Information Security Career Fields

Certified Info-Systems Security Professional (CISSP)

The Certified Information Systems Security Professional (CISSP) is a certification for information security professionals. This certification is obtained through the International Information Systems Security Certification Consortium (ISC)2 for the purpose of recognizing individuals who have distinguished themselves as an experienced, knowledgeable, and proficient information security practitioner. The CISSP certificate also provides a means of identifying those persons who subscribe to a rigorous requirement for maintaining their knowledge and proficiency in the information security profession.

Certification is awarded to those individuals who achieve a prescribed level of information security experience, comply with a professional code of ethics, and pass a rigorous examination on the Common Body of Knowledge of information security. In order to maintain currency in the field, each CISSP must be re-certified every three years by participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Common Body of Knowledge, and service in professional organizations.

ISSA endorses the Certified Information Systems Security Professional (CISSP) certification provided by (ISC)² as the certification for the Information Security Professional.


Certified Internal Auditor (CIA)

The Institute of Internal Auditors (IIA) also offers Certified Internal Auditor (CIA) certification which requires candidates to master their ability to identify risks, examine alternative remedies, and prescribe the best initiatives to control these risks. CIAs master auditing standards and practices as well as management principles and controls, information technology, and emerging strategies to improve business and government. CIAs learn the best ways to manage business. The CIA exam tests a candidate’s knowledge and ability regarding the current practice of internal auditing. It enables candidates and prospective managers to adapt to professional changes and challenges by:

  • Addressing nearly all management skills. Focusing on the principles of management control.
  • Measuring a candidate’s understanding of risk management and internal controls.


Certified Business Continuity Professional (CBCP)

DRII’s CBCP certification is reserved for individuals who have demonstrated their knowledge and experience in the business continuity / disaster recovery industry. The CBCP level is designed for an individual with a minimum of two years of experience as a business continuity/disaster recovery planner.


Certification in Control Self-Assessment (CCSA)

The Certification in Control Self-Assessment (CCSA) is Institute of Internal Auditor’s first specialty certification and second certification to be offered by the Board of Regents in the history of the Institute of Internal Auditors. The new CCSA certification program will identify the skill sets needed by successful CSA practitioners, measure proficiency in CSA, and provide guidance for CSA initiatives.

To receive the CCSA designation, professionals must satisfy educational and professional work experience requirements and successfully complete an exam designed to test an individual’s proficiency in control self-assessment.

The first CCSA exam will be offered in early 1999. This will be a computer-based exam offered on demand at numerous facilities around the United States and Canada.


Associate Business Continuity Professional (ABCP)

The Associate Business Continuity Planner (ABCP) or Associate level, is for individuals with at least a specified minimum level of knowledge in business continuity/disaster recovery planning, but who have not yet attained the two years of experience required for CBCP. Individuals can also qualify if they work in positions related to–but not actually in–business continuity/disaster recovery planning.


Associate Computing Professional (ACP)

The ACP designation was developed to validate an individual’s knowledge of the general computing industry and specific programming language skills. The Institute for Certification of Computing Professionals’ (ICCP) exams allow candidates to test themselves against the industry’s Common Body of Knowledge as established by the Test Councils of the ICCP. Additionally, the ICCP assists in identifying specific strengths within the candidate’s area of expertise.


Master Business Continuity Professional (MBCP)

The Master Business Continuity Professional (MBCP) or Master level, targets an individual with a minimum of five years of experience as a business continuity/disaster recovery planner. In addition, the MBCP must attain a higher score on the CBCP Examination, and either successfully complete a case-study examination or complete a directed research project and paper.

An additional prerequisite for the CBCP and MBCP certification levels is the demonstration of proficiency in a specific number of Subject Areas of the Professional Practices for Business Continuity Planners. For more information, see the Disaster Recovery Institute International Website.

Certified Computing Professional (CCP)

The CCP certification has replaced three designations previously conferred by the Institute for Certification of Computing Professionals:

  • CDP – Certificate in Data Processing
  • CCP – Certified Computer Programmer
  • CSP – Certified Systems Professional

The CCP designation is conferred upon anyone who:

  • Passes the examinations
  • Meets the experience requirement
  • Signs a document agreeing to comply with the ICCP Codes of Ethics, Conduct and Good Practice


Certified Information Systems Auditor (CISA)

The CISA designation is awarded by the Information Systems Audit and Control Association to those individuals with an interest in information systems auditing, control, and security who have met and continue to meet specific requirements.

