Other Cyber and InfoSec Qualifications

Aside from ISC2 there are other qualifications for Cyber/InfoSec holistic and specific:

            Information Systems Audit and Control Association (ISACA) 

The Information Systems Audit and Control Association (ISACA) was founded in the United States in 1969 as the EDP Auditors Association. It is an international association of professionals involved in information systems audit, control, quality assurance and security, is well known for the computer audit qualification CISA and has chapters all-round the globe.  Some qualifications include:


            Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your IT audit experience, skills and knowledge.

            Certified Information Security Manager (CISM) 

The CISM certification program is developed for experienced information security managers and those who have information security management responsibilities. It is for security professionals who manage, design, oversee and/or assess an enterprise’s information security. The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. 

             Certified in the Governance of Enterprise IT (CGEIT)

CGEIT recognizes a range of professionals for their knowledge and application of enterprise IT governance principles and practices. CGEIT provides you the credibility to discuss critical issues around governance and strategic alignment based on your recognized skills, knowledge and business experience. The recent quarterly IT Skills and Certifications Pay Index (ITSCPI) from Foote Partners ranked CGEIT among the most sought-after and highest-paying IT certification

               Certified in Risk and Information Systems Control (CRISC)

CRISC (pronounced “see-risk”) is the only certification that positions IT professionals for future career growth 
by linking IT risk management to enterprise risk management, and positioning them to become strategic partners to the business. The recent quarterly IT Skills and Certifications Pay Index (ITSCPI) from Foote Partners 
ranked CRISC among the most sought-after and highest-paying IT certifications.

More information about the CISM qualification can be found at www.isaca.org 

                SANS Institute 

The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organisation. It enables more than 165,000 security professionals, auditors, system administrators, and network administrators to share the lessons they are learning and find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. 

                 Global Information Assurance Certification (GIAC) 

The SANS Institute founded GIAC in 1999 in response to the need to validate the skills of security professionals. SANS training and GIAC certifications address a range of skill sets including entry level Information Security Officer and broad based Security Essentials, as well as advanced subject areas like Audit, Intrusion Detection, Incident Handling, Firewalls and Perimeter Protection, Forensics, Hacker Techniques, Windows and Unix Operating System Security. GIAC is unique in measuring specific skill knowledge areas instead of general purpose security knowledge. 

More information about SANS and GIAC can be found at www.sans.org andwww.giac.org 

                 International Register of Certificated Auditors (IRCA)

IRCA was formed in 1984 as part of the UK government's enterprise initiative, designed to make industry and business more competitive, through the implementation of quality principles and practices. This structure included IRCA, an accreditation body (now UKAS), a national standards making body (BSI Standards) and a number of commercial certification bodies. The IRCA is the world's original and largest international certification body for auditors of management systems. 

                   Information Security Management Systems (ISMS) Auditor 

IRCA offers five grades of certification, and most auditor’s progress from provisional auditor to the auditor grade and then to either lead or principal grades (these last two are considered the most advanced grades). 

More information about the IRCA Auditor certifications can be found at: www.irca.org 

                   British Standards Institute (BSI) 

Founded in 1901, BSI Group is a leading business services provider to organisations worldwide. They provide independent certification of management systems and products; product testing services; the development of private, national and international standards; performance management software solutions; management systems training and information on standards and international trade. 

Internal auditor 27001 

This certification is aimed at personnel who already have an understanding of ISO/IEC 27001:2005. It is suited to managers who are co-ordinating audit activities and individuals who have been given the responsibility to audit an Information Security Management System. 

                  Lead auditor 27001 

This is the ideal certification for those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2005, as well as existing security auditors who wish to expand their auditing skills and for consultants who wish to provide advice on ISO 27001:2005 systems certification. 

More information about the BSI certifications can be found at: www.bsigroup.co.uk 

                 Cabinet Office - Central Sponsor for Information Assurance (CSIA) 

The CSIA is a unit of the UK Government's Cabinet Office and works with partners in the public and private sectors, as well as its international counterparts, to help safeguard the nation's IT and telecommunications services. The CSIA provides a central focus for information assurance in promoting the understanding that it is essential for government and business alike to maintain reliable, secure and resilient national information systems. 

