Certifying Forensics for Information Security


In the fight to help secure and remediate modern security risks, there is need for a host of professionals with the certified skills to get the job done.

But what happens when there is no certification for the skill that is needed?

That's the situation that the Information Security industry is dealing with when it comes to forensics. As it stands, there are no certified cyber forensics professionals, but that's a situation that is likely to soon change.

The International Information Systems Security Certification Consortium (ISC)2 recently announced the Certified Cyber Forensics Professional (CCFP) credential. (ISC)2 is no stranger to world of IT certification, as it is the organization behind the influential Certified Information Systems Security Professional (CISSP) designation.

"It has become obvious to us that the forensics field is growing fast," Hord Tipton, executive director of (ISC)2, told eSecurity Planet. "The driver of that is the increase in breaches, which is driving demand for sophisticated forensics knowledge and experience."

Tipton explained that forensics overall has become a broad field. In the cyber-security context, a forensics professional needs to be able to understand why an incident occurred and what steps can be taken to prevent a similar incident from occurring in the future.

Deep Cyber Savvy

"For the CCFP credential, we like to think of it as the mother of all forensics credentials," Tipton said. "We're trying to develop something that educates and evaluates the deep experience of individuals in the forensics world."

The ISC(2)'s existing CISSP designation already includes some forensics components, though Tipton stressed that the CCFP is much more involved. He explained that the CISSP provides a base level knowledge of forensics.

"The CCFP will be our most technical credential, and it will be very difficult for people to obtain," Tipton said. "It's not a credential that we built for volume."

As part of the CCFP, Tipton explained that there are six core domains of knowledge including: Legal & Ethical Principles, Investigations, Forensic Science, Digital Forensics, Application Forensics and Hybrid & Emerging Technologies.

From a legal perspective, a CCFP will need to understand a given country's legal frameworks and regulations.

Certification Challenges

While there are people that have forensics knowledge in one or two of the domains that ISC(2) is covering, Tipton doesn't think it'll be easy to find people that are experienced in all of them. The goal with the CCFP is to be able to certify an individual that is truly an expert.

"When this person sits on the stand and is cross-examined by an attorney, there will be no question that they know what they are doing," Tipton said.

While the CCFP designation has now been created, there won't be any individuals holding the designation until the end of the year. The first examination for the CCFP is currently set for October.

Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.