Posted by: Ed Tittel
The International Information Systems Security Certification Consortium is usually known as (ISC)2, pronounced “ISC-squared.” They are pretty well-known as the source for the ever-popular Certified Information Systems Security Professional (CISSP) credential, and offer a whole slew of other credentials besides that, including the Certified Authorization Professional (CAP), the Systems Security Certified Practitioner (SSCP, a kind of CISSP precursor cert), various CISSP concentrations, and the Certified Secure Software Lifecycle Professional (CSSLP). The organization is now working on a September, 2013, release of a new credential called the Certified Cyber Forensics Professional (CCFP), which aims to identify qualified computer professionals who are proficient in topics that include “established forensics disciplines” plus “mobile forensics, cloud forensics, antiforensics, and more.”
Increasing global appetite for certified forensics professionals no doubt prompted ISC-squared’s entry into this market space.
As of our most recent 2013 Information Security Survey for TechTarget’s site, SearchSecurity.com, we counted 23 vendor-neutral forensics certifications, and as many as five (or as few as two, depending on how you want to count such things) vendor-specific forensics credentials, not including forensics-related certs like those for the Wireshark protocol analyzer (this is tool often used in forensics examinations of network traffic, and sports its own Wireshark Certified Network Analysts, or WCNA, credential). Thus, the CCFP comes into an already-crowded but also highly-fragmented part of the certification landscape.
I have to believe that the ISC-squared is seeking to trade on the high name recognition that its CISSP has achieved, along with that certification’s nearly constant spot in the “Top 10 Lists” for IT certification in general, and information security certification in particular, for the past decade or longer. And certainly, the CCFP is targeting exactly the right audience including law enforcement professionals, private and public cyber forensics investigators, corporate information security professionals, litigation support professionals, and so on. Examination of the CCFP home page and the content and composition of its Common Body of Knowledge (or CBK, for which term ISC-squared claims a registered trademark!) show that the organization has done its homework in addressing the key subject matters relevant to computer forensics. Here’s a quick list of the CBK elements:
- Legal and Ethical Principles
- Forensic Science
- Digital Forensics
- Application Forensics
- Hybrid and emerging technologies (mobile, cloud, virtualization, …)
Background and experience requirements for the CCFP include a four year-college degree (Bachelor’s or “regional equivalent”), plus three years of full-time digital forensics or IT security experience in three out of six of the CBK domains just recited above. Candidates who lack a four-year degree need six years of digital forensics or IT security experience in three out of six of those domains, but may be granted a one-year “professional experience waiver” if they’ve earned an alternate forensics certification from the (ISC)2 list of approved certs. That list includes a Hanggul (Korean) cert name I can’t read, plus the EnCase EnCE and EnCEP, AccessData’s ACE, the IACIS CFCE, the SANS GIAC GCFA, EC-Council’s CHFI, and ISFCE’s CCE, which clearly positions the CCFP as a senior-level forensics certification with some interesting vendor-specific (EnCase and AccessData) as well as vendor-neutral (GIAC, IACIS, EC-Council, and ISFCE) antecedents. In keeping with the CISSP program, the CCFP also offers the “Associate in CCFE” to those who can pass the exam, but who don’t yet have the requisite years of experience and/or degree to qualify for the full-blown certification.
Can the (ISC)2 step in an grab a choice spot at the top of the computer forensics certification food chain? Maybe so: this fragmented cert niche has lacked a global credential until now, and there’s an interesting combination of strong appetite and lack of a clear market leader that has obviously led (ISC)2 to make a foray into the forensics game. Can (ISC)2 succeed where others have not yet prevailed? Again: maybe so. But I will also observe that if the CISSP has one weakness, it’s in the lack of a practical, hands-on, lab-based component to complement its excellent coverage of information security theory with an equally demanding test of hands-on and practical skills and knowledge. This has not hampered CISSP’s success or standing, but in an arena like cyber forensics where practical skills and knowledge are perhaps even more important than a knowledge of theory and CBK domains, it may not be enough to leapfrog the CCFP into the market-leading position that this credential obviously aims to occupy. It should be interesting to see how this all turns out…