(ISC)2 Certifications Besides CISSP
International Information System Security Certification Consortium (ISC)2 has several other certifications, including some that you may aspire to earn after (or instead of) receiving your CISSP. These certifications are
- Associate of (ISC)2: If you can pass the CISSP or SSCP certification exams but don’t yet possess the required professional experience, you can become an Associate of (ISC)2. Read about this option on the (ISC)2 website.
- CCSP (Certified Cloud Security Professional): This certification on cloud controls and security practices was co-developed by (ISC)2 and the Cloud Security Alliance.
- SSCP (Systems Security Certified Practitioner): This certification is for hands-on security techs and analysts. SSCP has had the reputation for being a “junior” CISSP certification, but don’t be fooled — it’s anything but that. SSCP is highly technical, more so than CISSP. For some, SSCP may be a stepping stone to CISSP, but for others, it’s a great destination all its own.
- CSSLP (Certified Secure Software Lifecycle Professional): Designed for software development professionals, the CSSLP recognizes software development in which security is a part of the software requirements, design, and testing — so that the finished product has security designed in and built in, rather than added on afterward.
- HCISPP (HealthCare Information Security and Privacy Practitioner): Designed for information security in the healthcare industry, the HCISPP recognizes knowledge and experience related to healthcare data protection regulations and the protection of patient data.
- JGISP (Japanese Government Information Security Professional): A country-specific certification that validates a professional’s knowledge, skills, and experience related to Japanese government regulations and standards.
- CAP (Certification and Accreditation Professional): Jointly developed by the U.S. Department of State’s Office of Information Assurance and (ISC)2, the CAP credential reflects the skills required to assess risk and establish security requirements for complex systems and environments.