In a previous post I talked about the value of certifications in the information security industry.  As a result of that post a number of people asked me what certifications are available?  Luckily I previously compiled a list of certifications for a study group run by ENISA (the European Network and Information Security Agency).  So if you are looking to get certified in the information security field please find below a list of available certifications and where you can get more information.  Note that the list has been categorised into three sections;More...

  1. Knowledge Based – Certifying an individuals knowledge and skills
  2. Organisational Based – Certifying that an organisation has reached certain standards
  3. Product Based – Certifying that a product or system has been accredited at a certain standard

If there are more certifications that are relevant and not included, or if any of the links are incorrect please let me know by posting a comment. 

Knowledge Based

Computer Associates
Computer Associates Certified eTrust Specialist (CACES)

Computer Security Incident Handler (CSIH)

Cisco Certified Security Professional (CCSP)
Cisco Advanced Security Field Specialist
Cisco Firewall Specialist
Cisco IPS Specialist
Cisco Security Sales Specialist
Cisco Security Solutions and Design Specialist
Cisco VPN Specialist
Cisco VPN/Security Sales Specialist

Certified Internet Web
CIW Security Analyst
CIW Security Professional

CompTIA Security+

Global Information Assurance Certification (SANS)
GIAC, various
GIAC Security Essentials Certification (GSEC)

GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Windows Security Administrator (GCWN)

GIAC Certified UNIX Security Administrator (GCUX)
GIAC Information Security Officer (GISO)
GIAC Systems and Network Auditor (GSNA)
GIAC Security Leadership Certificate (GSLC)
GIAC IT Security Audit Essentials (GSAE)
GIAC Gold Standard Certificate (GGSC-0100)

Information Systems Audit and Control Association (ISACA)
Certified Information System Auditor (CISA)
Certified Information Security Manager (CISM)

International Information Systems Security Certification Consortium (ISC2)
Certified Information Systems Security Professional (CISSP)
Systems Security Certified Practitioner (SSCP)
Certification and Accredication Professional

CISSP Concentrations
ISSEP®: Information Systems Security Engineering Professional
ISSAP®: Information Systems Security Architecture Professional
ISSMP®: Information Systems Security Management Professional

International Organisation for Standardisation
ISO 27001:2005- Lead Auditor Course

Microsoft Certified Systems Engineer: Security (MCSE: Security)

Ethical Hacker
Computer Hacking Forensic Investigator
Licensed Penetration Tester
Certified Network Defence Architect
Network Security Administrator

Certified Security Analyst
Certified Secure Programmer and Certified Secure Application Developer

Security 5

Disaster Recovery Institute International
Associate Business Continuity Professional
Certified Functional Continuity Professional
Certified Business Continuity Professional
Master Business Continuity Professional

The International Society of Forensic Computer Examiners
Certified Computer Examiner

Critical Infrastructure Institute
PCIP (Professional in Critical Infrastructure Protection)

Security University
Security University Software Security Engineer Certification

The Association of Certified Fraud Examiners
Certified Fraud Examiner
Certified Security Compliance Specialist

Learning Tree
Network Security Certified Professional
Enterprise and Web Security Certified Professional

High Tech Crime Network
Certified Computer Crime Investigator [Advanced]
Certified Computer Crime Investigator [Basic] Certified Computer Forensic Technician [Basic] Certified Computer Forensic Technician [Advanced]

Espionage research Institute
Certified Counterespionage & Information Security Manager

Certified Electronic Evidence Collection Specialist Certification
Certified Forensic Computer Examiner Certification

eBusiness Process Solutions
Certified Cyber-Crime Expert (C3E)

Cyber Enforcement Resources Inc.
Basic Internet Investigation
Intermediate Internet Investigation

Advanced Internet Investigation

Cyber Security Institute
CyberSecurity Forensic Analyst (CSFA)
CyberSecurity Institute Certified Instructor (CSICI)

Field Certified™ Security Specialist (FCSS™)

Security Certified Program
Security Certified Network Professional (SCNP)
Security Certified Network Architect (SCNA)

Security for Business (S4B)
SCNP — Security Certified Network Professional
SCNA — Security Certified Network Architect

The CWSP® (Certified Wireless Security Professional) certification

SPS – Symantec Product Specialist
STA – Symantec Technology Architect

SCSE – Symantec Certified Security Engineer
SCSP – Symantec Certified Security Practitioner

RSA Certified Security Professional
RSA SecurID Certified Administrator (RSA SecurID CA)
RSA Certified Instructor (RSA/CI)

RSA Certified Systems Engineer (RSA/CSE)

TICSA Professional Certification


MCSE: Security on Microsoft Windows Server 2003
MCSA: Security on Microsoft Windows Server 2003

ITIL Certifications for Individuals
ITIL Foundation Level Certification
ITIL Practioner Level Certification
ITIL Management Level Certification

Technology/Product Certification

Verified By Visa, Payment Card Industry (PCI) Data Security Standard


American Institute of Certified Public Accountants (AICPA)
SysTrust, WebTrust


BITS Financial Services Roundtable
BITS Products Certification (based on CC)

ITSEC JIL (joint interpretation library)
CC (ISO 15408); CCEVS (US),

Certified Senders Alliance

Trust Site Seal, Verified Domain, GeoCode

ICSA Labs Product Certification

Institute of Electrical and Electronic Engineers (IEEE)
Wireless security standards 802.1x

Internet Engineering Task Force (IETF)
Public-Key Infrastructure Exchange (PKIX), Public Key Cryptography Standards (PKCS)

NSS Labs
NSS Approved, NSS Gold, NSS Tested

SiteAdvisor (automatic website rating)

various; see link (note site is in German)


VeriSign Secured Seal

Virus Bulletin
VB100% award

International Telecommunication Union (ITU)

Center for Internet Security
CIS Certified Security Software Products

Enterprise Certification
Business partner Certification

Application Certification
Perimeter Certification

Organisational Certifications

American Society for Industrial Security (ASIS)
CPP — Certified Protection Professional

Bundesamt für Sicherheit in der Informationstechnik (BSI)

Prosoft Learning Corporation
CIW Security Analyst

International Organisation for Standardisation (ISO)
ISO27001, ISO 13335, ISO17799
ISO 20000 IT Service Management Standard (has controls for security and business continuity)
ISO/TR 13569:2005 – Financial services — Information security guidelines

Information Systems Security Association (ISSA)
Generally Accepted Information Security Principles (GAISP)

International Systems Security Engineering Association (ISSEA)
Systems Security Engineering Capability Maturity Model (SSE-CMM) = ISO 21827

ITIL Security Management
Note that organisations cannot be certified against ITIL as ITIL is not a standard but a Framework

National Institute of Standards and Technology (NIST)
NIST 800-53, NIST 800-40, 800-14
NIST Special Publication 800-37 – Guide for the Security Certification and Accreditation of Federal Information Systems

Security Certified Program
Security Certified Program

Information Security Forum (ISF)
Standard of Good Practice for Information Security

Chartered Accountants of Canada (CICA)
ITCG: Information Technology: Control Guidelines 1998

ITSEC or Common Criteria formal evaluation and certification
CLAS and the ITPC Qualification

Webtrust, Systrust

About the Author: bhimport

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields