Security Certifications

There are numerous studies available in the field that focuses on information security as a professional qualification. Here are some examples which are classified into two categories of Product Neutral and Product Oriented ones:

• Product Neutral Certifications
• Product Oriented Certifications

---

Product Neutral Certifications

Certified Professional of IT (CPIT)
The Hong Kong Institute for IT Professional Certification (HKITPC) manages and develops professional certifications in Hong Kong. The certification includes CPIT(PD) - Project Director, CPIT(SA) - System Architect, CPIT(QAM) - Quality Assurance Manager, CPIT (APM) - Associate Project Manager, CPIT (InfoSec) - Information Security Officer, and CPIT (BA) - Business Analyst.

DRI International 's Business Continuity Professional Certifications
DRI International provides various levels of certification for business continuity planners, including the Associate Business Continuity Planner (ABCP), the Certified Business Continuity Vendor (CBCV), the Certified Functional Continuity Professional (CFCP), the Certified Business Continuity Professional (CBCP) and the Master Business Continuity Professional (MBCP), etc.

SANS Global Information Security Assurance Certification (GIAC)
The first ever vendor-neutral security certifications and certificates for IT security professionals. GIAC currently offers certifications for over 20 job-specific responsibilities instead of general purpose information security knowledge. It covers four IT/IT Security job disciplines: Security Administration, Management, Audit and Software Security, and offers three levels of certifications: Silver, Gold and Platinum for each job discipline. Certifications are based on 5-6 full day courses while certificates are based on 1 or 2 day courses. Here are some examples:

• GIAC Certified Firewall Analyst (GCFW)
  
• GIAC Certified Intrusion Analyst (GCIA)
  
• GIAC Certified Incident Handler (GCIH)
  
• GIAC Certified Security Consultant (GCSC)
  
• GIAC Business Law and Computer Security (GBLC)
  
• GIAC Security Audit Essentials (GSAE)
  

(ISC)² Information Security Certifications
(ISC)² offers several information security certifications and concentrations related to specific certifications. They are:

• CISSP - Certified Information Systems Security Professional
  
• CISSP Concentrations
  
  • ISSAP - Information Systems Security Architecture Professional
    
  • ISSEP - Information Systems Security Engineering Professional
    
  • ISSMP - Information Systems Security Management Professional
    
• CSSLP - Certified Secure Software Lifecycle Professional
• SSCP - Systems Security Certified Practitioner
  
• CAPCM - Certification And Accreditation Professional
  
• Associate of (ISC)² Designation
  
• Fellow of (ISC)²

These are vendor-neutral programs. CISSP is targeted at executives, while CISSP Concentrations are targeted for experienced information security professionals and SSCP is appropriate for security specialists in the field. CAP credential is to measure the professionals' knowledge, skills and abilities involved in the process of certifying and accrediting the security of information systems. There are also Associate Programs for CISSP and SSCP for those who pass these examinations but without the experience required for the certifications.

Information Systems Audit and Control Association (ISACA) Certifications
The program is designed for IS audit, control and security professionals. It offers three certifications: Certified Information Systems Auditor (CISA), Certified Information System Manager(CISM) and Certified in the Governance of Enterprise IT (CGEIT).

ProfSoft Training's Certified Internet Webmaster (CIW) Security Analyst: CIW Exams and CIW Certification
This program recognises those who can implement security policy, identify security threats, and develop countermeasures using firewalls and attack-recognition technologies.

Certified Wireless Security Professional (CWSP)
This program recognises advanced knowledge of securing wireless LANs including hardware, software, protocols, procedures and design techniques used in reducing wireless LAN security risks. It builds on the foundation program "CWNA" (Certified Wireless Network Administrator). Please visit website at http://www.cwnp.com/cwsp/index.html for details.

The Security Certified Program (SCP)
SCP includes three levels of certifications: the Security Certified Network Specialist (SCNS), the Security Certified Network Professional (SCNP) and the Security Certified Network Architect (SCNA). SCNS focuses on defensive technologies that are the foundation of securing network perimeters. SCNP includes topics on cryptography, performing risk analysis, creating security policies, etc. SCNA focuses on trusted communication and emerging security technologies like public-key infrastructure, biometrics and smart cards.

Product Oriented Certifications

Symantec Certifications
Symantec offers specialist certification credentials for its security products, including Symantec Certified Specialist (SCS), etc.

Check Point Certified Security Administrator (CCSA) & Check Point Certified Security Expert (CCSE)
A CCSA possesses the skills to define and configure security policies that enable secure access to information across corporate networks. The CCSE certification is recognised as the industry standard for Internet security certifications as CCSEs possess expertise to configure VPN-1/FireWall-1 as an Internet security solution and virtual private network (VPN) that securely connects corporate offices and remote workers, protecting information exchange and granting access to network resources.

The Cisco Certified Security Professional (CCSP)and Cisco Certified Internetwork Expert (CCIE) Security
CCSP requires a Cisco Certified Network Associate designation and proficiency with Cisco firewalls, intrusion detection systems and VPNs; whereas Cisco Certified Internetwork Expert (CCIE) covers IP, IP routing, and specific security components.