ISC2

Certifications Offered By ISC2

The aim of this article is to discuss the certifications offered by ISC2, however, that cannot be possible without speaking on what exactly the ISC2 is and what purpose it serves.

The ISC2 or International Information Systems Security Certification Consortium is a respected, charitable organization that offers vendor-neutral certifications and security related learning.

It was created in 1989, bringing together the SIG-CS or Special Interest Group for Computer Security and numerous other organizations to create a standardized vendor-neutral security certification.

At the center of each ISC2 certification is the CBK or Common Body of Knowledge. The CBK is an outline for defining security principles and industry standards.

Overview of certifications offered by ISC2

The ISC2 has certification programs that cover 6 integral security credentials. They are:

Certified Cloud Security Professional (CCSP)

The CCSP certification is supported by the Cloud Security Alliance and the ISC2. This certification is suited to cloud technology professionals ensuring that data is safe, security risks are recognised and countermeasures are created to combat those risks. The CCSP is generally attained by individuals with advanced skills like system engineers, security administrators, security or enterprise architects.

To qualify for the CCSP certification, you require:

  • A minimum of 5 years fulltime work experience in information technology; 3 of those years have to be in information security; a minimum of 1 year in any of the CCSP CBK domains.
  • The experience requirement is waived for CISSP holders; the CSA CCSK can replace domain experience
  • Get at least 700 points on the CCSP certification exam
  • Adhere to the ISC2’s Ethics Code
  • Be endorsed by a current ISC2 member

The CCAP certification covers the following 6 CBK domains

  1. Cloud Data Security
  2. Cloud Application Security
  3. Architectural Concepts and Design Requirements
  4. Cloud Platform and Infrastructure Security
  5. Legal and Compliance
  6. Operations

HealthCare Information Security and Privacy Practitioner (HCISPP)

The HCISPP certification is focused on consultants and employees that maintain and secure healthcare information. A successful HCISPP candidate has demonstrated expertise in managing, assessing or implementing countermeasures and controls that ensure medical data remains private.

To qualify for the HCISPP certification, you require:

  • 2 years of experience in an HCISSP CBK domain that contains privacy, compliance and security. Legal experience and information management may substitute for compliance and privacy experience. However, there must be healthcare experience.
  • Get at least 700 points on the HCISSP certification exam
  • Adhere to the ISC2’s Ethics Code
  • Be endorsed by a current ISC2 member

Below are the 6 CBK domains that comprise the HCISPP:

  1. Regulatory Environment
  2. Information Risk Assessment
  3. Healthcare Industry
  4. Information Governance and Risk Management
  5. Privacy and Security in Healthcare
  6. Third-Party Risk Management

Certified Secure Software Lifecycle Professional (CSSLP)

This certification is suited to software developers that are interested in application vulnerabilities and cybersecurity. This CSSLP certification recognises the proficiency of a candidate in the SDLC- software development lifecycle and web application security.

To qualify for the CSSLP certification, you require:

  • A minimum of 4 years fulltime SDLC work experience in at least one CSSLP CBK domain
  • Get at least 700 points on the CSSLP certification exam
  • Adhere to the ISC2’s Ethics Code
  • Be endorsed by a current ISC2 member

The CSSLP certification covers the following 8 CBK domains:

  1. Secure Software Requirements
  2. Secure Software Design
  3. Secure Software Testing
  4. Secure Software Concepts
  5. Software Deployment, Operations, and Maintenance
  6. Secure Software Lifecycle Management
  7. Secure Software Implementation/Programming
  8. Supply Chain & Software Acquisition

Certified Authorization Professional (CAP)

The CAP certification was created to identify security officers and enterprise system owners that maintain and authorise information systems, concentrating on balancing countermeasures and security requirements with risk. The CAP certification is perfectly suited for those in the public and private sector with experience in systems administration, IT security, risk management, information assurance, and systems or database development.

To qualify for the CAP certification, you require:

  • A minimum of 2 years fulltime work experience in at least one CAP CBK domain
  • Get at least 700 points on the CAP certification exam
  • Adhere to the ISC2’s Ethics Code
  • Be endorsed by a current ISC2 member

The CAP certification covers the following 7 CBK domains:

  1. Categorization of Information Systems
  2. Security Control Implementation
  3. Monitoring of Security Controls
  4. Selection of Security Controls
  5. Security Control Assessment
  6. Information System Authorization
  7. Risk Management Framework (RMF)

Certified Information Systems Security Professional (CISSP)

The  CISSP aims to recognize IT professionals that can design, manage, architect, and control an organization’s security. Numerous IT professionals view the CISSP as the most valued certification in the security industry.

To qualify for the CISSP certification, you need:

  • At least 5 years of paid fulltime experience in a minimum of 2 CISSP CBK domains. Candidates possessing a Bachelor’s or Master’s degree can have this requirement waived. Additionally, an ISC2 approved credential can be used to substitute a year of the required experience time.
  • Get at least 700 points on the CISSP certification exam
  • Adhere to the ISC2’s Ethics Code
  • Be endorsed by a current ISC2 member

The CISSP certification covers the following 8 CBK domains:

  1. Asset Security
  2. Security and Risk Management
  3. Communications and Network Security
  4. Security Engineering
  5. Security Assessment and Testing
  6. Identity and Access Management (IAM)
  7. Software Development Security
  8. Security Operations

Systems Security Certified Practitioner (SSCP)

Numerous security professionals typically begin their career by successfully sitting for the SSCP certification. This credential is awarded to professionals that comprehend basic security concepts, understand how to utilise fundamental security tools, monitor systems as well as ensure countermeasures are maintained to prevent security breaches.

To be able to attempt the SSCP certification, a candidate needs the following:

  • At least a year of paid full-time work experience in at least one CBK Common Body of Knowledge domain
  • Get at least 700 points on the SSCP certification exam
  • Adhere to the ISC2’s Ethics Code
  • Be endorsed by a current ISC2 member

SSCP candidates that have a bachelor’s degree or a master’s degree in some pre-approved disciplines like cybersecurity, computer engineering, computer science, systems engineering, Information technology or MIS- Management Information Systems can meet the work experience portion of the requirements.

The 7 domains are:

  1. Access controls
  2. Risk Identification, Monitoring and Analysis
  3. Security Operations and Administration
  4. Cryptography
  5. Incident Response and Recovery
  6. Systems and Application Security
  7. Networks and Communication Security