While we understand that experience is one of the most valuable assets behind a quality information security candidate, there are many industry specific qualifications and certifications that are becoming more important in the information security world. Practical, hands-on experience has previously been a sufficient basis on which to employ someone and is still seen as the most important factor when hiring a new member of staff. However, as the industry continues to develop and the IT security recruitment market becomes more buoyant, more hiring managers are requesting these security certifications particularly for those working in entry and mid-level positions.

The range of qualifications and certifications available to IT Security professionals has increased over recent years. Here are some of the most popular qualifications offered by the different examination boards, government bodies and universities (for more details on each subject, click on the necessary hyperlink):

SANS Institute

Sans is well known for training information security professionals internationally. They specialise in giving a hands-on, intensive style of training that enable their participants to master the practical skills required to defend systems and networks. Their programmes have been running for over 20 years and take on 15,000 people every year. Through a rigorous process involving a wide range of security professionals, they have created a variety of courses that are immediately applicable once back in the office.

• GIAC; SANS developed the Global Information Assurance Certificate qualification in 1999 and it has grown to provide more than 20 job-specific courses for security professionals. It offers real experience and practical ability that is relevant to your needs. A wide breadth of skills is covered by the different courses and the certification stands for 4 years.

BSI Group

BSI are the leading providers of standard based solutions for more than 140 countries, publishing around 2000 last year. The department of trade estimated that standards contribute £2.5bn to the UK economy. BSI is the leading group in this sector, and offers some specific information risk management training courses to improve the quality of your work and to provide qualifications that validate your experience.

• ISO 27001 Registered Auditor; As one of BSI's most accessible qualifications, the course is intended to improve the team's performance and benefit the business as a whole by increasing the value and relevance of your audit programme. The benefits of the offering can be made appropriate to your business, as well as leading to a greater effectiveness of your corporate governance. In addition, this course helps you to stay up-to-date with the latest developments in the information security industry.
• ISEB Practitioner in IRM; Designed especially for IT security professionals, you can learn how to develop systems that are in line with BSI standards and comply with UK and international legislations. Valuable for any company hoping to improve their ISMS (Information Security Management Systems).
• ISEB Risk Management Principles; Earn recognition with an ISEB certificate and find out about the latest information on ISMS to keep your company aware of any developments. Also helpful for any security professionals looking to better their risk assessment and management.

EC Council - International Council of Electronic Commerce Consultants

After concerns about the possibility of a cyber war, triggered by the events of September 11th, the International Council of Electronic Commerce Consultants was formed to tackle what was a serious deficiency in suitable information security. This involved many experts across the globe collating to create standards and qualifications in the e-commerce and information security space. The organisation has grown to such a high level that it has been endorsed by the US federal government, featured in the most highly acclaimed media publications, and has even created its own university. Listed are two of their better known qualifications, but many more can be found on their website.

• Certified Ethical Hacker; Aims to enhance the theoretical and practical abilities of security officers, auditors, site administrators, and more broadly any security professionals interested in network defence systems. Using the same tools as a malicious hacker, the course enables you to unearth any weaknesses or vulnerabilities in a system.
• EC-Council Certified Security Specialist; A two day course for anyone interested in learning the fundamentals of information security, network security, and computer forensics.

CESG

Is the government's authority on information assurance. In being part of the public sector it develops information assurance policy and provides guidance. As well as putting on events, giving product evaluation and providing technical consultancy and advice, CESG also offers training and courses for those looking to gain qualifications.

• CLAS (CESG Listed Adviser Scheme); With increasing fears about threats to information systems, CESG has responded to a demand for people seeking reliable Information Assurance advice. To do this it links the knowledge of CESG with the expertise of the private sector. Customers for this course can become CLAS consultants, who will be able to respond to this demand with high quality advice directed at public sector organisations such as government departments.
• CHECK Team Member/CHECK Team Leader; IT health checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. CESG offers two variations of this, either a team member or a team leader.

CREST

The Council for Registered Ethical Security Testers offer certifications for organisations and individuals that provide penetration testing services in the global information security arena. For the individual, they can supply current and constructive training which can lead to a certification that helps you to prove commitment and capabilities.

• CREST Certified Tester; The CREST Certified Tester examination is the initial assessment and by passing this you are demonstrating your commitment as a penetration tester. It also allows for the participant to gain CHECK Team Leader status (subject to CESG approval).
• CREST Infrastructure or Application Certified Tester; A set of examinations designed to set the benchmark for senior penetration testers. By gaining the CREST Certified Tester certification in either infrastructure or application testing you are recognisably at the top of your game as a tester. Furthermore the examination was the first assessment to be granted equivalence with the CESG CHECK Assault Course, in June 2008.

CompTIA

CompTIA is a non-profit organisation that re-invests any proceeds directly into its programmes and initiatives. It is member driven and stands to serve the IT community by giving a cohesive voice for the companies and businesses it serves, and by setting up standards and educational programmes to ensure quality within the IT market. Many of the courses are prerequisites for further qualifications.

