Desirable Certifications
The traditional gold standard among information security professionals is the CISSP from (ISC)2. The CISSP is vendor neutral and targets 10 areas within the security common body of knowledge (CBK), ranging from cryptography to law, investigation, and ethics. The certification exam has 250 multiple-choice questions, and candidates have as many as 6 hours to complete it. Plenty of study aids exist online and for sale as book and CD-ROM combinations, and (ISC)2 and many training companies offer CISSP exam preparation classes. If you join the Information Systems Security Association (ISSA), an organization closely related to (ISC)2, you can participate in yearly study groups led by a CISSP. The CISSP requires 4 years of direct full-time security professional work experience in one or more of the exam's test domains.
The CISSP covers a broad subject area, and some of its domains are areas that a more technical IT security pro might never touch. Or, perhaps you haven't worked for 4 years as a full-time security professional. In those cases, an alternative certification to the CISSP is the (ISC)2 's SSCP, which targets more hands-on, practical areas of information security. The SSCP exam contains half the number of questions that the CISSP exam does and requires only 1 year of cumulative work experience in one or more of seven test domains. However, don't assume that the SSCP is just a subset of the CISSP. The SSCP goes into more detail in certain areas than the CISSP does. The SSCP is a good place to start if you already have some experience, a good understanding of information security at the technical level, and don't want to spend a lot of time preparing for the CISSP exam's 10 domains. . . .
Register
