Rundown of the top vendor-independent security certifications

Security certifications are hot. While some IT accreditation paths have cooled, others are attracting attention. In many cases, the accreditations drawing uncommon interest are security-related.

Microsoft offers security-focused versions of its Microsoft Certified Systems Administrator and Microsoft Certified Systems Engineer accreditations, while Cisco offers a security version of its CCIE certification. Still others--including CompTIA, the International Information System Security 2 (ISC)2, the Global Information Assurance Certification (GIAC) and the Security Certified Program--all offer popular security accreditations.

Here's a rundown of the top vendor-independent security certifications.

CompTIA Security+

Candidates seeking CompTIA Security+ certification need pass only a single (SY0-101) exam. The CompTIA exam, consisting of 100 questions, tests candidates' security expertise in five areas:

• Security Concepts
• Communication Security
• Infrastructure Security
• Basics of Cryptography
• Operational/Organizational Security.

General security concepts tested include knowledge of authentication protocols, common vulnerabilities and attack strategies and social engineering risks. Communication security issues candidates must master include remote access security technologies and e-mail security, as well as strategies for hardening wireless networks. Infrastructure topics covered include firewall, router, switch, modem, VPN and telecom security, issues associated with protecting such media as common Ethernet cabling and intrusion detection strategies.

CompTIA’s Security+ exam also explores cryptography. Candidates must demonstrate knowledge of common cryptographic algorithms, digital signatures, and public key policies.

The Security+ test also covers operational and organization security issues. From protecting backup data to designing effective security policies and implementing effective incident response strategies, candidates must prove a wide range of operational and organizational security expertise.

The Security+ exam is well known. In fact, the certification is so well respected that Microsoft accepts Security+ certification as credit toward its MCSE and MCSA certifications (eliminating the requirement for candidates to pass other exams).

(ISC)2 - SSCP and CISSP

The International Information Systems Security Consortium, known as (ISC)2, maintains what it calls the (ISC)2 CBK. The so-called Common Body of Knowledge tracks best practices for securing information technology. The (ISC)2 awards four certifications: CISSP, SSCP, CAP and Associate of (ISC)2.

The Certification and Accreditation Professional, or CAP credential, is a little different than traditional certifications. The CAP certification measures ones understanding of the certification process and targets those IT professionals who must determine processes for assessing security vulnerabilities and implement security protections. In addition to testing knowledge of certification’s purpose, CAP candidates must demonstration knowledge of the certification and accreditation processes and post-certification monitoring.

The Systems Security Certified Practitioner (SSCP) certification targets IT professionals responsible for network or systems security. The SSCP tests a candidate’s knowledge in seven areas: access controls, analysis and monitoring, cryptography, networks and telecommunications, malicious code, risk, response and recovery and security operations and administration.

The CISSP certification is aimed at IT managers seeking executive-level security positions. The CISSP exam tests candidates’ knowledge of (ISC)2’s 10 CBKs: access control, application security, business continuity and disaster recovery planning, cryptography, information security and risk management, legal, regulations, compliance and investigations, operations security, physical security, security architecture and design and telecommunications and network security.

The Associate of (ISC)2 status, meanwhile, targets those IT professionals who possess the expertise required to earn CISSP or SSCP accreditation but don’t boast commensurate years of practical field experience. SSCP candidates are expected to have one year of security field experience, while those sitting for the CISSP credential are expected to possess four years of such practical experience (although a Master's Degree in Information Security from a National Center of Excellence subtracts one year from that requirement). SSCP and CISSP candidates must also pass professional, criminal and background history checks.

GIAC--GISF and GSEC

The Global Information Assurance Certification arm of the SANS Institute exists to confirm real-world information technology skills. The organization maintains some 19 security-focused and job-specific certificates and certifications.

GIAC certifies candidates in five subject areas (including Security Administration) and at several levels (including Silver, Gold and Platinum). The organization offers both certificates and certifications. Certificates typically are based on material covered in a one- or two-day SANS training course and encompass a single exam. Certifications, however, tend to be based on weeklong courses and usually require passing two exams that require renewal every four years.

The entry-level GIAC security accreditation--the GIAC Information Security Fundamentals (GISF)--targets IT managers, security officers and administrators. The exam measures candidates’ understanding of the threats that challenge information resources and tests the ability to identify best security practices.

The next highest GIAC security accreditation is the Security Essentials Certification (GSEC), which targets such technology professionals as hands-on managers, staff new to the field and others. The two exams test security essentials and helps ensure individuals possess solid baseline security knowledge.

Additional GIAC security certifications include the Certified Firewall Analyst (which confirms the knowledge, skills and abilities required to design, configure and monitor routers, firewalls and other perimeter devices), the Certified Intrusion Analyst (which gauges one’s knowledge configuring and monitoring intrusion detection systems), Certified Incident Handler (which confirms the candidate’s ability to manage incidents and attacks) and Certified Forensics Analyst (which measures one’s ability to effective manage formal forensic investigations).

Security Certified Program--SCNP

The Security Certified Network Professional (SCNP) certification is maintained by the Security Certified Program (SCP). SCP develops and maintains its vendor-neutral certifications with the goal of awarding accreditations that measure real-world security skills.

In order to sit for the SCNP exam, candidates must first earn Security Certified Network Specialist (SCNS) standing. SCNS certification requires than an IT professional pass the organization’s Tactical Perimeter Defense (TPD) exam that tests network defense fundamentals, advanced TCP/IP use, configuring routers and access control lists, firewall and VPN design and configuration and intrusion detection system administration.

To earn SCNP accreditation, candidates must pass the Strategic Infrastructure Security (SIS) exam. The SIS test measures candidate’s understanding of cryptography, Linux and Windows hardening, ethical hacking, risk analysis, security policies and other facets of Inernet security. Recertification is required every two years.

Summary

As with any certification, these security certifications provide baseline measurements of an individual’s knowledge, skills and expertise. IT certifications should not be interpreted as indicating the holder mastered each of the technologies covered, as even veterans boasting years of field experience rarely master every facet of a specific discipline.