nonprofit organization created to provide an international standard for
information security practitioners. The (ISC)2 developed both the
SSCP (Systems Security Certified Professional) certification and the CISSP
(Certified Information Systems Security Professional) certification. These
certifications indicate the Common Body of Knowledge (CBK) required by
information security practitioners. Because the SSCP and CISSP certifications
focus on the practices, responsibilities, and roles of information security
practitioners, they are seen as being useful for advancing practitioners’
careers and adding to their credibility.
The CISSP Certification examination has 250 questions and
assesses 10 information systems security domains relating to the CBK (such as
access control systems and methodology; applications and system development;
business continuity planning; cryptography; and law, investigation, and
ethics). On top of the basic CISSP Certification, professionals in good
standing can obtain certifications in one of three concentration areas:
Security Engineering, Security Architecture, and Security Management. The
corresponding certificates are, respectively, ISSEP, ISSAP, and ISSMP.
The SSCP examination has 125 questions and assesses seven
information systems security domains relating to the CBK (such as Access Controls, Administration, Audit and Monitoring, Cryptography, and Response and
Access Control; Administrator; Cryptography or “Crypto”; SANS Institute.
Systems Security Certified Practitioner. About SSCP Certification. [Online,
2004.] ISC2 Website. https://www.isc2.org/cgi-bin/content.cgi?category=20.