Information Security Risk Best Practices

Information Security Certifications

Certifications for information security professionals can be divided into three categories (see Figure 1):

The two most frequent certifications in the industry are CISSP from ISC2, and GIAC from The SANS Institute. Note: CISSP is Certified Information Systems Security Professional; ISC2 is the International Information Systems Security Certifications Consortium; GIAC is Global Information Assurance Certification; SANS is SysAdmin, Audit, Networking, Security.

The Information Systems Audit and Control Association has recently started its Certified Information Security Manager (CISM) certification. The "grandfather clause" means that many CISSPs will also be CISMs.

Gartner conducted a survey of information security professionals that compared CISSP and CISM. Respondents were asked questions such as:

Following are some of the more significant survey results: