Information security qualifications
Formal information security certifications are essential for the career development of any information security professional. The most widely recognised include qualifications from IBITGQ, ISACA, (ISC)² and BCS.
Details of examining bodies are provided below, together with links to our relevant training courses, official study guides and books.
IBITGQ – International Board of IT Governance Qualifications
IBITGQ awards internationally recognised certificates to candidates who have completed and passed an IBITGQ approved examination.
IBITGQ qualifications currently include:
For further information, please see the IBITGQ website.
(ISC)² – International Information Systems Security Certification Consortium
((ISC)² is a not-for-profit organisation that developed the information security common body of knowledge (CBK) and a certification programme for information systems security professionals.
The 6 key (ISC)² qualifications are:
CISSP – Certified Information Systems Security Professional
The CISSP certification provides information security professionals with an objective measure of competence and a globally recognised standard of achievement. The CISSP credential suits mid and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.
For experienced information security professionals with an existing (ISC)² qualification in good standing, (ISC)² Concentrations demonstrate in-depth knowledge of a subject area.
- ISSAP Concentration in Architecture
- ISSEP Concentration in Engineering
- ISSMP Concentration in Management
CAP – Certification and Accreditation Professional
The CAP credential is specifically designed for security professionals involved in certification and accreditation. This qualification supports individuals who formalise processes used to assess risk and establish security requirements, as well as ensuring information systems have appropriate security controls in place to reduce the exposure to potential risk.
SSCP – Systems Security Certified Practitioner
The SSCP certification is for information security technicians who have implementation experience. The SSCP credential is ideal for those working toward or who have already attained positions as Senior Network Security Engineers, Senior Security Systems Analysts or Senior Security Administrators.
BCS – British Computer Society
The British Computer Society (BCS) is the UK's Chartered Institute for IT. Through the BCS Professional Certifications portfolio (formally known as ISEB), the BCS provides industry-recognised qualifications that measure competence, ability and performance in information security and related topics.
The key BCS Professional Certification qualifications include:
- Certificate in Information Security Management Principles (CISMP)
- Certificate in Freedom of Information
- Certificate in Information Assurance Auditing
- Certificate in Information Assurance Compliance
- Certificate in Information Systems Security Management
- Certificate in Security and Information Risk Consultancy
- Certificate in Security Architecture
CISMP – Certificate in Information Security Management Principles
The CISMP qualification, which is based on ISO27001, provides a base level of knowledge for individuals who are thinking of moving into a security or a security-related function. It also offers those for already working in a role with security responsibility an opportunity to enhance or refresh their knowledge.
IT Governance offers a dedicated CISMP training course Certificate in Information Security Management Principles and the supporting course textbook Information Security Management Principles: An ISEB Certificate