Читать книгу CISSP For Dummies - Peter H. Gregory - Страница 48

Many other certifications are not tied to specific hardware or software vendors. Some of the best include

 CISA (Certified Information Systems Auditor): Consider this certification if you work as an internal auditor or your organization is subject to one or more security regulations, such as Sarbanes-Oxley, HIPAA, GLBA, or PCI. ISACA manages this certification. Find out more about CISA at www.isaca.org/cisa.

 CISM (Certified Information Security Manager): Similar to (ISC)2’s Information Systems Security Management Professional (ISSMP) certification (which we talk about in the section “CISSP concentrations” earlier in this chapter), you may want the CISM certification if you’re in security management. Like CISA, ISACA manages this certification. Read more about it at www.isaca.org/cism.

 CRISC (Certified in Risk and Information Systems Control): This certification concentrates on organization risk management, controls, and information security. Find out more at www.isaca.org/crisc.

 CGEIT (Certified in the Governance of Enterprise IT): Look into this certification if you want to demonstrate your skills and knowledge in the areas of IT management and governance. Effective security in an IT organization depends on governance, which involves the management and control of resources to meet long-term objectives. You can find out more about CGEIT at www.isaca.org/cgeit.

 CDPSE (Certified Data Privacy Solutions Engineer): This relatively new certification from ISACA is all about technical skills within the growing privacy profession. For more information, visit www.isaca.org/cdpse.

 CPP (Certified Protection Professional): Primarily a security management certification, CPP is managed by ASIS International. The CPP certification (www.asisonline.org/certification) designates people who have demonstrated competence in all areas constituting security management.

 PSP (Physical Security Professional): ASIS International also offers this certification, which caters to professionals whose primary responsibility focuses on threat surveys and the design of integrated security systems. Read more at www.asisonline.org/certification.

 CIPP (Certified Information Privacy Professional): The International Association of Privacy Professionals (IAPP) has this and other country-specific privacy certifications for security professionals with knowledge and experience in personal data protection. Find out more at https://iapp.org/certify/cipp (login required).

 CIPP/US (Certified Information Privacy Professional/U.S.): Privacy in the United States is growing fast, and IAPP has developed a U.S. version of the CIPP. Read more at https://iapp.org/certify/cippus.

 CIPP/C (Certified Information Privacy Professional/Canada): Privacy in Canada is growing in importance, so much that IAPP has a Canadian version of CIPP. Find out more at https://iapp.org/certify/cippc.

 CIPP/E (Certified Information Privacy Professional/Europe): Privacy in Europe is so important in our industry that the IAPP has developed a version of the CIPP especially for European privacy matters. See more at https://iapp.org/certify/cippe.

 CIPP/A (Certified Information Privacy Professional/Asia): IAPP has an Asia version of the CIPP certification that focuses on privacy laws and practices in Asian countries. Find out more at https://iapp.org/certify/cippa.

 CIPM (Certified Information Privacy Manager): This certification is designed for privacy program leaders in organizations; it focuses on building a privacy team and privacy operations. Find out more at https://iapp.org/certify/cipm.

 CCISO (Certified Chief Information Security Officer): This certification demonstrates the skills and knowledge required for the typical CISO position. Read more at https://ciso.eccouncil.org.

 CBCP (Certified Business Continuity Planner): A business continuity planning certification offered by the Disaster Recovery Institute. You can find out more at https://drii.org/certification/cbcp.

 DRCE (Disaster Recovery Certified Expert): This certification recognizes knowledge and experience in disaster recovery planning. For more information about DRCE and related certifications, visit www.bcm-institute.org/certification.

 PMP (Project Management Professional): A good project manager — someone you can trust with organizing resources and schedules — is a wonderful thing, especially on large projects. The Project Management Institute (www.pmi.org) offers this certification.

 PCI QSA (Payment Card Industry Qualified Security Assessor): The Payment Card Industry Security Standards Council developed the QSA certification for professionals who audit organizations that store, transmit, or process credit card data. This certification is for PCI auditors. Find out more at www.pcisecuritystandards.org.

 PCI ISA (Payment Card Industry Internal Security Assessor): This certification, also from the Payment Card Industry Security Standards Council, is for security professionals within organizations that store, transmit, or process cardholder data. Find out more at www.pcisecuritystandards.org.

 GIAC (Global Information Assurance Certification): The GIAC family of certifications includes categories in Audit, Management, Operations, and Security Administration. GIAC non-vendor-specific certifications complementing CISSP are GIAC Certified Forensics Analyst (GCFA) and GIAC Certified Incident Handler (GCIH). Find more information at www.giac.org/certifications. Several vendor-related GIAC certifications are mentioned in the next section.