(ISC)2 is the acronym for the International Information Systems Security Certification Consortium, a global nonprofit organization known for its highly respected information security education and certification programs.
(ISC)2 offers two high-profile certifications:
- Certified Information Systems Security Professional (CISSP) certification, one of the industry’s “gold star” designations for information technology (IT) security professionals.
- Certified Authorization Professional (CAP) designation, geared toward IT professionals who authorize and maintain information systems.
The typical job role for professionals who earn the CAP certification is closely tied to risk management, creating security policies and monitoring information system security controls.
Overview of CAP Certification
The CAP is a professional-level certification that has a number of requirements for candidates to meet before earning the designation:
- At least two years of work experience related to information security
- Work experience in at least one of the seven domains in (ISC)2‘s CAP Common Bodies of Knowledge (CBK)
- A passing score on the CAP certification exam
The seven CAP Common Bodies of Knowledge are:
- Risk Management Framework
- Categorization of Information Systems
- Selection of Security Controls
- Security Control Implementation
- Security Control Assessment
- Information System Authorization
- Monitoring of Security Controls
More information concerning the CBK list can be found on the (ISC)2 website.
The CAP Examination
The test itself is offered through Pearson VUE testing centers. The CAP exam, based on the Common Bodies of Knowledge listed above, consists of 125 multiple-choice questions, and candidates have three hours to finish. The exam is scored on a scale of 0-1000, and it takes a score of 700 to pass. If a candidate fails the CAP exam, there is a 30-day waiting period before the exam can be retaken.
Additional information about the CAP exam, including a downloadable outline of the test, can be found on the “How to Study for the CAP Exam” webpage on the (ISC)2 website.
Once candidates pass the CAP exam, they must get their CAP application endorsed by an existing (ISC)2 member. For those who are not associated with a current member, the organization itself may act as a sponsor. A summary of all of the CAP requirements can be found on the (ISC)2 website.
Renewing the CAP Certification
The CAP designation is valid for three years. During the three-year certification period, CAP owners must earn what (ISC)2 calls “Continuing Professional Education” (CPE) credits. CAP owners must earn at least 10 CPE credits a year and a total of 60 CPE credits in the three years after they become certified. (ISC)2 automatically forwards information about which activities qualify for CPE credits to newly certified CAP individuals.
Finally, as part of the certification maintenance agreement, CAP-certified professionals are required to pay an annual certification fee to (ISC)2.
Earning a CAP certification can help individuals demonstrate their skills to employers and gain a network of CAP domain experts.
Sources:
“CAP CBK Domains,” (ISC)2.org, https://www.isc2.org/CAP-Domains/default.aspx
“How to Study for the CAP Exam,” (ISC)2.org, https://www.isc2.org/how-to-study-CAP.aspx