CISSP or SSCP – Which One Is Right For Me?
When evaluating certification courses to advance their careers, cyber security professionals (or aspiring cybersecurity professionals) frequently consider both the SSCP and the CISSP as a means to develop their skills and expand their knowledge. On first look, these two certifications seem to be similar and we are often asked to clarify what the differences are between the two, to assist candidates with selecting the one that is best placed to suit their goals.
Although both certifications address information security, they approach it from very different places. When deciding between the two, it is important to consider how the knowledge is to be applied by the candidate. SSCP focuses on the technical application of the concepts, while the CISSP on aligning the business to cybersecurity best practices.
(ISC)² Official Systems Security Certified Practitioner (SSCP)
The (ISC)² Systems Security Certified Practitioner (SSCP) is a more introductory and more technical IT security certification. It is oriented towards technical practitioners and shows they have the skills to design, build, monitor,administer and apply security to IT infrastructure using information security policies and procedures.
- For certification purposes, candidates must have a minimum of 1-year cumulative work experience in 1 or more of the 7 domains of the SSCP.
(ISC)2 Official Certified Information Systems Security Professional (CISSP):
The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market and is more oriented towards those in or aiming for a leadership role. The CISSP covers a broad spectrum of topics to ensure its relevance across all disciplines in the field of cyberecurity, and develops the skills needed to design, build, and maintain a secure business environment.
- To certify as CISSP, candidates must have a minimum of 5 years cumulative paid full-time work experience in 2 or more of the 8 domains of the CISSP. If the candidate doesn’t have sufficient experience, but still aims for a CISSP they can go for Associate status first by successfully passing the CISSP examination. The Associate of (ISC)² will then have 6 years to earn the 5 years required experience.
|SSCP Domains||CISSP Domains|
|Access Controls||Security and Risk Management|
|Security Operations and Administration||Asset Security|
|Risk Identification, Monitoring and Analysis||Security Architecture and Engineering|
|Incident Response and Recovery||Communication and Network Security|
|Cryptography||Identity and Access Management|
|Network and Communications Security||Security Assessment and Testing|
|Systems and Application Security||Security Operations|
|Software Development Security|
|Number of Items||125||100-150|
|Maximum Time Allowed||3 hours||3 hours|
|Passing Score (out of 1000)||700||700|
|Available Formats||English, Japanese, Brazilian Portuguese||English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean*|