Independent Organization Certifications
These certifications are designed to meet the needs of the employers who want to be assured that the certification holders have significant expertise in solving real-world problems. In many cases, they’re also in a profit making business. When an organization like the (ISC)2 or ISACA collects $500 from each examinee and tests a few thousand candidates a year, millions of dollars of revenue are being generated. Those certifications are generally much harder to get than the vendor or training organization certifications, but as a result, they’re more valuable to both the holder and the employer.
Because of the cost, the sponsors compete with each other to promote the value of their certification over another. The problem is that there are multiple audiences for any certification and multiple reasons for creating them.
Independent (non-vendor specific) Certifications
Certification | Organization | Goals/Definition | Prerequisites |
CISSP | (ISC)2 | "The CISSP was established to certify those professionals who have attained professional expertise in the field of InfoSec" | Four years full time InfoSec experience (or 3 plus a college degree) plus exam in ten topic areas plus recertification via continuing professional education requirements |
CIWSA: CIW Security Analyst | CIW | Certifies that IT professionals can start a security policy, recognize security threats and use firewalls, VPNs and IDSes | Baseline certification (e.g., MCSE, CCNP, CNE, and others) plus exam |
Security + | CompTIA | "Technical knowledge of foundation-level security administrators" | None. Pass tests given via Prometric |
CCISM: Certified Counter-Espionage and Information Security Manager | Espionage Research Institute | CCISM prepares managers to deal with "all kinds of threats to information." | Background Investigation required. Courses by distance learning. |
CCO: Certified Confidentiality Officer | Business Espionage Controls & Countermeasures Association (BECCA) | "The mission of the CCO is to protect the employer from compromise or theft of sensitive data." "The CCO is the only management level certification in the field of InfoSec. | Five modules plus tests |
CISA: Certified Information Systems Auditor | ISACA | Holders have measured excellence in the areas of IS auditing, control and security | 120 question exam given annually, plus continuing professional education credit requirements |
CISM: Certified Information Systems Manager | ISACA | This certificate has a business oriented focus. Holders have experience in information risk management assessment and technical security design. | 120 question exam given annually, plus continuing professional education credit requirements |
SSCP:Systems Security Certified Practitioner | ISC2 | Practitioners who hold this certificate have demonstrated knowledge of seven areas of expertise. It is designed as an intermediate certificate to be earned while gaining the experience and knowledge necessary for the CISSP | 125 question exam, plus continuing professional education credit requirements |
SCNP: Security Certified Network Professional | PKI Academy | The SCNP focuses on defensive technologies such as Firewalls, VPNs and IDSes. Level 2 certification adds trusted communication such PKI, Biometrics and Cryptography | One exam for level 1 and a second exam for level 2. Recertification every two years. |
CWNA: Certified Wireless Network Administrator | Planet Three Wireless | Introductory certification for new wireless technology | Written exam (via Prometric) |
CWNE: Certified Wireless Security Expert | Planet Three Wireless | Highest level of P3W program. Includes packet and protocol analysis, plus CWNI certification | Written exam (via Prometric) plus lab and annual recertification |
CWNI: Certified Wireless Networking Integrator | Planet Three Wireless | Covers advanced RF technologies and the skills necessary to combine existing wired networks into newer wireless technologies | Written exam (via Prometric) [not yet available] |
CWSP: Certified Wireless Security Professional | Planet Three Wireless | Measures an IT Professional's knowledge of how to defend a wireless network from LAN intruders | Written exam (via Prometric) |
cSAGE | SAGE Certification | For junior level system administrators seeking verifiable validation of their abilities. | One year experience (paid, student or volunteer) as a system admin over a network serving more than one station and more than one user. |
GCFW: GIAC Firewall Analyst | SANS Institute | Certifies the ability to design, implement, maintain and troubleshoot firewalls and VPNs | Practical assignment (research paper) plus exam plus recertification (every 4 years) |
GCIA: GIAC Intrusion Analyst | SANS Institute | Certifies the ability to implement and administer network based and host based intrusion detection systems | Practical assignment (research paper) plus exam plus recertification (every 4 years) |
GCIH: GIAC Incident Handler | SANS Institute | Certifies the ability to understand, anticipate and defend against common hacker attacks and act as members of a computer emergency response team | Practical assignment (research paper) plus exam plus recertification (every 2 years) |
GCNT: GIAC Windows Security Administrator | SANS Institute | Certifies the ability to implement, administer, maintain and troubleshoot Windows 2000 and NT systems and networks | Practical assignment (research paper) plus exam plus recertification (every 2 years) |
GCUX: GIAC Unix Security Administrator | SANS Institute | Certifies the ability to implement, administer, maintain and troubleshoot Unix/Linux systems and networks | Practical assignment (research paper) plus exam plus recertification (every 2 years) |
GSNA: GIAC Systems Network Auditor | SANS Institute | Certifies the ability to audit secure computer network installations | Practical assignment (research paper) plus exam plus recertification (every 2 years) |
ICSA Practitioner | TrueSecure | Focuses on foundation-level knowledge and certifies that the holder has the essential knowledge to participate enterprise security decisions | Two years of experience or 48 hours of approved conference/seminar attendance plus exam, plus an additional 48 hours per year of continuing professional education. |