• CompTIA Security+; Ensures competency and credibility in network security; Compliance and operational security; Threats and vulnerabilities; Application, data and host security; Access control and identity management; and Cryptography. Enables you to anticipate, as well as just react to, a security risk.

(ISC)²

‘International Information Systems Security Certification Consortium' Is the largest not-for-profit membership body of certified information security professionals worldwide with nearly 75,000 members in more than 135 countries. Globally recognised as the Gold Standard, (ISC)² issues qualifications to professionals looking to further their credentials. The ones most relevant to Acumin are the Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), and the Certification and Accreditation Professional (CAP) qualifications.

• CISSP and CISSP Concentrations; Requiring 5 years of experience in the information security field, CISSP is a globally recognised certification of excellence that will help you to take your career further. CISSP is ideal for mid or senior professionals who are looking to continue upwards in their position. CISSP Concentrations are for those looking to be more specific in their qualification. Also expects a previous (ISC)² credential for eligibility, the assessment proves in-depth knowledge in that area. They can be done in Architecture, Marketing or Management.
• SSCP; Requires just one year's work experience in the information security field, and is ideal for people working towards, or are already in, roles such as Network Security Engineers, Security Systems Analysts, or Security Administrators.
• CAP; An objective measurement of the abilities and skills of people involved in information security systems. This course is particularly helpful for those who are directly concerned with assessing security risks and requirements.

BCS

The British Computer Society seeks to promote professional practice tuned to the demands of business through respected IT qualifications and professional development. The institute collaborates with government, industry and relevant bodies to establish good working practices, codes of conduct, skills frameworks and common standards.

• Information Security Management Principles; A foundation to some more advanced courses offered by BCS, this programme is designed to a wide range of issues within information security management. It gives a chance to those who are already information security professionals to refresh their knowledge and gain a qualification.

ISACA

An independent, non-profit, global association, ‘Information Systems Audit and Control Association' provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. ISACA was set-up in 1969 by a small group of individuals who recognised a need for a centralised source of information and guidance for information security issues.

• Certified Information Security Manager; CISM has been created to suit the needs of those who are already well established as having information security duties. The management-focused CISM is a unique certification for individuals who design, build and manage enterprise information security programs and gives you a chance to get certified under universally accepted technical practices.
• Certified Information Systems Auditor; CISA gives a recognised standard of achievement in the area of information security audit, control and security. Certification of this kind is invaluable to professionals regardless of whether it is mandatory to them or not because of its importance to information security organisations and employers.

University Courses

Below is a comprehensive list of information security university courses available. There are a number of related subjects that can be studied in conjunction with information security including; Computer Forensics, Biometrics, Corporate Risk, Data Privacy and other appropriate forms of security (such as Network Security and IT security). In addition to theoretical and skill based learning, many of these courses teach a comprehensive study of wider issues ranging from legal technicalities to moral concerns. Whether you are at the beginning of your career and need foundation knowledge or are seeking to move into management and require an offering that involves information security leadership and advanced IT Security and Risk skills, there is likely to be a course which is both geographically and personally suitable.

Anglia Ruskin University,

o   Information Security and Forensic Computing (BSc Hons)

Cardiff University,

o   Information Security and Privacy (MSc)

City University,

o   Information Security and Risk (MSc)

Edge Hill University,

o   Information Security (MSc/MPhil/PhD)

London Metropolitan University,

o   Information Security Management and Governance (MA)

o   Computer Technology and Information Technology Security (BSc Hons)

o   Information Technology Security (MSc)

Loughborough University,

o   Security Management (Cert/Dip/MSc)

Kingston University, London,

o   Network and Information Security (MSc)

Plymouth University,

o   Computer and Information Security (BSc Hons)

Sheffield Hallam University,

o   Computer and Information Security (BSc Hons/MComp Hons)

o   Information Systems Security (PgDip/PfCent/MSc)

The Open University,

o   Information Security Management (single module)

University College London,

o   Information Security (PgDip/MSc/PhD/MPhil)

University of Bedfordshire,

o   Information Management and Security (MSc)

University of Central Lancashire,

o   Information Technology Security (PgDip/MSc)

University of East London,

o   Information Security and Computer Forensics (MSc)

University of Glamorgan,

o   Computer Systems Security (MSc)

University of Glasgow,

o   Information Security (MSc)

University of Greenwich,

o   Information technology with security (PgDip/MSc)

University of Kent,

o   Information Security and biometrics (MSc/PgDip)

University of Portsmouth,

o   Computer and Information Security (MSc)

University of Salford,

o   Information Security Management (MSc)

o   Information Security (MSc)

University of Southampton,

o   Corporate Risk and Security Management (MSc)

University of Wales, Newport,

o   Information Security (BSc Hons)

University of Wales, Trinity Saint David,

o   Information Security Management (MBA)

University of Westminster,

o   Information Technology Security (MSc)