To earn and retain the CISA designation, CISAs are required to:

  • Successfully complete the CISA Examination
  • Adhere to the Information Systems Audit and Control Association’s Code of Professional Ethics
  • Submit evidence of a minimum of five (5) years of professional information systems (IS) auditing, control or security work experience. Substitution and waivers of such experience applies
  • Adhere to a continuing education program


Certified Fraud Examiner (CFE)

The Association of Certified Fraud Examiners is a professional, international organization with 25,000 members. Since 1988, the Association has been dedicated to educating and certifying qualified individuals (Certified Fraud Examiners) in the highly specialized aspects of fraud detection and prevention. The diverse membership of the Association includes auditors, accountants, fraud investigators, loss prevention specialists, attorneys, educators, criminologists, and other anti-fraud professionals.

The Association is the recognized international source of fraud information, the Association researches and develops fraud-related training programs on a variety of topics while presenting more than 50 national and international seminars per year. Identified as “the premier financial sleuthing organization” by The Wall Street Journal, the Association has also been cited for its efforts against white-collar crime by U.S. News & World Report, The New York Times, Fortune, ABC-TV’s Nightline and 20/20, and CBS News’ 60 Minutes.

The Certified Fraud Examiner program is an accrediting process for individuals with the specialized skills to detect, investigate, and deter fraud. Certified Fraud Examiners have the expertise to resolve allegations of fraud from inception to disposition, gather evidence, take statements, write reports, testify to findings, and assist in the prevention and detection of fraud. Before applying to become a CFE, candidates must first become Associate Members of the Association of Certified Fraud Examiners. Further requirements include the equivalent of a bachelors degree from a recognized institution of higher learning, two years of professional experience related directly or indirectly to the detection and deterrence of fraud, and successful completion of the Uniform CFE Examination.


Control Self-Assessment (CSA)

CSA Qualification is offered by the Institute of Internal Auditors. Candidates must complete 54 CPD hours in the following manner: 18 CPD hours for Introduction to Control Self-Assessment; 18 CPD hours for either Value-Added Business Controls: The Right Way to Manage Risk or Evaluating Internal Controls: A COSO-Based Approach; and 18 CPD hours for either Assessing Risk: A Better Way to Audit or CSA Facilitation Techniques for Auditors.


Certified Protection Professional (CPP)

For years the world has recognized a need for competent professionals who can effectively manage complex security issues that threaten people and the assets of corporations, governments, and public and private institutions. As the emphasis on protecting people, property, and information increases, it has strengthened the demand for professional managers. To meet these needs, the American Society for Industrial Security (ASIS) International administers the Certified Protection Professional (CPP) program. More than 8,000 professionals have earned the designation of CPP. This group of professionals has demonstrated its competency in the areas of security solutions and best-business practices through an intensive qualification and testing program. As a result, these men and women have been awarded the coveted designation of CPP, and are recognized as proven leaders in their profession.

The CPP designation identifies professionals as dedicated to the security profession and recognizes their ability to perform to exemplary standards. Ask a Certified Protection Professional “why?” and they’ll tell you that the certification process is one of the single most important steps you can make in career development. What does certification mean to you?

  • The CPP demonstrates your commitment to the profession.
  • The CPP establishes professional credentials.
  • The CPP prepares you for greater on-the-job responsibilities.
  • The CPP improves skills and knowledge.
  • The CPP improves career opportunities and advancement.
  • The CPP provides for greater earnings potential.
  • The CPP offers greater professional recognition from peers.
  • The CPP enhances the profession’s image.
  • The CPP reflects achievement.


Certified Information Security Manager (CISM)

The CISM is ISACA’s next generation credential and is specifically geared toward experienced information security managers and those who have information security management responsibilities. CISM is designed to provide executive management with assurance that those earning the designation have the required knowledge and ability to provide effective security management and consulting. It is business-oriented and focuses on information risk management while addressing management, design and technical security issues at a conceptual level. While its central focus is security management, all those in the IS profession with security experience will certainly find value in CISM.

For more information, see the Information Systems Audit and Control Association Website.
Local Colleges Offering Information Technology Courses

  • Northwestern University
  • Depaul University
  • John Marshall College
  • Loyola University
  • Moraine Valley College (CSSIA)
  • Wright College