Tables to compare the following certifications: Certified Information Systems Security Professional (CISSP), HealthCare Information Security and Privacy Practitioner (HCISPP), Certified Cyber Forensics Professional (CCFP) certification, Certified Secure Software Lifecycle Professional (CSSLP) certification.
The purpose of this case assignment is to describe different types of professional informatics security competencies that are measured by the International Information Systems Security Certification Consortium (ISC)2 standard. Certification also demonstrates that an individual professional meets, accordingly with the standards of an Information Security professional body of knowledge, and has reached a milestone in professional development. By getting certified, Information Security professionals distinguish themselves in an increasingly competitive Security marketplace, expand further career opportunities, knowledge validation, credibility, and competency, and acquire skills and tools to help them make a difference in their community of practice and organization.
(ISC)2 Information Security Certifications
(ISC)Two founded in 1989 and is leading cybersecurity firms that provide education, training, and certification for Information Security Professionals. (ISC)Two possess almost 140,000 members worldwide. Earning and maintaining (ISC)2 credential is not easy. For passing an exam, all applicants must meet the experience requirements, agree to the (ISC)2 code of ethics, application submission, and pay an annual maintenance fee (AMF). Credentials are valid for three years, and endorsements and candidates must earn continuing professional education credits (CPEs) to maintain the credential.
Certified Information Systems Security Professional (CISSP)
CISSP is one of the most difficult and essential certifications offered by (ISC)2to obtain. It helps experienced information security professionals with highly advanced skills in architecting, implementing, designing, maintaining and controlling cybersecurity and programs. The CISSP is valid for three years. To recertify, the applicant must either take the exam or earn 120 continuing professional education (CPE) credits.
To get the CISSP, each applicant must have five years of paid work experience in a minimum of two of the eight common bodies of knowledge (CBK) domains.
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
The CISSP is the only (ISC)2 certification, which offers additional concentrations beyond
The base credential. Currently, there are three available concentrations to discuss.
- Information Systems Security Engineering Professional (CISSP-ISSEP)
- Information Systems Security Management Professional (CISSP-ISSMP)
- Information Systems Security Architecture Professional (CISSP-ISSAP)
Healthcare Information Security and Privacy Practitioner (HCISPP)
HCISPP is all about privacy in healthcare cybersecurity, which basic purpose is to protect personally identifiable information (PII) and personal health information (PHI) and ensuring compliance with various regulations designed to protect the data. The HCISPP is very helpful for any Information Security Professional working to protect personal health information within their firms. HCISPP discusses the roles such as privacy or compliance officer, privacy or security manager, medical records manager, and auditor.
The applicant needs at least two years of professional work experience within the organization before attempting the exam. This experience includes at least one of the HCISPP domains that consist of security, compliance or privacy. Experience in information management or legal may be a substitute for privacy and compliance requirement. Also, the applicant must have a minimum of one year of work experience in the healthcare industry.
The HCISPP Domains are:
- Information Risk Assessment
- Information Governance and Risk management
- Privacy and Security in healthcare
- Healthcare Industry
- Regulatory Environment
- Third-Party Risk Management
Certified Secure Software Lifecycle Professional (CSSLP)
The Certified Secure Software Lifecycle Professional (CSSLP) targets information technology professionals who design and build security into the (SDLC) while all other (ISC)2 certifications focused are only information security. The CSSLPs are those advanced cybersecurity professionals who implement best practices at all phases of the software lifecycle professionals, from initial software design to development to testing to its final deployment.
The CSSLPs professional is usually software engineers, developers, architects, quality assurance professionals, projects and security managers. To earn this credential, the applicant must have a minimum of four years of full time, paid experience working with the SDLC organization and experience in at least one of the CSSLP domains. To maintain the certification, CSSLPs must pay an AMF of $100 and earn ninety CPEs during the renewal cycle.
The CSSLPs domains are:
- Secure Software Design
- Secure Software Implementation/Programming
- Secure Software Testing
- Software Lifecycle Management
- Software Deployment Operations and Maintenance
- Supply Chain and Software Acquisition
- Secure Software Concepts
- Security Software Requirements
Certified Cyber Forensics Professional (CCFP)
The CCFP certification indicates expertise in forensic procedures and techniques, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. CCFP also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response.
The CCFP will be designated an inactive credential August 21, 2020. The credential will remain a recognized (ISC)2 certification until that date. (“(ISC)2,” n.d.)
To take on this challenging credential, IT professionals first need to demonstrate to have a four-year baccalaureate degree plus three years of full-time digital forensics experience. Professionals can substitute additional work experience instead of the degree. Also, the applicant must pass the (ISC)2 exam ($549). If the candidate is holding back due to lack of experience then the applicant can proceed with this credential at the associate level until meeting the professional experience requirements. (Martinez, 2014)
The exam covers the six-knowledge domain of the CCFP
- Legal and Ethical Principles
- Investigation
- Forensic Science
- Digital Forensics
- Application Forensics
- Hybrid and Emerging Technologies
(Martinez, 2014).
(ISC)2 Code of Ethics
All information systems security professionals certified by (ISC)22 agree to support this code of ethics fully. Individuals who intentionally or knowingly violate any provision of the code will be subject to action by a peer review panel, which may result in the revocation of certification.
There are only four mandatory canons in the code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional.
Code of Ethics Canons
- Protect Society, The Commonwealth, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession
(“(ISC)2 Phoenix Chapter,” n.d.)
