Credentialing is the process of establishing the qualifications of licensed professionals, organizational members or organizations, and assessing their background and legitimacy.
In the Computer security or Information security fields, there are a number of tracks a professional can take to demonstrate qualifications. Four sources categorizing these, and many other credentials, licenses and certifications, are: 1. Schools and Universities; 2. "Vendor" sponsored credentials (e.g. Microsoft, Cisco); 3. Association and Organization sponsored credentials; 4. Governmental (or quasi governmental) body sponsored licenses, certifications and credentials.
Quality and acceptance vary worldwide for IT security credentials, from well-known and high quality examples like a master's degree in the field from an accredited school, CISSP, and Microsoft certification, to a controversial list of many dozens of lesser known credentials and organizations.
In addition to certification obtained by taking courses and/or passing exams (and in the case of CISSP and others noted below, demonstrating experience and/or being recommended or given a reference from an existing credential holder), award certificates also are given for winning government, university or industry sponsored competitions, including team competitions and contests.
Scope note: This article is about the certification and credentialing of individuals. It does not include certification of organizations or classified computer systems by authorizing, accrediting and approval bodies and authorities as meeting a prescribed set of safeguards.
List of certifications
editCredential abbreviation | Certification Title | Issuing Organization | Focus | Costs[Notes 1] | Validity duration | Number issued | ||
---|---|---|---|---|---|---|---|---|
Preparation | Exam | Renewal fee | ||||||
CISSP | Certified Information Systems Security Professional | (ISC)² | Leadership, Operations | - | 699 US$[1] | 85 US$ (anually)[2] | 3 years (continuously)[2] | 127,734[3] |
CISSP-ISSAP | Information Systems Security Architecture Professional | Architecture | - | 599 US$[1] | 35 US$ (anually)[Notes 2][4] | 3 years (continuously)[4] | 1,952[3] | |
CISSP-ISSEP | Information Systems Security Engineering Professional | Engineering | - | 599 US$[1] | 35 US$ (anually)[Notes 2][4] | 3 years (continuously)[4] | 1,147[3] | |
CISSP-ISSMP | Information Systems Security Management Professional | Management | - | 599 US$[1] | 35 US$ (anually)[Notes 2][4] | 3 years (continuously)[4] | 1,196[3] | |
SSCP | Systems Security Certified Practitioner | IT-Administration | - | 249 US$[1] | 65 US$ (anually)[5] | 3 years (continuously)[5] | 4,319[3] | |
CCSP | Certified Cloud Security Professional | Cloud | - | 599 US$[1] | 100 US$ (anually)[6] | 3 years (continuously)[6] | 3,549[3] | |
CAP | Certified Authorization Professional | Authorization | - | 599 US$[1] | 65 US$ (anually)[7] | 3 years (continuously)[7] | 2,671[3] | |
CSSLP | Certified Secure Software Lifecycle Professional | Software Security | - | 599 US$[1] | 100 US$ (anually)[8] | 3 years (continuously)[8] | 2,214[3] | |
HCISPP | HealthCare Information Security and Privacy Practitioner | Healthcare | - | 599 US$[1] | 65 US$ (anually)[9] | 3 years (continuously)[9] | 1,110[3] | |
Security+ | CompTIA Security+ | CompTIA | IT-Administration | - | 330 US$[10] | 50 US$ (anually)[Notes 3][11] | 3 years[12] | |
CySA+ | CompTIA Cyber Security Analyst | Intrusion Detection | - | 346 US$[10] | 50 US$ (anually)[Notes 3][11] | 3 years[13] | ||
PenTest+ | CompTIA Pentest+ | Penetration Testing | - | 346 US$[14] | ||||
CASP | CompTIA Advanced Security Practitioner | Operations | - | 439 US$[10] | 50 US$ (anually)[Notes 3][11] | 3 years[15] | ||
CISA | Certified Information Systems Auditor | ISACA | ||||||
CISM | Certified Information Security Manager | |||||||
CRISC | Certified In Risk and Information Systems Control | |||||||
GSEC | Security Essentials | GIAC | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | |
GCIA | Certified Intrusion Analyst | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GISF | GIAC Information Security Fundamentals | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCED | Certified Enterprise Defender | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCWN | Certified Windows Security Administrator | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GPPA | Certified Perimeter Protection Analyst | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GMON | Continuous Monitoring Certification | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCCC | Critical Controls Certification | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCUX | Certified UNIX Security Administrator | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCDA | Certified Detection Analyst | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GDAT | Defending Advanced Threats | Cyber Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCIH | Certified Incident Handler | Penetration