                 InfoSec Training Paths and Competencies (ITPC) 

ITPC qualifications offer recognised formal training and development for IT security professionals working for the UK government and related organisations. The scheme develops and supports InfoSec core competency profiles for key security roles within UK government and related sectors. ITPC is the ‘recommended qualification’ for CESG Listed Adviser Scheme (CLAS) consultants undertaking work for government clients. 

More information about the ITPC qualification can be found at: www.cabinetoffice.gov.uk 

               Communications-Electronics Security Group (CESG).

CESG is the Information Assurance (IA) arm of GCHQ. CESG offers a range of products and services including technical consultancy and advice, policy documentation, product evaluation and training, primarily to UK government and the armed forces, the wider public sector, and industries forming part of the Critical National Infrastructure. 

                 CESG Listed Adviser Scheme (CLAS) 

CLAS is a partnership linking the unique Information Assurance knowledge of the CESG with the expertise and resources of the private sector. CLAS consultants are approved to provide Information Assurance advice on systems processing protectively marked information up to, and including, SECRET. The Scheme offers a marketing edge for consultants in their dealings with both Government and non-Government clients. 

                 CHECK - IT Health Check (penetration testing)

To become a CHECK Team Leader you will need to pass the CHECK Service Assault Course (CSAC) which is a rigorous assessment designed to assess IT security consultants against a skill set baseline of practical penetration testing. The CSAC can only be taken by security professionals working for a CHECK approved service provider. CHECK candidates are hard to secure at both CTL-CHECK Team Leader and CHECK Team Member levels

More information about CLAS and CHECK can be found at: www.cesg.gov.uk/

                 CREST (penetration testing)

CREST is a not for profit organisation that serves the needs of a technical information security marketplace that requires the services of a regulated professional services industry.

CREST represents the technical information security industry by:

offering a demonstrable level of assurance of processes and procedures of member organisationsvalidating the competence of their technical security staffproviding guidance, standards and opportunities to share and enhance knowledgeproviding technical security staff recognised professional qualifications and those entering or progressing in the industry with support with on-going professional development

CREST provides organisations wishing to buy penetration testing services with confidence that the work will be carried out by qualified individuals with up to date knowledge, skill and competence of the latest vulnerabilities and techniques used by real attackers.  All examinations used to assess individuals have been reviewed and approved by GCHQ, CESG.

For more information visit: http://www.crest-approved.org/

              Tiger Scheme (penetration testing)

The Senior Level Tiger Scheme assessment for infrastructure vulnerability analysis has been recognized by CESG, as the National Technical Authority for Information Assurance in the UK, as technically equivalent to the level required for CHECK Scheme Team Leaders. The senior level assessment, once passed, will be accepted as such by CHECK companies and elsewhere. The qualification lasts for three years, after which the candidate must re-sit and pass all elements of the assault course.


A similar level of recognition applies for the qualified assessment, and is accepted as the basis of CHECK Team Member status, subject to the assessment having been supervised by a current CHECK Team Leader. Where this is not the case, exactly the same requirements apply to the candidate, and the qualification maps directly into the commercial arena.

For more information visit: www.tigerscheme.org/

International Council of Electronic Commerce Consultants (EC-Council) 

The EC-Council is a member supported professional organisation. The purpose of the EC-Council is to support and enhance the role of individuals and organisations who design, create, manage or market e-Business solutions. 

                Certified Ethical Hacker (CEH) 

The CEH program certifies individuals in the specific discipline of ethical hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. This is a more junior penetration testing qualification to the above.

More information about the CEH and other qualifications offered by the EC-Council can be found at www.eccouncil.org 

CompTIA Certification UK 

CompTIA certification programs are the recognised industry standards for foundation-level information technology IT skills. Best known for the A+ certification, CompTIA offers many certifications in key technology areas. Many of the certifications are electives or prerequisites toward advanced certifications, such as Microsoft's MCSA and Novell's CNE. 

              CompTIA Security+ 

The CompTIA Security+ certification tests for security knowledge mastery of an individual with two years on-the-job networking experience, with emphasis on security. The exam covers industry-wide topics, including communication security, infrastructure security, cryptography, access control, authentication, external attack and operational and organisation security.