Cybersecurity: Which Certification Should I Choose?

When people hear the term cybersecurity, they often think about certifications to demonstrate their knowledge.  While the cybersecurity field is broad, there are specialties within cybersecurity.  There are certificate programs that focus on the hands-on aspect of the field while others focus on the management of a cybersecurity program.  Within the hands-on aspect of cybersecurity there are several certifications that can be obtained. Below are some of the more common certifications that can be earned to work in the cybersecurity field. 

Certified Information Systems Security Professional (CISSP): 

A Certified Information Systems Security Professional (CISSP) follows the ethical rules in the table below. This certified individual protects the integrity of the organization’s infrastructure. They act honestly and honorably and follow industry laws. The CISSP should always act in the best interest of the organization and act in a professional manner to protect the profession (Gigantino, 2019). The requirement is five years’ experience in information security and must cover at least two of the 10 domains outlined in the CISSP Common Body of Knowledge (CBK) (Busso, n.d.).   

The work of a CISSP is very interesting.  They look after the safety and security of the network and help provide information that will prevent identity theft as well as explore new tools in the market to help protect the network. With ransomware attacks on the rise, the CISSP is at the forefront of protecting the network. Some of the responsibilities maybe implementing firewall rules and writing policies and procedures to help protect the organization. They may also conduct penetration tests to test the networks security and ensure hackers are unable to access the network. 

Ethical Rules 

    Knowledge Requirement 

  • Protect society, the commonwealth, and the infrastructure 

  • Act honorably, honestly, justly, responsibly, and legally. 

  • Provide diligent and competent service to principals 

  • Advance and protect the profession 

 

  • 5 years of experience in Information Security.  

  • Experience must be within at least two of the 10 security domains of the (ISC)2 CISSP Common Body of Knowledge (CBK)

HealthCare Information Security and Privacy Practitioner  

The HealthCare Information Security and Privacy Practitioner (HCISPP) follows the ethical rules similar to the CISSP, but it is focused on the health care side of the cybersecurity field. One of the main ethical rules of this certification is to protect patient health information. In a health care organization, there may be several individuals that have the CISSP and HCISPP. They are very knowledgeable about network security and the unique environment of the healthcare setting (HCISPP – The HealthCare Security Certification, n.d.).   

The health care setting is different than a typical small network because vendors may need to have remote access, and outside vendors are often coming in the hospital with laptops and the security on those laptops are unknown and they attempt to access the hospitals network. Sensitive patient information, which is worth more on the black market then typical identity theft, must be protected from outside bad actors. 

The knowledge requirement for the certification is at least two years’ work experience or more in the areas of the common body of knowledge including security, compliance, and privacy. Of these two years’ experience, one year must be in the healthcare environment (Root, 2021). Hospital organizations security team have gone through some very creative and innovative steps to secure the network. For example, if a computer is plugged into the network and the MAC address is not recognized it is automatically blacklisted. If a network card is replaced the security team needs to be made aware that they will see a new MAC address and it needs to be whitelisted. The work environment is similar to a CISSP, but the work is done in healthcare environment. 

Ethical Rules 

      Knowledge Requirement 

  • Follow the organizational rules of your healthcare organization 

  • Protect Patient Health Information (PHI) 

  • Protect society, the commonwealth, and the infrastructure 

  • Act honorably, honestly, justly, responsibly, and legally. 

  • Provide diligent and competent service to principals 

  • Advance and protect the profession 

 

  • Applicants must have at least two years’ work experience in one or more knowledge areas of the HCISPP Common Body of Knowledge (CBK), including security, compliance, and privacy. 

  • Legal experience may be substituted for compliance. 

  • Information management experience may be replaced for privacy. 

  • Of the two years of experience, one of those years must be in the healthcare field. 

Be a part of the next class of Cybersecurity analysts.

Explore the Computer Science Program

Certified Cyber Security Forensics Analyst (CSFA) 

The Certified Cyber Security Forensics Analyst (CSFA) ethical rules include honestly and integrity and are listed in the table below.  Some of the rules are to observe the code of conduct for the organization that they are working for, keep technical skills current, not accept compensation based on the contingency, maintain custody and control over materials that are entrusted in their care, and disclose any potential conflicts of interest that could influence your decision and judgment (Code of Ethics and Conduct, n.d.). The requirement is to possess practical experience in the field of digital forensics, pass an FBI background check, and attend continuing education training at a minimum of every two years (CyberSecurity Forensic Analyst (CSFA), n.d.).  

Since the field of cyber security forensics is ever changing, it is not unreasonable that meeting the 80-hour training requirement every two years would be somewhat simple. This certified person is responsible for conducting exams on compromised computers and servers and have knowledge of several operating systems. They would also be responsible for conducting security assessments, penetration testing, and at times ethical hacking to identify information security holes. 

Ethical Rules 

Knowledge Requirement 

  • I will observe and honor any other code of ethics or conduct for the organizations I am a member of or employed by.  

  • I will respect the confidential nature of any information, methodologies, or techniques that I become aware of in relation to computer forensics/forensic computing. 

  • I will strive to keep my technical skills current.  

  • I will be honest and forthright in my dealings with others.  

  • I will not reveal facts, data or information without the prior consent of my client or employer except as authorized or required by law.  

  • I will not accept compensation for my services based on contingency.  

  • I will maintain custody and control over whatever materials are entrusted to my care.  

  • I will disclose all known or potential conflicts of interest that could influence or appear to influence my judgment or the quality of my services. 

  • Possess practical experience in the field of digital forensics. 

  • Submit an FBI Criminal Background Check 

  • Attend a minimum of 80 class hours of digital forensics / information technology training every two years 

 

Certified Secure Software Lifecycle Professional (CSSLP) 

The Certified Secure Software Lifecycle Professional (CSSLP) follows the ethical rules to provide a holistic approach to security needs, gives advice regarding design and development and deployment of secure software, and maintains a knowledge of security technologies (CSSLP, n.d.). The requirement for the position is four years’ experience in Software Development Lifecycle (SDLC) in one or more of the eight domains of the (ISC)² CSSLP CBK.  The number of years of experience required can be lowered to three years if the candidate has a bachelor’s degree in computer science or other information technology related fields (CSSLP Experience Requirements, n.d.). 

The CSSLP is responsible for incorporating security practices such as authentication and auditing in each phase of software development lifecycle. Typically, software is breached because of his security hole or error in the software. The certified professional must understand the software lifecycle and help to identify vulnerabilities and fix them before a software is released. If this software is released with vulnerabilities the possibility of data breaches, lost business, or brand damage can be at stake. 

Ethical Rules 

        Knowledge Requirement 

  • Provides a holistic approach to software security needs 

  • Gives advice regarding designing, developing and deploying secure software 

  • Maintains knowledge on the latest software security technologies 

  • Assists in meeting the assurance of compliance to regulations 

  • Affirms compliance to the policy & procedures set 

  • Four years of cumulative paid Software Development Lifecycle (SDLC) professional work experience in one or more of the eight domains of the (ISC)² CSSLP CBK 

  • Or three years of cumulative paid SDLC professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year degree leading to a Baccalaureate, or regional equivalent in Computer Science, Information Technology (IT) or related fields. 

 

When reviewing these four certifications, they all have the underlying message of securing the network for securing the software. The main responsibilities include protecting the organization and the customers. While they all have a slightly different approach to systems security, combining all four of these certifications within one organization can help ensure the network, the software, and the hardware are protected and if there was a breach you would have the expertise on hand to do a forensic analysis to identify where the breach was and how to avoid it in the future. 

 

References 

Busso, J. (n.d.). Steps to Become a CISSP (Certified Information Systems Security Professional). Retrieved from CCSI: https://www.ccsinet.com/blog/steps-cissp-certified/ 

Code of Ethics and Conduct. (n.d.). Retrieved from CyberSecurity Institute : http://www.corcosconsulting.com/blog/wp-content/uploads/2016/06/Code-of-Ethics-and-Conduct-CyberSecurity-Institute.pdf 

CSSLP. (n.d.). Retrieved from SANS: https://www.sans.org/brochure/course/isc2-certified-secure-software-lifecycle-professional-csslp/326 

CSSLP Experience Requirements. (n.d.). Retrieved from (ISC)2: https://www.isc2.org/Certifications/CSSLP/Experience-Requirements# 

CyberSecurity Forensic Analyst (CSFA). (n.d.). Retrieved from GoCertify: http://www.gocertify.com/certifications/cybersecurity-institute/cybersecurity-forensic-analyst.html 

Gigantino, J. (2019, August 26). The Ethical Rules of a CISSP. Retrieved from Career Trend: https://careertrend.com/info-7800046-importance-confidentiality-mentoring.html 

HCISPP – The HealthCare Security Certification. (n.d.). Retrieved from (ISC)2: https://www.isc2.org/Certifications/HCISPP 

Root, J. (2021, March 15). Pass Your HCISPP Certification with These Tactics. Retrieved from iSecPrep: https://www.isecprep.com/2021/03/15/pass-your-hcispp-certification-with-these-tactics/#:~:text=Experience%20Required%20for%20Healthcare%20Information%20Security%20And%20Privacy,of%20Knowledge%20%28CBK%29%2C%20including%20security%2C%20compliance%2C%20and%