Testing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GPEN | Penetration Tester | Penetration Testing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GWAPT | Web Application Penetration Tester | Penetration Testing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GXPN | Exploit Researcher and Advanced Penetration Tester | Penetration Testing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GMOB | Mobile Device Security Analyst | Penetration Testing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GAWN | Assessing and Auditing Wireless Networks | Penetration Testing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GPYC | Python Coder | Penetration Testing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCFA | Certified Forensic Analyst | Forensics | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCFE | Certified Forensic Examiner | Forensics | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GREM | Reverse Engineering Malware | Forensics | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GNFA | Network Forensic Analyst | Forensics | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GCTI | Cyber Threat Intelligence | Forensics | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GASF | Advanced Smartphone Forensics | Forensics | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GSLC | Security Leadership | Leadership, Operations | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GSNA | Systems and Network Auditor | Auditing | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GISP | Information Security Professional | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | |||
GLEG | Law of Data Security & Investigations | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | |||
GCPM | Certified Project Manager | Leadership, Operations | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GSTRT | Strategic Planning, Policy, and Leadership | Leadership, Operations | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GSSP-JAVA | Secure Software Programmer-Java | Software Security | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GSSP-.NET | Secure Software Programmer- .NET | Software Security | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GWEB | Certified Web Application Defender | Software Security | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | ||
GICSP | Global Industrial Cyber Security Professional | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | |||
GRID | Response and Industrial Defense | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | |||
GCIP | Critical Infrastructure Protection | -[16] | 1,899 US$[17] | 429 US$[Notes 4][18] | 4 years[18] | |||
CSCU | Certified Secure Computer User | EC-Council | 125 US$[19] | -[Notes 5] | 20 US$ (anually)[Notes 6][20] | lifetime[21] | ||
CND | Certified Network Defender | IT-Administration | 100 US$[19] | 350 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
CEH | Certified Ethical Hacker | Penetration Testing | 100 US$[19] | 950 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
CEH (Practical) | Certified Ethical Hacker (Practical) | Penetration Testing | -[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | |||
ECSA | EC-Council Certified Security Analyst | Penetration Testing | 100 US$[19] | 999 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
ECSA (Practical) | EC-Council Certified Security Analyst (Practical) | Penetration Testing | -[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | |||
LPT (Master) | Licensed Penetration Tester (Master) | Penetration Testing | -[19] | 899 US$[19] | 250 US$ (anually)[19] | 1 year[Notes 7][19] | ||
CCISO | Certified Chief Information Security Officer | Leadership, Management | 100 US$[19] | 999 US$[19] | 100 US$ (anually)[22] | 1 year[23] | ||
ECIH | EC-Council Certified Incident Handler | Incident Handling | 100 US$[19] | 199 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
CHFI | Certified Hacking Forensic Investigator | Intrusion Detection | 100 US$[19] | 500 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
EDRP | EC-Council Disaster Recovery Professional | Disaster Recovery | 100 US$[19] | 350 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
ECES | EC-Council Certified Encryption Specialist | Encryption | 100 US$[19] | 199 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
CASE Java | Certified Application Security Engineer Java | Software Security | 100 US$[19] | 350 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
CASE .Net | Certified Application Security Engineer .Net | Software Security | 100 US$[19] | 350 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
ECSS | EC-Council Certified Security Specialist | IT-Administration | 100 US$[19] | 199 US$[19] | 80 US$ (anually)[Notes 6][20] | 3 years[21] | ||
C)SP+ | Certified Security Principles+ | Mile2 | Universal | -[24] | 400 US$[24] | 3 years[25] | ||
C)SA1 | Certified Security Awareness 1 | Leadership, Management | -[24] | 200 US$[24] | 3 years[25] | |||
C)VA | Certified Vulnerability Assessor | Penetration Testing | -[24] | 400 US$[24] | 3 years[25] | |||
C)VCP | Certified Virtualization and Cloud Principles | Cloud | -[24] | 400 US$[26] | 3 years[25] | |||
C)ISSM | Certified Information Systems Security Manager | Management | -[24] | 400 US$[24] | 3 years[25] | |||
C)ISSO | Certified Information Systems Security Officer | Universal | -[24] | 400 US$[24] | 3 years[25] | |||
C)PEH | Certified Professional Ethical Hacker | Penetration Testing | -[24] | 400 US$[24] | 3 years[25] | |||
C)DFE | Certified Digital Forensics Examiner | Forensics | -[24] | 400 US$[27] | 3 years[25] | |||
C)VE | Certified Virtualization Engineer | Cloud | -[24] | 400 US$[24] | 3 years[25] | |||
C)ISRM | Certified Information Systems Risk Manager | Management | -[24] | 400 US$[24] | 3 years[25] | |||
IS20Controls | IS20 security controls | Leadership, Management | -[24] | 400 US$[24] | 3 years[25] | |||
C)PTE | Certified Penetration Testing Engineer | Penetration Testing | -[24] | 400 US$[24] | 3 years[25] | |||
C)IHE | Certified Incident Handling Engineer | Incident Handling | -[24] | 400 US$[24] | 3 years[25] | |||
C)VFE | Certified Virtualization Forensics Examiner | Forensics | -[24] | 400 US$[28] | 3 years[25] | |||
C)DRE | Certified Disaster Recovery Engineer | Disaster Recovery | -[24] | 400 US$[24] | 3 years[25] | |||
C)HISSP | Certified Healthcare Information Systems Security Practitioner | Healthcare | -[24] | 400 US$[24] | 3 years[25] | |||
C)ISMS-LA | Certified Information Security Management Systems—Lead Auditor | Auditing | -[24] | 400 US$[24] | 3 years[25] | |||
C)ISMS-LI | Certified Information Security Management Systems—Lead Implementer | Auditing | -[24] | 400 US$[24] | 3 years[25] | |||
C)SWAE | Certified Secure Web Application Engineer | Software Security | -[24] | 400 US$[24] | 3 years[25] | |||
C)CSO | Certified Cloud Security Officer | Cloud | -[24] | 400 US$[24] | 3 years[25] | |||
C)VSE | Certified Virtualization Security Engineer | Virtualization | -[24] | 400 US$[29] | 3 years[25] | |||
ISCAP | Information Systems Certification and Accreditation Professional | Management | -[24] | 400 US$[24] | 3 years[25] | |||
C)SLO | Certified Security Leadership Officer | Leadership, Management | -[24] | 400 US$[24] | 3 years[25] | |||
C)PTC | Certified Penetration Testing Consultant | Penetration Testing | -[24] | 400 US$[24] | 3 years[25] | |||
C)NFE | Certified Network Forensics Examiner | Forensics | -[24] | 400 US$[24] | 3 years[25] | |||
C)ISSA | Certified Information Systems Security Auditor | Auditing | -[24] | 400 US$[24] | 3 years[25] | |||
C)VDE | Certified Virtual Desktop Engineer | Virtualization | -[24] | 400 US$[30] | 3 years[25] | |||
C)ISS | Certified IPv6 Security Specialist | Management | -[24] | 400 US$[31] | 3 years[25] | |||
OSCP | Offensive Security Certified Professional | Offensive Security | ||||||
OSWP | Offensive Security Wireless Professional | |||||||
OSCE | Offensive Security Certified Expert | |||||||
OSEE | Offensive Security Exploitation Expert | |||||||
OSWE | Offensive Security Web Expert | |||||||
EITCA/IS | EITCA Information Technologies Security Academy | EITCI | ||||||
CCNA Security | Cisco Certified Network Associate - Security | Cisco | ||||||
CCNP Security | Cisco Certified Network Professional - Security | |||||||
CCIE Security | Cisco Certified Internetwork Expert - Security | |||||||
CCNA CyberOps | Cisco Certified Network Associate - CyberOps | |||||||
Check Point Certified Security Administrator | Check Point | |||||||
CCSE | Check Point Certified Security Expert | |||||||
CIPP | Certified Information Privacy Professional | IAPP | ||||||
CIPM | Certified Information Privacy Manager | |||||||
CIPT | Certified Information Privacy Technologist | |||||||
eLearnSecurity Certified Junior Penetration Tester | eLearnSecurity | |||||||
eCPPT | eLearnSecurity Certified Professional Penetration Tester | |||||||
eWPT | eLearnSecurity Web Application Penetration Tester | |||||||
eMAPT | eLearnSecurity Mobile Application Penetration Tester | |||||||
eNDP | eLearnSecurity Network Defense Professional | |||||||
eCRE | eLearnSecurity Certified Reverse Engineer | |||||||
eCTHP | eLearnSecurity Certified Threat Hunting Professional | |||||||
eCPTX | eLearnSecurity Certified Penetration Tester eXtreme | |||||||
CPSA | CREST Practitioner Security Analyst | CREST | ||||||
CRT | CREST Registered Penetration Tester | |||||||
CCT-APP | CREST Certified Web Application Tester | |||||||
CCT-Infra | CREST Certified Infrastructure Tester | |||||||
CC SAS | CREST Certified Simulated Attack Specialist | |||||||
CC SAM | CREST Certified Simulated Attack Manager | |||||||
CEPT | Certified Expert Penetration Tester | IACRB | ||||||
CPT | Certified Penetration Tester | |||||||
CREA | Certified Reverse Engineering Analyst | |||||||
CASS | Certified Application Security Specialist | |||||||
CSSA | Certified SCADA Security Architect | |||||||
CMFE | Certified Mobile Forensics Examiner |
See also
editNotes
edit- ^ Additional costs for training material, courses and seminars may apply.
