Information system security certification: Detailed list of certs

There are many information system security certification choices for security pros, IT staff and managers. This list helps you sort out the certs.

Information security professionals in the UK can find plenty of information system security certification courses depending on their particular interest. Both UK and international certifications are available, with topics including risk, audits, forensics, software and other information security areas, as detailed below.

British Computer Society (BCS)/Information Systems Examination Board (ISEB)
The British Computer Society (BCS) is the UK's Chartered Engineering Institution for Information Systems Engineering. The BCS Professional Certifications portfolio, also known as the Information Systems Examinations Board (ISEB), offers certifications around information security.

Offices in Swindon, London and Sri Lanka.
Contact: 01793 417655

Certificate in Information Security Management Principles (CISMP)
This certification is based on ISO 27001 and provides knowledge and understanding of the subject areas that make up information security management. Participants may also be security practitioners who are updating or enhancing their knowledge.

Practitioner Certificate in Business Continuity Management
This certification provides hands-on training in business continuity management using current standards.

Certificate in Data Protection
This course offers certification for anyone working in data protection, incorporating the latest information from the Data Protection Act of 1998.

Practitioner Certificate in Information Risk Management
This certification course uses current international standards and a practical, hands-on approach for participants to add to their knowledge of information security and information assurance.

British Standards Institute (BSI) 
BSI Group is an independent non-profit group that develops standards, certifies systems, devices, products and services, and offers training services.

Based in Milton Keynes.
Contact: 44 (0)845 080 9000 or [email protected]

ISO 27001:2005 Lead Auditor 
This certification is designed for those who want to audit information security management systems (ISMS) in accordance with ISO 27001:2005, along with security auditors and consultants working with ISO 27001:2005 systems.

Internal Auditor - ISO/IEC 27001: 2005 Information Security Management
This qualification is for those who already have an understanding of ISO/IEC 27001:2005. It is suited to managers who are coordinating audit activities and individuals who have been given the responsibility to audit an information security management system.

The Communications-Electronics Security Group (CESG)
CESG is the Information Assurance arm of the UK's GCHQ and the UK government's technical authority for information assurance. CESG offers training and other products and services, mainly to the UK government and armed forces, as well as the public sector and industries that are part of the national infrastructure.

Based in Cheltenham.
Contact: 440 1242 709 141 or [email protected]

CESG Listed Adviser Scheme (CLAS)
This certification course helps participants become consultants to provide information assurance advice and liaison with the public sector, so it is especially helpful for those working with government clients.

CHECK - IT Health Check 
IT Health Check Service (CHECK) members must pass the CHECK Service Assault Course (CSAC), an assessment designed to assess IT security consultants against a skill set baseline of penetration testing. CHECK providers provide IT health check services to the government in line with their policies.

CompTIA offers certifications in several technology areas, including servers, Linux, RFID and their signature A+ certification.

Based in the US, with EMEA office in London.
Contact: 44 (0) 207 330 6060, [email protected]

CompTIA Security+
The CompTIA Security+ certification tests for security knowledge mastery in network security, compliance and operational security, threats and vulnerabilities, application, data and host security, access control and identity management, and cryptography.

Institute of Information Security Professionals (IISP)
The IISP is a non-profit organization that acts as an accreditation authority for the information security industry.

Based in London.
Contact: 44 (0) 8456 123 828, [email protected]

Infosec Training Paths and Competencies (ITPC)
ITPC qualification is designed for information security and assurance professionals working for the UK government and related organisations. ITPC certification is a requirement for CESG Listed Adviser Scheme (CLAS) consultants within two years of earning CLAS membership.

International Council of E-Commerce Consultants
Offices in the U.S., India and Malaysia.
Contact: [email protected]

Certified Ethical Hacker (CEH)
This programme grants certification in ethical hacking, using a vendor-neutral perspective. 

Computer Hacking Forensics Investigator (CHFI)
The training for this certification teaches participants to conduct computer investigations using the latest digital forensics technology.

EC-Council Certified Security Analyst (ECSA)/Licensed Penetration Tester (LPT)
This certification complements the CEH training to add knowledge of the analysis involved in ethical hacking.

EC-Council Network Security Administrator (ENSA)
The ENSA course trains participants in skills to analyze internal and external security threats as well as create protective security policies.

EC-Council Certified Security Specialist (ECSS)
This certification encompasses three areas: information security, network security and computer forensics, offering students the fundamentals in all topics.

EC-Council Certified Security Officer (ECSO)
This certification program trains those in security management roles (CIO, CFO, etc.) for analysis of internal and external threats as well as security policymaking.

ISACA (formerly known as the Information Systems Audit and Control Association) is a global organization that offers certifications, education and more in information systems assurance, control and security, enterprise governance and IT and IT-related risk, and compliance.

Based in the US.
Contact: 1 847 253 1545

Certified Information Systems Auditor (CISA) 
This certification programme is a standard among information systems audit, control and security professionals.

Certified Information Security Manager (CISM)
The CISM programme is designed for experienced information security managers, along with others who have information security management responsibilities, including designing, building and managing enterprise security programs.

Certified in Risk and Information Systems Control (CRISC)
Participants in this certification course are IT professionals who have experience in risk identification, assessment and evaluation, risk response and monitoring, IS control design and implementation, and IS control monitoring and maintenance.

The International Information Systems Security Certification Consortium (ISC)2 is a major certification provider and also offers events and education opportunities.

Based in the US, with offices in London, Hong Kong and Tokyo.
Contact: 44 (0) 203 283 4383

Certified Information Systems Security Professional (CISSP)
Members of this certification group have at least five years of information security experience, and is for those who develop policies and procedures around information security. CISSP concentration areas are architecture (ISSAP), engineering (ISSEP) and management (ISSMP).

Certified Authorization Professional (CAP)
This certification programme is aimed at personnel who authorize and maintain information systems, particularly for formalizing risk, requirement and documentation processes.

Systems Security Certified Practitioner (SSCP)
Participants in this certification course are generally working toward network security engineer, analyst or security administrator positions, and may also be non-security practitioners looking to gain security knowledge.

Certified Secure Software Lifecycle Professional (CSSLP)
The CSSLP certification programme includes instruction on incorporating security into each phase of the software lifecycle, with CSSLP domains including secure software concepts, design, implementation and testing.

SANS Institute
The SANS Institute offers computer security training and certification, and information security research, serving more than 165,000 security professionals globally.

Based in the U.S.
Contact:  1 301 654 7267 or [email protected]

Global Information Assurance Certification (GIAC)
GIAC certifications cover a range of skills, with more than 20 certifications available in different areas. Certifications align with job-based disciplines, with six main topics: security administration, management, legal, audit, software security and forensics.

Read more on Security policy and user awareness