International Information Systems Security Certification Consortium (ISC)2

What is (ISC)2?

(ISC)², short for International Information Systems Security Certification Consortium, is a nonprofit organization that provides security training and certificates.

Formed in 1988 by a group of security organizations looking to create a vendor-neutral, standardized certification program to validate the competency of security professionals, (ISC)² was formally established in 1989.

What certifications does (ISC)2 offer?

The most notable certification offered by (ISC)² is the Certified Information Systems Security Professional (CISSP). It is often considered the gold standard in security certifications. Three CISSP concentrations are also available: Information Systems Security Architecture Professional (CISSP-ISSAP), Information Systems Security Engineering Professional (CISSP-ISSEP) and Information Systems Security Management Professional (CISSP-ISSMP).

Other (ISC)² certifications include Systems Security Certified Practitioner (SSCP), Certified Authorization Professional (CAP), Certified Secure Software Lifecycle Professional (CSSLP) and HealthCare Information Security and Privacy Practitioner (HCISPP).

What is the certification process?

All (ISC)² certifications require applicants to pass thorough, in-person examinations, which are administered by Pearson VUE at its testing centers around the world. The exams typically require several hours to complete. For example, candidates have six hours to take the CISSP, four hours to take the SSCP and three hours to take the CSSLP.

Most of the exam questions are written in multiple-choice format. (ISC)² recommends those looking to acquire a certification enroll in associated training seminars through a live online class, in a classroom or by hosting a private training taught by an instructor. Training seminars are given by Official (ISC)² Training Providers.

Everyone who obtains an (ISC)² certification automatically becomes a member. Members typically include enterprise information security professionals with titles such as CSO, CTO, CIO, security manager, systems engineer, systems integrator, chief risk officer, systems administrator and network administrators. All members are held to the (ISC)² Code of Ethics. People who intentionally or accidentally violates the Code are subject to a peer review and may have their certification(s) revoked.

(ISC)2 Security Congress

In 2011, the Consortium started the annual (ISC)² Security Congress conference. Attendees are offered educational seminars on current and emerging security issues, security best practices and challenges facing security leaders. The event takes place in a different city each year.

Organizations that offer competing certifications include the SANS Institute, ISACA and CompTIA.

Editor's note: This was originally written by Madelyn Bacon in 2015. It was republished in April 2023 to improve the reader experience.