The Associate of (ISC)2 Certification
In the summer of 2003, (ISC)2 established “the Associate of (ISC)2 Program for those who have
chosen a career path in information security and wish to become an SSCP or CISSP in the
future, but who are still obtaining the required years of experience.” With the Associate program,
a candidate without the required experience who passes the SSCP or CISSP exam must agree to the
(ISC)2’s Code of Ethics, and “must garner the requisite work experience and successfully complete
a professional endorsement process before he/she becomes officially certified as CISSP or
SSCP.” Meanwhile, the candidate won’t be allowed to use the CISSP or SSCP moniker until “formally
certified.” Note as well that “the Associate of (ISC)2 has a maximum of five years to obtain the
required experience and submit the required endorsement form for certification.”
CISSP ISSAP/ISSEP/ISSMP Concentrations
Last summer, (ISC)2 rolled out three Concentration exams, all of which have the CISSP as
a prerequisite. These exams are the:
ISSEP: Information Systems Security Engineering Professional
ISSAP: Information Systems Security Architecture Professional
ISSMP: Information Systems Security Management Professional
Here is how (ISC)2 describes these exams: “It is often useful for CISSPs to think of the
concentration examinations as one would think about a ‘major’ in college. For example, a
CISSP may demonstrate more in-depth knowledge in information security architecture by obtaining
the ISSAP credential, much like a student at a business college might "major" in accounting,
marketing, or some other area of business concentration.”
Each exam lasts 3 hours and costs $349 USD. There are savings if you register for two or more
exams. Moreover, “the ISSMP and ISSAP concentration examinations are comprised of 100 scored items
plus 25 pretest items - for a total of 125 items. The ISSEP concentration examination is comprised of
125 scored items plus 25 pretest items - for a total of 150 items.”
(ISC)2 Recertification and Certification Program FAQ
In terms of the SSCP certification: “An SSCP must submit 60 CPEs [Continued Professional Education
credits] during the 3-year re-certification period. Of the 60 CPEs that are required, at least
40 must be ‘A’ credits (directly related to the 7 major domains of the SSCP CBK) and as many as 20
can be ‘B’ credits (not related to the 7 domains of the SSCP CBK).”
In terms of the CISSP certification: “A CISSP must submit 120 CPEs during the 3-year re-certification
period. Of the 120 CPEs that are required, at least 80 must be ‘A’ credits (directly related to
the 10 major domains of the CBK) and as many as 40 can be ‘B’ credits (not related to the 10
domains of the CISSP CBK).”
For more details on (ISC)2 in general and on recertification, check out these links:
For some time now, the (ISC)2 SSCP and CISSP certifications have been highly valued. Now, thanks to additions
to both the low and high end of the (ISC)2 certification path, the number of people choosing an (ISC)2
certification should continue to increase, notwithstanding the recent price rises in the exams.
Whether you are new to IT security or a growing expert, there is likely an (ISC)2 certification
suitable to you.
Ted Tederoff
P. Eng., CNE, MCSE (NT 4, W2K), A+, ATM-S, CL
Earn an affordable, online bachelor's degree in Information Technology—Security Emphasis plus nine IT certifications including Sun Certified Programmer for the Java Platform, MySQL Core, and Security+. Your prior college and IT certifications may waive some degree requirements FREE subscription to Network World. Your complimentary subscription will include 50 weekly issues jam packed with news analysis, expert industry opinion and management/career advice, all of which is packaged with your business needs in mind. We want to help you connect the technology dots and help you advance your company's business goals
Email this Article
Print this Article
