Your experience

Your potential CIS credential

Less than 2 years

2 or more years

CFCP™ is the mid-level fraud control certification for fraud control professionals with at least two years of qualified experience.

You have already been involved with controlling fraud in your career as an accountant, human resource professional, auditor, security professional, or manager, but are now ready to base your career in fraud control. Your experience in the field is an important component of your value to an employer. But experience just isn’t enough. Employers need something quantifiable and verifiable to show them you have the expertise they need. Earning the CFCP™ certification will give you the credential and proof of expertise today's employers require. Click here to learn more...

5 or more years

Your experience

Your potential CIS credential

Less than 5 years

The ISO/IEC 27001 certification of an organization's Information Security Management System (ISMS) requires that all security methods and controls must be driven by risk assessment as defined in an organization's formal documented risk management methodology. BS 25999-2 certification of an organization's Business Continuity Management System (BCMS) requires the same.

Because all information security analysis, controls, and processes are essentially a product of risk management, ISO/IEC 27005:2008 provides the framework for how to apply proper risk management within the ISO/IEC 27001/27002 ISMS, or within the BS 25999 BCMS.

The CICRA credential by Certified Information Security certifies your understanding of ISO/IEC 27005, and how the 27005 framework can be used to develop a custom risk management methodology that fulfills the requirements of both ISO/IEC 27001, and BS 25999-2. It also helps fulfil the competence requirements of the certifications themselves. Click here to learn more.

Less than 5 years

British Standard 25999 advocates that the business process of business continuity and disaster recovery management should begin with the development of a clear continuity strategy establishing what the organization needs to accomplish with its BCM program based upon thorough risk analysis and evaluation by the proper risk decision-makers within the organization.

The Certified Business Continuity Strategist (CBCS) certification by CIS certifies your ability to develop the formal structure, governance, and policy of the Business Continuity Management System (BCMS). Furthermore the CBCS certification ensures that you are qualified to develop strategic objectives including, but not limited to:

• Determining and guiding the selection of alternative business recovery operating strategies for continuation of business within recovery time and/or recovery point objectives, while maintaining the organization's critical functions.
• Delivering solutions for continuation of business within the recovery time and/or recovery point objectives, whilst maintaining the organization's critical functions.
• Developing, coordinating, evaluating and creating plans and procedures to communicate with internal stakeholders during incidents.
• The provision of post-incident support and guidance for employees and their families.

Click here to learn more.

Less than 5 years

This is the mid-level business continuity management certification. This certification maps to all BS 25999 competence requirements.

Building upon the foundation understanding of the BS 25999 Business Continuity Management System (BCMS) platform validated by the Certified Business Continuity Strategist credential, the Certified Business Continuity Administrator(CBCA) certification  by CIS attests to your ability to develop the necessary incident management plans (IMPs) and response procedures necessary to fulfill the strategic objectives that have already been finalized. The CBCA also certifies that you have the necessary knowledge and skills to properly administrate the deployment, testing, and maintenance of IMPs and response procedures.

Click here to learn more.

5 or more years

This is the expert-level business continuity management certification. CBCAs (see above) with at least 5 years of qualified experience are eligible for this credential.

 Click here to learn more.

Your experience

Your potential CIS credential

Less than 2 years

The ISO/IEC 27001 certification of an organization's Information Security Management System (ISMS) requires that all security methods and controls must be driven by risk assessment as defined in an organization's formal documented risk management methodology. BS 25999-2 certification of an organization's Business Continuity Management System (BCMS) requires the same.

Because all information security analysis, controls, and processes are essentially a product of risk management, ISO/IEC 27005:2008 provides the framework for how to apply proper risk management within the ISO/IEC 27001/27002 ISMS, or within the BS 25999 BCMS.

The CICRA credential by Certified Information Security certifies your understanding of ISO/IEC 27005, and how the 27005 framework can be used to develop a custom risk management methodology that fulfills the requirements of both ISO/IEC 27001, and BS 25999-2. It also helps fulfil the competence requirements of the certifications themselves.

Click here to learn more...

2 or more years

This is the expert-level certification for internal controls design and management.

EXAMS AND EXPERIENCE: For the CICA certification by CIS, candidates must pass exams RM101, ISMS101, and ISMS102, and have two years of experience in three or more of the domains of the CIS ISMS Common Body of Knowledge.