Employee Qualifications

The qualifications necessary for you, your employees and your security support organisations will vary according to the size, structure, management and IT provisioning of your organisation.

Small and micro businesses

Increasingly, small businesses are turning to or being advised to turn to the cloud for their IT requirements and business process services, accessing cloud-based services for everything from email to CRM, accounting and sales support. In this way, you get the support and access to the infrastructure (including security infrastructure) of a large business. You will still need the ability to assess the capabilities of your provider, assess the value of their data and understand the associated risks of working with the cloud.

Course requirements

A course that covers the basics around governance and compliance, but not necessarily in depth technically. Those pursuing these courses will not necessarily have to be technical professionals … but they will have to understand technical concepts. This is essentially a risk management function.

Organisations managing own IT

If you manage your own IT but do not have a dedicated team, you will seek to enhance knowledge within the technical domains managed by your departments. It is essential that the focus of knowledge development not be purely on technology nor be completely solutions driven.

Course requirements

A course that ensures the employee can demonstrate a working knowledge of information security, technical depth in operational areas and also incorporates a business and technology orientation to risk management. Generally they will require the knowledge and skills to develop, maintain, and continuously monitor your security operations – from how to maintain the PKI architecture and firewall administration (including IDS, IPS, DLP, and network-based NAP) to maintaining access control lists and server patches.

Larger SMEs

If your organisation manages its own systems, you will want to develop a similar breadth of perspective required in an enterprise.

Course requirements

Courses should be selected to suit the role – be it management, operational or specialist – and / or the career aspirations of the individual. For example, not every technical specialist will want to achieve management level, and the choices available ensure they can develop within their chosen domain.

Whatever the foundational training base, it is essential for anyone with security responsibility to stay abreast of technical developments and trends in the threat landscape. For this reason, the ability to pursue continuing education and networking are essential. Professional-level certifications provide a platform for doing this. Not only do they enhance the initial knowledge and skills development, but they include a membership to an organised certified professional community. This opens the door to chapters, events and networking opportunities within a community that is passionate about tackling cyber security issues across competitive lines.


Below is a brief overview of (ISC)² certifications to help security and IT professionals assess which best suits their and their organisation’s needs.


  • CCFP is the only cyber forensics credential that provides a comprehensive validation of your knowledge and skills as a digital forensics expert.


  • CISSP is the gold standard certification that validates your knowledge and experience to credibly build and manage the security posture of an organisation.


  • CISSP Concentrations provide a career path that opens up new opportunities in more demanding roles in larger enterprises and recognize the specialised talents of a CISSP.


  • HCISPP is the only certification that validates your core competency in security and privacy controls to safeguard protected health information.


  • CSSLP is the only certification that validates your knowledge and experience in secure software development practices.


  • SSCP is the ideal starting point for an information security career or adding a layer of security to your IT career.
  • sscp

(ISC)² is the world’s largest not-for-profit membership body of certified information and software security professionals. It issues the Certified Information Systems Security Professional (CISSP) and related concentrations and a comprehensive range of other technical and managerial qualifications, as well as ensuring continually updated knowledge via continuing professional education.