Information Security Qualifications
Formal qualifications are essential for the career development of any information security professional. The most widely recognised include qualifications from ISACA, the Information Systems Audit and Controls Association, (ISC)2, the International Information Systems Security Certification Consortium, and ISEB, the Information Systems Examinations Board. Examinations are available in many languages and at many exam centres around the world.
Details of examining bodies are provided on this site togehter with links to our relevant training courses, official study guides and books.
Information Systems Audit and Control Association (ISACA)
The Information Systems Audit and Control Association (ISACA) was founded in the United States and is an international association of professionals involved in information systems audit, control, quality assurance and security.
The four key ISACA qualifications are:
For further information, please see the ISACA webiste.
International Information Systems Security Certiifcation Consortium - (ISC)²
(ISC)² is a not-for-profit organisation that developed the information security common body of knowledge (“CBK”) and a certification programme for information systems security professionals.
The six key (ISC)2 qualifications are:
For further informaiton, please see the (iSC)2 website
Certified Information Systems Security Professional (CISSP)
The CISSP certification provides information security professionals with an objective measure of competence and a globally recognised standard of achievement. The CISSP credential suits mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers. (Official CISSP textbook)
For experienced information security professionals with an existing (ISC)² qualification in good standing, (ISC)² Concentrations demonstrate in-depth knowledge of a subject area.
ISSAP Concentration in Architecture
ISSEP Concentration in Engineering (Official ISSEP Study Guide)
ISSMP Concentration in Management
Systems Security Certified Practitioner (SSCP)
The SSCP certification is for information security technicians who have implementation experience. The SSCP credential is ideal for those working toward or who have already attained positions as Senior Network Security Engineers, Senior Security Systems Analysts or Senior Security Administrators.
Certification and Accreditation Professional (CAP)
The CAP credential is specifically designed for security professionals involved in certification and accreditation. This qualification supports individuals who formalise processes used to assess risk and establish security requirements, as well as ensuring information systems have appropriate security controls in place to reduce the exposure to potential risk. (Official CAP textbook)
British Computer Society (BCS) / Information Systems Examination Board (ISEB)
The British Computer Society (BCS) is the UK's Chartered Engineering Institution for Information Systems Engineering. Through the Information Systems Examinations Board (ISEB), the BCS provides industry-recognised qualifications that measure competence, ability and performance in information security and related topics.
The key ISEB (BCS Professional Certification) qualifications includes:
For further informaiton, please see the BCS website
Certificate in Information Security Management Principles (CISMP)
This qualification, which is based on ISO27001, provides a base level of knowledge for individuals who are thinking of moving into a security or a security-related function. It also offers the opportunity to those for whom security responsibility is already part of their day-to-day role to enhance or refresh their knowledge. IT Governance offers a dediciated CISMP training course Certificate in Information Security Management Principles.and the supporting course textbook Information Security Management Principles: An ISEB Certificate