Security Certifications

CISSP

The Certification for Information System Security Professional (CISSP) is quickly becoming the standard in the information security field. The CISSP is designed for corporate security officers, security advisers, and other individuals who set security architecture, policies, and processes. Administered by the International information Systems Security Certification Consortium, which is abbreviated as (ISC), this certification tests overall knowledge of the information security field. The test requires four years' experience in the information security field (or three years' experience with a college degree), registration for the test, agreement to adhere to the ISC2 Code of Ethics, and maintenance of the certification. The certification encompasses ten domains of security knowledge as follows:

- Access control systems and methodology
- Application and systems development security
- Business continuity planning and disaster recovery planning
- Cryptography
- Law, investigation, and ethics
- Operations Security
- Physical security
- Security architecture and model:
- Security management practices
- Telecommunications and networking security

For more information, visit the (ISC2) Website at www.isc2.org

SSCP

The Systems Security Certified Practitioner (SSCP) exam is designed for individuals who practice security on a daily basis. Network, system, and security administrators can attempt this certification after one year of practical experience in one of seven security domains. As with the CISSP exam, examinees must also agree to adhere to the ISC2 Code of Ethics and maintain the certification. The test covers the following domains:

- Access controls
- Administration
- Auditing and monitoring
- Risk, response, and recovery
- Cryptography
- Data communications
- Malicious code (malware)

For more information, visit the (ISC2) Website at www.isc2.org

GIAC

The SysAdmin, Audit, Network. Security (SANS) Institute is an excellent source of security information for any IT professional. For more information, visit the SANS Web site at www.sans.org. One of its primary missions is to offer the Global Information Assurance Certification (GIAC) program. The program differs from the CISSP and SSCP because it offers a variety of exams and certifications specific to a particular security competence. GIAC offers the following certifications.

- GIAC Security Essentials Certification (GSEC)
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified UNIX Security Adrnln15trator (GCUX)
- GIAC Information Security Officer (GISO)
- GIAC Systems and Network Auditor (GSNA)

CIW

Though not a certification specific to information security, the Certified Internet Webmaster CIW certification is an industry standard for IT professionals who support web environments The CIW program has three main disciplines -- Designer, Enterprise Developer, and Administrator -- that are tailored to specific web responsibilities. ProSoftTraining, when building the CIW program, recognized that a skilled webmaster must also have a good grasp of information security concepts. To test this knowledge, ProSoftTrainlng included the Security Professional exam to test candidates' information security knowledge.

For more information, visit the ProsoftTraining Web site at www.ciwcertified.com


CompTIA Security+™ Certification

CompTIA Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. It is an international, vendor-neutral certification that is taught at colleges, universities and commercial training centers around the world. Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience, with an emphasis on security. The CompTIA Network+ certification is also recommended.

For more information visit the CompTIA website at http://certification.comptia.org



CISA

The technical skills and practices that CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA designation demonstrates proficiency and is the basis for measurement in the profession. With a growing demand for professionals possessing IS audit, control and security skills, CISA has become a preferred certification program by individuals and organizations around the world. CISA certification signifies commitment to serving an organization and the IS audit, control and security industry with distinction. In addition, it presents a number of professional and personal benefits.

For more information visit the official CISA website here

CEH/CHFI/ECSA

An upcoming body who are also gaining popularity fast is EC-Council They have a host of security certifications some of which need to be endorsed if taken without a certain number of years experience on your back. Furthermore from June 2007, certifications will be valid for 2 years before a refresher is course is taken.

CEH - Certified Ethical Hacker
CHFI - Computer Hacking Forensic Investigator
ECSA - EC-Council Certified Security Analyst

More information is directly available from their website

ISECOM OPSA

The OSSTMM Professional Security Analyst (OPSA) is a certification of applied knowledge designed to improve the work done as a professional security analyst. This is an important certification for those who want or need to prove they can walk the walk in data network security analysis, the discipline which covers critical security evaluations and decision-making required in both technical and management fields. And it is a critical, eye-opening class for CISOs, CIOs, CSOs, security auditors, system forensics examiners, network engineers, system and network administrators, developers, network architects, security analysts, and truly anyone who works in IT from systems to networks.

More information is directly available from there website


GSSP Certification from SANS

The GSSP-C is a proctored paper exam, containing 100 multiple-choice questions and has a six hour time limit. Unlike other GIAC certifications, this exam is not offered online and is not open book. The GSSP certification exam is only offered at specific locations given on a number of dates through the year. For the most current information on upcoming administrations, visit http://www.sans-ssi.org/upcoming.php

The Requirements:
The Secure Programming Skills Assessment initiative allows candidates to demonstrate mastery of the security knowledge and skills needed to deal with common programming errors that lead to most security problems. Renewals happen every 4 years.

For more information click here



CSSLP

The Certified Secure Software Lifecycle Professional (CSSLP) aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual's competency in addressing security issues throughout the software lifecycle (SLC). It takes a holistic approach to software security.

Code-language neutral, it will be applicable to anyone involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers. Subject areas covered by the CSSLP exam will include the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance. Candidates must demonstrate four years of professional experience in the SLC process or three years of experience and a bachelor's degree (or regional equivalent) in an IT discipline.

CSSLP - Official info here

Other Forensic Investigator Certifications links of www.ethicalhacker.net

GCFA - GIAC Certified Forensics Analyst
CCE - Certified Computer Examiner
CHFI - Computer Hacking Forensic Investigator
EnCE - EnCase® Certified Examiner