I. Introduction
Regarding the topic of textual research, the author’s opinion is: “It’s better to have something than nothing, it’s definitely better, but it’s not necessarily necessary; the proof on paper is superficial, but safety requires strength.” Many people are confused about the research and publicity of various institutions. They don't know what certificates are available in the network security industry? Which certificates have gold content? Which certificates are the leek harvesters of institutions? In response to such doubts, the author shared his own understanding: the CISSP (International Registered Information System Security Expert Certification) certified by the (ISC)² Certification Center has the highest gold content in the network security industry. Certificate, and the application requirements are relatively strict. The second most valuable is the CISP (National Registered Information Security Professional Certification) certified by the China Information Evaluation and Security Center, which includes two different directions (ie, sub-certificates) of CISE (registered information security engineer) and CISO (registered information security administrator) . As far as actual combat is concerned, the CISP-PTE (Certified Information Security Penetration Tester Certification) certified by the China Information Security Evaluation Center and the OSCE certification launched by Offensive Security also have a certain amount of gold. But as far as the country is concerned, if the application conditions are not enough for CISSP, CISP related certificates can be certified.
Two: Specific introduction of relevant certificates
(1): CISSP (Certified Information System Security Professional)
CISSP (Certified Information Systems Security Professional), an international registered information system security expert certification, is a security industry certificate widely recognized around the world in the field of information security, and is known as the "gold standard" in the industry. CISSP certification is not only an objective evaluation of personal information security expertise, but also a globally recognized standard of personal achievement.
(1) The effect of certificates on individuals
1) Objective recognition of personal information security professional capabilities.
2) Have a higher reputation and personal competitiveness in the industry.
3) Enjoy the exclusive rights and interests of (ISC)² members, which can expand the interpersonal network and promote communication in the industry.
(2) Application conditions
It is necessary to prove that there are at least five years of full-time work experience in the information security industry in two or more of the eight areas of knowledge specified by CISSP, or a bachelor's degree in two or more of the eight areas of knowledge specified by CISSP Category, with at least 4 years of full-time working experience in the information security industry. If you have not reached the working period, you can still take the exam and become an ISC associate member. After the working period expires, you can apply for certification.
(3) Application fee
The registration fee for the CISSP exam is US$749, a handling fee of US$50/time is charged for rescheduling/postponing the exam, and a handling fee of USD100/time is charged for canceling the exam. After passing the exam, you need to pay an annual maintenance fee of $129 per year, and you need to accumulate 120 continuing professional education credits every three years. If you want to meet the credit requirements, you must re-acquire certification.
(3) Exam scope
(2): CISP (National Registered Information Security Personnel Certification)
CISP, the full name of National Registered Information Security Personnel Certification, is certified by China Information Security Evaluation Center. It can be regarded as a domestic authoritative certification. It has a government background to endorse the certification. It has a great gold content in the domestic security industry and is the country's highest recognition of the qualifications of information security personnel. This certification is very important for entering the government, state-owned enterprises and key industries, or for enterprises to obtain information security service qualifications and participate in network security projects. As the most authoritative information security certification in China, CISP will steadily improve your personal career. At the same time, CISP is also the information security certification with the largest number of members in China. You can communicate and share with industry elites through the CISP House Club to improve your career. Personal information security assurance level.
CISP is divided into four types of certificates: CISE (registered information security engineer), CISO (registered information security administrator), CISA (registered information system auditor), CISD (registered information security developer). CISE focuses on technology, CISO focuses on management methods, and CISA focuses on security audits. To participate in the exam, you must choose a direction. Now the mainstream is divided into two directions: CISE and CISO. Among them, CISE is mainly engaged in information security technology development related work, and CISO is mainly engaged in information security management related work.
- Application conditions
- Master's degree or above, 1 year or more relevant working experience is required.
- Bachelor's degree, 2 years or above related work experience is required.
- College degree, 4 years or above related work experience is required.
- Training is required to take the exam
- Those who do not meet the requirements for working years can take the exam first, and the evaluation center will issue a certificate of completion. After the working period expires, they can exchange for a formal CISP certificate.
(2) Application fee
CISP training fees, examination fees, and certification fees are uniformly regulated by the state, with a total of 9,600. The specific prices may vary depending on the region and year.
- Exam category
(3): CISP-PTE (National Registered Penetration Test Engineer)
CISP-PTE is the full name of National Registered Penetration Testing Engineer, which belongs to the special examination certification in the direction of penetration testing, and is the first authoritative certification in the field of penetration testing in China. In 2017, 360 Enterprise Group and China Information Security Evaluation Center launched the first penetration testing certification in China, which is suitable for security service personnel. The certificate holders are qualified to apply for security services, and because 360 is involved in the operation, the certificate holders can enjoy the benefits of being exempted from interviews by the 360 enterprise security service department (the author also learned from Lubian News).
(1) Application conditions
There is no requirement for working years, and students can also apply for the exam.
(2) Application fee
Since CISP-PTE cannot be registered by individuals, it needs to be registered by an authorized training institution to the China Software Evaluation Center, so training fees, exam fees, etc. are required.
Examination training fee: 14,800 yuan (the fee varies with time and space)
Registration fee: 5000 yuan
(3) Test category
(4): NISP (National Information Security Level Certification Examination)
NISP certification is divided into Level 1, Level 2 and Level 3. The certificate is issued by the China Information Security Evaluation Center, and only the NISP Level 2 certificate can be obtained under the premise of obtaining the NISP Level 1 certificate. The biggest feature of NISP is its seamless connection with CISP. Since CISP applicants are limited by their working years, NISP fills the gap that college students cannot obtain CISP certificates. It is called "Campus Edition CISP". After passing the NISP Level 2 exam, you can directly exchange for the CISP certificate on the premise of meeting the working years, without applying for the CISP certificate.
(1): Application conditions
1) Chinese students aged 16 or over
2) Master degree or above, working experience less than 1 year.
3) Bachelor degree, working experience less than 2 years.
4) College degree, working experience less than 4 years.
5) From June 2023, only current students can apply for NISP Level 2.
(2) Application fee
Level 1: Online training, online examination training fee, examination fee 480 yuan
Level 2: online training, offline examination training fee, examination fee 4800 yuan
Secondary replacement CISP fee: 4,000 yuan
Four: Other certificates (specific information can be found by yourself)