(ISC)2 Certification Comparison Table
| CISSP | HCISSP | CSSLP | CCFP | |
| Focus | IT Security, Cybersecurity | Healthcare cybersecurity privacy | Software Development lifecycle security | Cyber forensics techniques |
| Roles | CIO/CISOIT directorNetwork architectSecurity managerAuditorAnalystSystems engineerConsultant | Compliance officerInformation security managerPrivacy officerCompliance auditorRisk analystMedical records supervisorIT managerPrivacy & security consultantHealth information managerPractice manager | Software architectEngineerDeveloper Application security specialistSoftware program managerQuality assurance testerPenetration testerSoftware procurement analystProject managerSecurity managerIT directorIT manager | Digital forensics officerIT security managerIT manager |
| Domains | Security and Risk ManagementSecurity Architecture and EngineeringCommunication and Network SecurityIdentity and Access ManagementSecurity Assessment and TestingSecurity OperationsSoftware Development Security | Information Risk AssessmentInformation Governance and Risk managementPrivacy & Security in HealthcareHealthcare IndustryRegulatory EnvironmentThird Party Risk Management | Secure Software DesignSecure Software ImplementationSecure Software TestingSoftware Lifecycle ManagementSoftware Deployment Operations and MaintenanceSupply Chain and Software AcquisitionSecure Software ConceptsSecurity Software requirements | Legal and Ethical PrinciplesInvestigationsForensic ScienceDigital ForensicsApplication ForensicsHybrid and Emerging Technologies |
| Experience Required | Five years in 2 or more of the CISSP domains; experience must have been full time and paid; | Two years in at least one of the HCISPP domains consist of security, privacy & compliance; legal experience may be substituted for privacy, at least one year of experience must be in the healthcare industry | Four years working with the SDLC in one or more of the CSSLP domains, experience must have been full time and paid, education may satisfy some of the experience requirement | Four-year degree leading to a baccalaureate, plus three years of full-time digital forensics experience in three out of the six domains. |
| Exam Details | 1(100-150 questions, 3 hours) | 125 questions, 3 hours | 175 questions, 4 hours | |
| Exam fee | $699 | $599 | $599 | $549 |
| Maintenance | Valid for three years; 120 CPE required to recertify (40 CPEs annually); AMF of $85 | Valid for three years, 60 CPEs required to recertify, AMF of $65 | valid for three years, 90 CPEs required to recertify; AMF of $100 | valid for three years, 90 CPEs required to recertify (with a minimum of 15 earned each year after certification), AMF of $100 |
| Ethical Code | Must Abide (ISC)2 code of ethics | Must Abide (ISC)2 code of ethics | Must Abide (ISC)2 code of ethics | Must Abide (ISC)2 code of ethics |
| Average salary | $109,965 | $93,838 | $143,150 | $68,967 |
Conclusion
Information Security skills are nowadays in higher demand than ever before. However, these days, experience, knowledge, and skills are not enough. Employer want proof; if employees have the proper expertise required. The employer wants to see information security certifications. They want to know that if those information security skills are continually improving to stay up on the latest threats and technology. CISSP is known as the gold standard of the industry in modern time offered by (ISC)2.
References
Petters, Jeff. (2018, August 8). CISM vs. CISSP Certification: Which One is Best for you? Varonis Retrieved on November 18, 2018, from: https://www.varonis.com/blog/cism-vs-cissp/
Isc2chapter-phoenix.org (n.d.) (ISC)2 Code of Ethics. Retrieved on November 18, 2018, from: https://isc2chapter-phoenix.org/index.php/membership/isc-2-code-of-ethics
Isc2.org (n.d.) (ISC)2 Events Code of Ethics. Retrieved on November 18, 2018, from: https://www.isc2.org/policies-procedures/events-code-of-conduct
Isc2.org (n.d.) (ISC)2 Information Security Certifications. Retrieved on November 18, 2018, from: https://www.isc2.org/Certifications
Isc2.org (n.d.) (ISC)2 Code of Ethics. Retrieved on November 18, 2018, from: https://www.isc2.org/Ethics
Kyle, Mary. (2018, September 26). (ISC)2 Certifications Compared: CISSP, SSCP, CCSP, CSSLP, CAP and HCISPP [Web log post]. Retrieved on November 18, 2018, from: https://blog.netwrix.com/2018/09/26/isc2-certifications-compared-cissp-sscp-ccsp-csslp-cap-and-hcispp/
Tittel, Ed (2018, May 10). (ISC)2+ Certification Guide: Overview and Career Paths, Business News Daily,Retrieved on November 18, 2018, from: https://www.businessnewsdaily.com/10727-isc-2-certification-guide.html
Isc2.org (n.d.) Certified Cyber Forensics Professional. Retrieved on November 18, 2018, from: https://www.isc2.org/Certifications/CCFP
Martinez, Anne. (2014, October 27). Eight Top Certifications to help you dig deep into digital forensics, GoCertify, Retrieved on November 18, 2018, from: http://www.gocertify.com/articles/eight-top-certifications-to-help-you-dig-deep-into-digital-forensics.html
Gocertify.com (n.d.) Certified Cyber Forensics Professional(CCFP) . Retrieved on November 18, 2018, from: https://www.isc2.org/Ethics
youracclaim.com (n.d.) Certified Cyber Forensics Professional – European Union (CCFP-EU). Retrieved on November 18, 2018, from: https://www.youracclaim.com/org/isc2/badge/certified-cyber-forensics-professional-european-union-ccfp-eu
Isc2.org (n.d.) Computer-based Testing Candidate Examination Agreement. Retrieved on November 18, 2018, from: https://www.isc2.org/-/media/5EF2697BC3D24D7899041D4F9F4FC706.ashx
