JafSec Company Logo


We see CISSP, CEH and CISA as the most popular IT security certifications. Some individuals strive to have a combination of these or even all. These certifications require an individual to pass an exam and usually evidence an individual has been working in the security industry for a number of years before being fully certified.




IT Security Certifications




CompTIA is a none profit organisation that educates and trains individuals within different areas of IT. ComTIA deliver CompTIA Security+ that certifies an individual on their understanding and competency within security including network security, compliance, application security, cryptography, access control and others.


Critical Infrastructure Institute is a provider of the Professional in Critical Infrastructure Protection (PCIP) certification. The certification is available within the US and shows an individual has the ability to assessing and manage risks and respond to incidents and recover operations and service delivery.


DRI International educate and certify individuals on business continuity and disaster recovery.

Certifications include

Associate Business Continuity Professional
Certified Functional Continuity Professional
Certified Business Continuity Professional
Master Business Continuity Professional


EC-Council is an organisation which certifies individuals and organisations in a number of areas around e-business and IT security.

Certified Ethical Hacker (CEH) is one of EC-Council's most popular IT security certification. An ethical hacker’s task would be to penetrate / exploit a system\network and report on the results found (assuming they have the company’s permission to do so). EC-Council also offer other certifications as well such as Computer Hacking Forensic Investigator (CHFI) and Certified Security Analyst (CSA).

Qualified Security Assessor (QSA) by PCI Security Standards Council is a certification for assessing and certifying that a company is complying with the Payment Card Industry Data Security Standards (PCIDSS). Not anyone is able to take the course and exam. There has to be a number of pre-requisites in place such as the company of an individual must first be an authorised member.

Other courses by EC-Council

- Computer Hacking Forensic Investigation
- Certified Security Analyst
- Licensed Penetration Tester
- Network Security Administrator
- Certified Secure Programmer
- Certified VoIP Professional
- Disaster Recovery And Virtualization
- Certified Network Defense Architect
- Certified Incident Handler
- Certified Security Specialist
- Wireless Certification


The Global Information Assurance Certification (GIAC) was introduced to validate the skills of IT security professionals and provide a number of certifications. GIAC covers areas such as auditing, IDS, Windows and Linux security, firewalls, forensics and other specific areas. GIAC has to be retaken every 4 years.

Certifications by GIAC:

GIAC Security Essentials GSEC
GIAC Certified Incident Handler GCIH
GIAC Certified Intrusion Analyst GCIA
GIAC Penetration Tester GPEN
GIAC Certified Firewall Analyst GCFW
GIAC Certified Windows Security Administrator GCWN
GIAC Web Application Penetration Tester GWAPT
GIAC Assessing and Auditing Wireless Networks GAWN
GIAC Certified UNIX Security Administrator GCUX
GIAC Information Security Fundamentals GISF
GIAC Certified Enterprise Defender GCED
GIAC Exploit Researcher and Advanced Penetration Tester GXPN


International Association of Privacy Professionals (IAPP) provides a centralised place for privacy professional to get together, share ideas and knowledge. IAPP supports privacy professionals through networking, education and certification.

Certified Information Privacy Professional (CIPP) by International Association Of Privacy Professionals (IAPP) is a privacy and data protection certification in compliance within the US. IAPP provide other certifications as well.

Other courses by IAPP

Certified Information Privacy Professional/Canada (CIPP/C)
Certified Information Privacy Professional/Information Technology (CIPP/IT)
Certified Information Privacy Professional/Europe (CIPP/E)
Certified Information Privacy Professional/Government (CIPP/G)


ISACA is a none profit organisation that provides guidance and benchmarks for organisations that make use of information technology systems. ISACA provides a range of IT Governance services.

Certified Information Security Auditor (CISA) is a professional IT security certification governed by ISACA. CISA is suited for IT security auditors, or anyone who has an interest in this area.

Certified Information Security Manager (CISM) by ISACA is aimed towards security professionals with IT Security management responsibilities.

Other courses by ISACA

Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)


ISC2 is a none profit organisation which provides education and certification to it's members within IT security. ISC2 have a strong and reputable presence throughout the world.

Certified Information System Security Professional (CISSP) certification by ISC2 is a globally recognized standard of achievement. CISSP is a senior certification for IT professionals throughout the world. For an individual to gain CISSP they must have at least 5 years of direct IT security experience and pass the CISSP exam.

Other courses by ISC2

Systems Security Certified Practitioner
Certified Authorization Professional
Certified Secure Software Lifecycle Professional
CISSP Concentrations (Architecture, Engineering or Management)


ISO 27001 Lead Auditor qualification is for security professionals who want to work with an internationally recognised best practise standard and specialise in information security management systems. Organisations who achieve ISO 27001 certification does not mean an organisation is fully secure as there is no such thing, rather it shows they follow a high standard of securing information and more. This gives partners and customers the confidence to work with them. Becoming an ISO 27001 Lead Auditor means you can provide competent consultancy and assist organisations in meeting the standard.