Professional Certification

To help increase the professionalism and integrity of the information assurance community, several organizations have created certifications that an individual may achieve. These are used to demonstrate knowledge and experience in the IA community.

Note: This list is not meant to be an exhaustive list or represent all of the certifications avaliable. Also only a selection of certification organizations are represented. Those seeking professional certifications are encouraged to research certifications based on desired topics and the awarding body when making certification decisions.

Individual Certification
Certification Issued By: Summary of Certifications
CASP CompTIA CompTIA Advanced Security Practitioner
Security + CompTIA An industry standard foundational skills certification.
CAP ISC2 Certified Authorization Professional
CISSP ISC2 Certified Information Systems Security Professional - Designed to recognize mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK).
SSCP ISC2 Systems Security Certified Practitioner - The seven domain covered by examination include - Access Controls, Administration, Audit and Monitoring, Risk, Response and Recovery, Cryptography, Data Communications, and Malicious Code/Malware
CISA ISACA Certified Internal Systems Auditor
CISM ISACA Certified Information Security Manager
CRISC ISACA Certified in Risk and Information Systems Control
GSEC SANS GIAC Security Essentials
GISP SANS GIAC Information Security Professional
GPEN SANS GIAC Penetration Tester
Organizational Certification
Name Summary
ISO 27000 A series of organizational management standards given by the International Standards Organization(ISO). These standards cover topics such as Risk, Controls, Incident Managment. Organizations may be certified against some of the standards. Some standards are listed as guidelines/best practices and may not be certified against. (Other/Former names BS7799, ISO 17799)