Wednesday, April 01, 2009


Information security is only growing in importance. Whatever an organization’s mission, product, or service, its information security is paramount.

Many readers of this column have asked me about IT security courses and certifications. Which one is the most suitable and whether these courses are available locally. I want to oblige today and list three essential IT security certifications.

These security certifications can significantly bolster your curriculum vitae and assist in job retention. Generally, choosing which certification you do is dependent on the career road map you have outlined for yourself.

So once you have decided that your career road map is IT security, it is important to appreciate that the best certification for you depends on your education, skills, and goals. For this reason, when pursuing any professional accreditation you should give much care and thought to your experience, skills, goals, education and desired career path.

One of the pre-eminent IT security accreditations is the Certified Information Systems Security Professional (CISSP). This certification is administered by the International Information Systems Security Certification Consortium, commonly known as (ISC)². (ISC)² is a global vendor neutral not-for-profit organization that provides various information security certification programs.

CISSP is a globally respected certification that is designed for security industry professionals with at least five years of full-time experience. It is internationally recognized for validating a candidate’s expertise with operations, network and physical security, as well as the ability to manage risk and understand legal compliance responsibilities and other security related elements.

The exam is particularly daunting. It consists of 250 questions with four options each and is six hours long. You can obtain more information from

Another accreditation worth pursuing is Security+ offered by the Computing Technology Industry Association (CompTIA). This certification is vendor neutral and recommends at least two years of on-the-job technical networking experience. It validates knowledge on organizational security, cryptography, assessments and audits, access control security systems, access control and network infrastructure. You can find out more about Security+ from

There are, of course, other security certifications out there. The Certified Information Security Manager (CISM) certification is for security professionals who manage, design, oversee and/or assess an organization’s information security. CISM is offered by ISACA. The website is

Certification in itself is not the end. These certifications should instead be pursued with the aim of enhancing your IT security skills and providing an additional competitive advantage that sets you apart from the crowded IT field.

No comments: