/lpt/Licensed_Penetration_Tester.htm

Professional in Critical Infrastructure Protection (PCIP – formerly CCISP)

Critical infrastructure is defined by the office of Homeland Security as those assets, facilities, industries, and capabilities that are needed to support commerce and our daily lives. This includes SCADA, energy, utility, oil & gas, financial, communications, and transportation to name a few.

Since the birth of the internet, the threats that these industries face are becoming increasingly more complex, and alarmingly more common, as these, once isolated, environments are now faced with viruses, hackers, cyber terrorists, and remote threats of high available system outages. Securing the systems and network environments that support this critical infrastructure is more important in today's world now more than ever and requires an extended set of specialized skills.

The PCIP certification (formerly the CCISP), maintained by the Critical Infrastructure Institute, is different than other security certifications in that it is tailored specifically to the Critical Infrastructure sectors and the Critical Infrastructure Protection Industry (CIP). Professionals carrying the PCIP designation will have demonstrated the necessary knowledge and professional skills required for designing, maintaining, and managing security architectures for critical infrastructure, SCADA, and high-availability environments. These skills range from security architecture design & management to highly advanced technical skills such as those used by hackers to circumvent security measures as well as countermeasure techniques all specific to these critical infrastructure, SCADA, and high availability environments.

For authenticity purposes, all recipients, along with their certification number, are maintained in a secure database and each recipient carries a PCIP ID card.

For more information, visit their website.

CompTIA Security+ Certification

CompTIA Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. It is an international, vendor-neutral certification that is taught at colleges, universities and commercial training centers around the world. Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience, with an emphasis on security. The CompTIA Network+ certification is also recommended.

For more information, visit their website.

SSCP – Systems Security Certified Practitioner

SSCP Certification was designed to recognize an international standard for practitioners of information security [IS] and understanding of a Common Body of Knowledge (CBK). It focuses on practices, roles and responsibilities as defined by experts from major IS industries. Certification can enhance an IS career and provide added credibility.

Seven SSCP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge:

•     Access Controls
•     Administration
•     Audit and Monitoring
•     Risk, Response and Recovery
•     Cryptography
•     Data Communications
•     Malicious Code/Malware

For further detail regarding SSCP Certification, please refer to the SSCP White Paper posted on this (ISC)2, Inc. web site.

For more information, see the (ISC)2 website.

Symantec Certifications

Symantec offers four levels of Certification for Security professionals ranging from Product Specialists (SPS) in individual Symantec products through Security Practitioners (SCSP) who demonstrate a broad knowledge of both Symantec Products and vendor neutral Security technologies. Candidates may choose the appropriate path to support their goals. Symantec Training offerings are available to prepare for Certifications , e.g. Security Solutions Education that qualify for CPE credits. For program details visit the Symantec Certification Website.

• SPS - Symantec Product Specialist - demonstrates knowledge and experience with a specific Symantec product
• STA - Symantec Technology Architect - demonstrates knowledge and experience with one on the four vendor neutral security disciplines
• SCSE - Symantec Certified Security Engineer - demonstrates knowledge and experience with one of the four vendor neutral security disciplines and the related Symantec products
• SCSP - Symantec Certified Security Practitioner - demonstrates knowledge and experience with all four of the vendor neutral security disciplines and all related Symantec products

DRI International

DRI International's world-renowned professional certification program (ABCP, CBCP, MBCP) acknowledges an individual's effort to achieve a professional level of competence in the industry. Designed to be rigorous, well controlled, and free of bias, the program is centered on the "Professional Practices for Business Continuity Planners", the international industry standard.

Certified Business Continuity Professional (CBCP)
DRII's CBCP certification is reserved for individuals who have demonstrated their knowledge and experience in the business continuity / disaster recovery industry. The CBCP level is designed for an individual with a minimum of two years of experience as a business continuity/disaster recovery planner.

Associate Business Continuity Planner (ABCP)
The Associate Business Continuity Planner (ABCP) or Associate level, is for individuals with at least a specified minimum level of knowledge in business continuity/disaster recovery planning, but who have not yet attained the two years of experience required for CBCP. Individuals can also qualify if they work in  positions related to--but not actually in--business continuity/disaster recovery planning.

Master Business Continuity Professional (MBCP)
The Master Business Continuity Professional (MBCP) or Master level, targets an individual with a minimum of five years of experience as a business continuity/disaster recovery planner. In addition, the MBCP must attain a higher score on the CBCP Examination, and either successfully complete a case-study examination or complete a directed research project and paper.

An additional prerequisite for the CBCP and MBCP certification levels is the demonstration of proficiency in a specific number of Subject Areas of the Professional Practices for Business Continuity Planners. For more information, see the Disaster Recovery Institute International website

BCM Institute

BCMI's objective is not to compete but to complement existing certifications in geographical areas where you will not have the opportunity to experience formal BC & DR training and certification. BCMI instructors continue to practice in BC-DR and related domains; each possessing 3 or more years of experience. Course content is designed around practical knowledge and skills for implementing BCM programs and BC plans within organizations. Curriculum is consistent with DRI International's 10 Subject Areas in the Professional Practices for BC Professionals; complementing the international certification courses and examinations. More information about BCM Institute certifications can be found on their website.

Foundation – Business Continuity Certified Planner (BCCP)
The BCCP recognizes practitioners who are involved in developing, implementing and maintaining BC procedures and processes for their business sub-units; as well as for senior and middle management involved in BCM.

Specialist – Business Continuity Certified Specialist (BCCS) & Disaster Recovery Certified Specialist (DRCS)
The specialist’s role as it implies are designed to recognised individuals who are participating as department coordinators in the BCP project. The BCCS caters to coordinators supporting business users. The DRCS caters to individuals who are participating in the DR planning stages; usually, overseeing specific areas in the IT infrastructure, application, software and hardware.

Expert – Business Continuity Certified Expert (BCCE) & Disaster Recovery Certified Expert (DRCE)
Individuals intending to qualify for the expert level are expected to manage and drive organizational-wide BCP/DRP projects. Such individuals are expected to assist organizations to sustain BCM programs. This will involve developing and conducting integrated tests and exercises; which should also assess the coordination between inter and intra-dependent business and support units (including IT). The BCCE is targeted at individuals involved in BCM. The DRCE is targeted at individuals involved in DRP.

Certification in Control Self-Assessment (CCSA)

The Certification in Control Self-Assessment (CCSA) is The Institute of Internal Auditor’s first specialty certification and second certification to be offered by the Board of Regents in the history of the Institute of Internal Auditors. The new CCSA certification program will identify the skill sets needed by successful CSA practitioners, measure proficiency in CSA, and provide guidance for CSA initiatives.

To receive the CCSA designation, professionals must satisfy educational and professional work experience requirements and successfully complete an exam designed to test an individual's proficiency in control self-assessment.

The first CCSA exam will be offered in early 1999. This will be a computer-based exam offered on demand at numerous facilities around the United States and Canada. For more information, see the IIA website.

Certified Internal Auditor (CIA)

The Institute of Internal Auditors (IIA) also offers Certified Internal Auditor (CIA) certification which requires candidates to master their ability to identify risks, examine alternative remedies, and prescribe the best initiatives to control these risks. CIAs master auditing standards and practices as well as management principles and controls, information technology, and emerging strategies to improve business and government. CIAs learn the best ways to manage business. The CIA exam tests a candidate's knowledge and ability regarding the current practice of internal auditing. It enables candidates and prospective managers to adapt to professional changes and challenges by:

•     Addressing nearly all management skills.
•     Focusing on the principles of management control.
•     Measuring a candidate's understanding of risk management and internal controls.

For more information, see the IIA website.

Certified Information Systems Auditor (CISA)

The CISA designation is awarded by the Information Systems Audit and Control Association to those individuals with an interest in information systems auditing, control, and security who have met and continue to meet specific requirements.

To earn and retain the CISA designation, CISAs are required to:

•     Successfully complete the CISA Examination;
•     Adhere to the Information Systems Audit and Control Association's Code of Professional Ethics;
•     Submit evidence of a minimum of five (5) years of professional information systems (IS) auditing, control or security work experience. Substitution and waivers of such experience applies; and
•     Adhere to a continuing education program.

For more information, see the Information Systems Audit and Control Association website.

Certified Information Security Manager (CISM)

The CISM designation is awarded by the Information Systems Audit and Control Association. That is a new certification and is specifically geared toward experienced information security professionals. CISM is business-oriented and focused on information risk management while addressing management, design and technical security issues at the conceptual level. It is for the individual who must maintain a view of the "big picture" by managing, designing, overseeing and assessing an enterprise's information security.

To earn and retain the CISM designation, CISMs are required to:

•     Successfully complete the CISM Examination;
•     Adhere to the Information Systems Audit and Control Association's Code of Professional Ethics;
•     Submit verified evidence of a minimum of five (5) years of information security work experience, with a minimum of three (3) years of information security management work experience in three or more the CISM job practice areas.

For more information, see the Information Systems Audit and Control Association website.

Control Self-Assessment (CSA)

CSA Qualification is offered by the Institute of Internal Auditors. Candidates must complete 54 CPD hours in the following manner: 18 CPD hours for Introduction to Control Self-Assessment; 18 CPD hours for either Value-Added Business Controls: The Right Way to Manage Risk or Evaluating Internal Controls: A COSO-Based Approach; and 18 CPD hours for either Assessing Risk: A Better Way to Audit or CSA Facilitation Techniques for Auditors. For more information, see the IIA website.