2

A nonprofit organization created to provide an international standard for information security practitioners. The (ISC)2 developed both the SSCP (Systems Security Certified Professional) certification and the CISSP (Certified Information Systems Security Professional) certification. These certifications indicate the Common Body of Knowledge (CBK) required by information security practitioners. Because the SSCP and CISSP certifications focus on the practices, responsibilities, and roles of information security practitioners, they are seen as being useful for advancing practitioners’ careers and adding to their credibility.

The CISSP Certification examination has 250 questions and assesses 10 information systems security domains relating to the CBK (such as access control systems and methodology; applications and system development; business continuity planning; cryptography; and law, investigation, and ethics). On top of the basic CISSP Certification, professionals in good standing can obtain certifications in one of three concentration areas: Security Engineering, Security Architecture, and Security Management. The corresponding certificates are, respectively, ISSEP, ISSAP, and ISSMP.

The SSCP examination has 125 questions and assesses seven information systems security domains relating to the CBK (such as Access Controls, Administration, Audit and Monitoring, Cryptography, and Response and Recovery).

See Also: Access Control; Administrator; Cryptography or “Crypto”; SANS Institute.