- ^ a b c in addition to CISSP renewal fees
- ^ a b c Renewal fees only apply for the highest certificate.
- ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj In a two-year period after a renewal, additional renewals cost only 219 US$ per certificate
- ^ Only available in combination with courseware. Bundle price see Preparation.
- ^ a b c d e f g h i j k l m Fees apply per member, not per certificate. No additional fees for members that also hold CCISO or LPT certificate.
- ^ First validation period after exam is 2 years.
References
edit- ^ a b c d e f g h i "(ISC)² Exam Pricing | (ISC)²". www.isc2.org. Retrieved 2018-07-24.
- ^ a b "Certified Information Systems Security Professional (CISSP) - GoCertify". www.gocertify.com. Retrieved 2018-07-24.
- ^ a b c d e f g h i "Member Counts | How Many (ISC)² Members Are There Per Certification | (ISC)²". www.isc2.org. Retrieved 2018-07-24.
- ^ a b c d e f "IT Security Architect, Engineer, and Management Certifications | CISSP Concentrations | (ISC)²". www.isc2.org. Retrieved 2018-07-24.
- ^ a b "IT Security Certification | SSCP - Systems Security Certified Practitioner | (ISC)²". www.isc2.org. Retrieved 2018-07-24.
- ^ a b "Cloud Security Certifications: CCSK vs CCSP – Confidis". www.confidis.co. Retrieved 2018-07-24.
- ^ a b "Security Authorization Certification | CAP - Certified Authorization Professional | (ISC)²". www.isc2.org. Retrieved 2018-07-24.
- ^ a b "Software Security Certification | CSSLP - Certified Secure Software Lifecycle Professional | (ISC)²". www.isc2.org. Retrieved 2018-07-24.
- ^ a b "Healthcare Security Certification | HCISPP - HealthCare Information Security and Privacy Practitioner | (ISC)²". www.isc2.org. Retrieved 2018-07-24.
- ^ a b c "Exam Prices | Testing | CompTIA IT Certifications". certification.comptia.org. Retrieved 2018-07-24.
- ^ a b c "CE Program Fees | Continuing Education | CompTIA IT Certifications". certification.comptia.org. Retrieved 2018-07-24.
- ^ "CompTIA Security+ Certification". certification.comptia.org. Retrieved 2018-07-24.
- ^ "CompTIA (CySA+) Cybersecurity Analyst+ Certification | CompTIA IT Certifications". certification.comptia.org. Retrieved 2018-07-24.
- ^ "PenTest+ (Plus) Certification | CompTIA IT Certifications". certification.comptia.org. Retrieved 2018-07-24.
- ^ "(CASP) Advanced Security Practitioner Certification | CompTIA IT Certifications". certification.comptia.org. Retrieved 2018-07-24.
- ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj "List of GIAC Information and Cyber Security Certifications". www.giac.org. Retrieved 2018-08-26.
- ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj "GIAC Forensics, Management, Information, IT Security Certifications". www.giac.org. Retrieved 2018-08-26.
- ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj ak al am an ao ap aq ar as at au av aw ax ay az ba bb bc bd be bf bg bh bi bj bk bl bm bn bo bp bq br bs bt "How to Renew Your GIAC Security Certification". www.giac.org. Retrieved 2018-08-26.
- ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac "Application Process Eligibility". cert.eccouncil.org. Retrieved 2018-07-24.
- ^ a b c d e f g h i j k l m "Membership". cert.eccouncil.org. Retrieved 2018-07-24.
- ^ a b c d e f g h i j k l m "ECE Policy". cert.eccouncil.org. Retrieved 2018-07-24.
- ^ "CISO FAQ - EC-Council". EC-Council. Retrieved 2018-07-24.
- ^ "CISO FAQ - EC-Council". EC-Council. Retrieved 2018-07-24.
- ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj ak al am an ao ap aq ar as at au av aw ax "Exam Combos | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.
- ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab "Mile2 Continuing Education (CEU) Program | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.
- ^ "Certified Virtualization Principles | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.
- ^ "Mile2® - Certified Digital Forensics Examiner | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.
- ^ "Certified Virtualization Forensics Examiner | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.
- ^ "Certified Virtualization Security Engineer | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.
- ^ "Certified Virtual Desktop Engineer | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.
- ^ "Certified IPv6 Security Specialist | Mile2® - Cyber Security Certifications". mile2.com. Retrieved 2018-08-21.