2. Why Certification Matters
In a world fraught with securitythreats, the need for skilled and knowledgeable information securityprofessionals has
never been greater. Your experience in the field is an importantcomponentofyour value to an employer,
but experience isn’tenough.Employers need something quantifiable and verifiable to show them you have the
expertise they need.
The Value of (ISC) ²® Certification
(ISC)² is acknowledged as the global,not-for-profitleader in educating and certifying information security
professionals throughouttheir careers.Our reputation has earned our information securitycertifications
and information securitytraining programs recognition as the Gold Standard of the industry.
When you become certified through (ISC)², you gain:
Tested and verifiable proofof proficiency in your field.
Higher salaryand promotion potential.
Entry into one of the largestcommunities ofrecognized information securityprofessionals in the world.
Access to unparalleled global resources,peer networking,mentoring,and a wealth of ongoing information security
opportunities.
Certificate About Vendor Cost Exams
CISSP - Certified
Information Systems
Security
Professional
CISSPs are information
assurance professionals
who define the
architecture, design,
management and/or
controls that assure the
security of business
environments. This was
the first certification in
the field of information
security to meet the
stringent requirements
of ISO/IEC Standard
17024.
(ISC)² $85
Per
year.
3 year
Access Control
Telecommunications and
Network Security
Information Security
Governance and Risk
Management
Software Development
Security
Cryptography
Security Architecture and
Design
Operations Security
Business Continuity and
Disaster Recovery Planning
Legal,
Regulations, Investigations,
and Compliance
Physical (Environmental)
Security
3. SSCP - Systems
Security Certified
Practitioner
The SSCP certification is
the ideal credential for
those with proven
technical skills and
practical security
knowledge in hands-on
operational IT roles. It
provides industry-
leading confirmation of
a practitioner’s ability
to implement, monitor
and administer IT
infrastructure in
accordance with
information security
policies and procedures
that ensure data
confidentiality, integrity
and availability.
(ISC)² $250 Access Controls
Cryptography
Malicious Code and Activity
Monitoring and Analysis
Networks and
Communications
Risk, Response and
Recovery
Security Operations and
Administration
CAP - Certified
Authorization
Professional
The Certified
Authorization
Professional (CAP)
certification is an
objective measure of the
knowledge, skills and
abilities required for
personnel involved in
the process of
authorizing and
maintaining information
systems. Specifically,
this credential applies
to those responsible for
formalizing processes
used to assess risk and
establish security
requirements and
documentation. Their
decisions will ensure
that information
systems possess
security commensurate
with the level of
exposure to potential
risk, as well as damage
(ISC)² $469 Risk Management
Framework (RMF)
Categorization of
Information Systems
Selection of Security
Controls
Security Control
Implementation
Security Control
Assessment
Information System
Authorization
Monitoring of Security
Controls
4. to assets or individuals.
CCFP- Certified
Cyber Forensics
Professional
The evolving field of
cyber forensics requires
professionals who
understand far more
than just hard drive or
intrusion analysis. The
field requires CCFP
professionals who
demonstrate
competence across a
globally recognized
common body of
knowledge that includes
established forensics
disciplines as well as
newer challenges, such
as mobile forensics,
cloud forensics, anti-
forensics, and more.
(ISC)² $549 Legal and Ethical Principles
Investigations
Forensic Science
Digital Forensics
Application Forensics
Hybrid and Emerging
Technologies
CSSLP - Certified
Secure Software
Lifecycle
Professional
With the CSSLP®
certification from (ISC)²,
your application
security competency
within the software
development lifecycle
(SDLC) will be validated.
You'll not only be seen
as an industry leader in
application security, but
as a leader within your
organization as well. A
status you'll rightly
deserve because you'll
have proven your
proficiency in:
Developing an
application security
program in your
organization
Reducing production
$549 Secure Software
Concepts
Secure Software Design
Secure Software
Requirements
Secure Software
Implementation/Coding –
Secure Software Testing –
Software Acceptance –
Software Deployment,
Operations, Maintenance
and Disposal –
Supply Chain and
Software Acquisition
5. costs, application
vulnerabilities and
delivery delays
Enhancing the
credibility of your
organization and its
development team
Reducing loss of
revenue and reputation
due to a breach
resulting from insecure
software
EC–Council Certified
Security Analyst
(ECSA)
This program is a
comprehensive,
standards-based,
methodology intensive
training program which
teaches information
security professionals to
conduct real life
penetration tests by
utilizing EC-Council’s
published penetration
testing methodology.
Neutral $100
Need for Security Analysis
TCP IP Packet Analysis
Penetration Testing
Methodologies
Customers and Legal
Agreements
Rules of Engagement
Penetration Testing
Planning and Scheduling
Pre-penetration Testing
Steps
Information Gathering
Vulnerability Analysis
External Penetration
Testing
Internal Network
Penetration Testing
Firewall Penetration
Testing
IDS Penetration Testing
Password Cracking
Penetration Testing
Social Engineering
Penetration Testing
Web Application