(ISC)2 Certification Guide: Overview and Career Paths
The International Information Systems Security Certification Consortium, Inc., or (ISC)2, is a highly respected, not-for-profit organization that provides security-related education and vendor-neutral certifications. (ISC)² was formed in 1989 as a consortium between the Special Interest Group for Computer Security (SIG-CS) and several other organizations whose goal was to standardize a vendor-neutral security certification program. Today, (ISC)² is based in the United States with offices in London, Hong Kong, and Tokyo, and attracts members from more than 135 countries. The core of each (ISC)² certification program is the Common Body of Knowledge (CBK), which is a framework for defining industry standards and security principles.
The organization is perhaps best known for its top-tier Certified Information Systems Security Professional (CISSP) credential. Of the roughly 90,000 certifications that (ISC)2 has granted to professionals around the world, the majority of those certifications are the CISSP credential. (ISC)2 also offers the SSCP, CAP, CSSLP, CCFP, and HCISPP, an Associate of (ISC)2, and three CISSP concentrations.
The typical (ISC)2 certification ladder begins with the SSCP. If you pass the SSCP exam but don’t have the required work experience, you are granted the Associate of (ISC)2 credential. (The same applies if you pass the CAP, CSSLP, CCFP, or CISSP exam.) However, candidates who achieve the SSCP generally move on to the CISSP, and then specialize in security architecture (CISSP-ISSAP), security engineering (CISSP-ISSEP), or security management (CISSP-ISSMP).
(ISC)2 certifications are considered career-boosters, and can pay off financially. According to the 2013 (ISC)2 Global Information Security Workforce Study, (ISC)2 members earn 23% more, on average, than their non-certified counterparts.