ISC2 (International Information System Security Certification Consortium) is the world's largest nonprofit cybersecurity certification organization, providing globally recognized credentials that validate security expertise and drive professional development for cybersecurity practitioners worldwide.
Founded to advance the cybersecurity profession, ISC2 establishes global benchmarks for assessing and certifying security personnel. The organization's certifications meet ISO/IEC Standard 17024 requirements, which organizations rely on to validate expertise and ensure compliance readiness.
The ISC2 Common Body of Knowledge
Through its Common Body of Knowledge (CBK), ISC2 provides a comprehensive framework covering essential security topics across multiple domains. The CBK serves as the foundation for ISC2's certification examinations and represents the collective knowledge required for effective cybersecurity practice.
ISC2 Certifications
ISC2 offers nine distinct certifications ranging from entry-level credentials that require no prior experience to advanced specializations that demand extensive expertise and prerequisite certifications:
CISSP (Certified Information Systems Security Professional): ISC2's flagship certification and one of the most recognized credentials in the cybersecurity industry. Covers eight security domains and requires five years of paid work experience in two or more domains. Widely considered the gold standard for senior security practitioners.
CCSP (Certified Cloud Security Professional): Focuses on cloud security architecture, design, operations, and service orchestration. Targets security professionals working with cloud platforms and infrastructure.
SSCP (Systems Security Certified Practitioner): An intermediate-level certification covering technical security administration, covering access controls, cryptography, network security, and incident response.
CC (Certified in Cybersecurity): ISC2's entry-level certification requiring no prior experience, designed to help individuals begin their cybersecurity careers.
CSSLP (Certified Secure Software Lifecycle Professional): Focuses on integrating security practices into software development, covering secure software concepts, requirements, design, implementation, testing, and lifecycle management.
CAP (Certified Authorization Professional): Addresses risk management frameworks and authorization of information systems, particularly relevant for government and federal contractors.
HCISPP (HealthCare Information Security and Privacy Practitioner): Specialized certification for professionals working in healthcare information security and privacy.
CISSP-ISSAP (Information Systems Security Architecture Professional): Advanced concentration for CISSPs specializing in security architecture.
CISSP-ISSEP (Information Systems Security Engineering Professional): Advanced concentration for CISSPs focused on security engineering principles.