Thursday, April 10, 2008

Certifications Galore .... a listing from the top of my head

Why does it always happen that procrastinating, intermittently dedicated, taxed-for-time bloggers like myself get a rush of blogorenalin (blogging adrenalin) as proportional to the current intellectual biorhythm. Well I really do not know, and I shall surely spend some time (whenever I have more of this commodity) in researching this paradox. In the meanwhile, back to my task for the day ........ this blog.

This task is actually one which is very close to my heart and as a die-hard InfoSec person, I want to extend my reach to anyone and everyone who wants to take up this profession. Usually I will always try to make time if anyone wants to discuss their career paths and options in the quest for certification, so here I am going to try to create the mother of all lists - a list of certifications related to the Information Security domain which includes GRC (Governance, Risk and Compliance) and BCP/DR and ERM and IdM etc etc

Until I create separate sections for each of these certifications providing additional information, I am providing links to the website of the organization which conducts the exam and provides the certification. There is a disclaimer too (it is a dangerous world and disclaimers are necessary before making any claims :) )
........ this list may be the mother of all lists, but does not claim to be complete; neither do I claim that similar certification is not provided any other organization. There are a lot of organizations, each respected and recognized, offering various certifications - for example there are a number of organizations which offer certifications in Risk Management and I may have listed a couple of them. This list is in no particular order, and you will note it is not alphabetical too !!

This list will guide you to the various certifications. Check this out, then check out the salary survey. Then list your skills and your goals......... and decide what you want to do !! Research for each certification and you will find others. I have made an effort to list the most well known ones (at least these are the ones I have come across in my experience and interactions with InfoSec professionals) ........ Yes if you can contribute to this list, please do drop a comment on this page.

[1] Certified Information Security Auditor (CISA)
[2] Certified Information Security Manager (CISM)
[3] Certified Information Systems Security Professional (CISSP)
[4] Certified Internal Auditor (CIA)
[5] Certified Fraud Examiner (CFE)
[6] Certified Business Continuity Professional (CBCP)
[7] ITIL (is not a certification, but has three (?) certification levels)
- ITIL Foundation
- ITIL Practitioner
- ITIL Manager
[8] - ISO 27001 (again this is not a certification but then there are certifications for Implementation or for Lead Auditors. There are a number of institutions providing the training leading to certification as an
- ISO:27001 Implementation professional
- ISO:27001 - Lead Auditor
[9] Certified Ethical Hacker (CEH)
[10] Certified Information Privacy Professional (CIPP)
[11] Certfied Vulnerability Assessor (CVA)
[12] GIAC Certified Forensics Analyst (GCFA)
[13] SIA's Certified Security Project Manager (CSPM)
[14] Certified in the Governance of Enterprise IT™ (CGEIT™)
[15] EnCase® Certified Examiner (EnCE®)
[16]
[17]
[18]




No comments: