When you are certified by EXIN as an Information Security Officer you are extensively tested not only on Information Security Management requirements (based on the ISO/IEC 27001 standard) but also on new requirements such as Data Protection and Business Continuity Management (BCM).
Why become an Information Security Officer?
The global shortage of information security professionals makes the field of information security one with huge career potential for the future. Due to the increase in security issues that are rising in line with the digitalization of products and services, it’s unlikely that this shortage will end anytime soon. In fact:
Burning Glass found the number of cybersecurity job postings has grown 94% in just six years. By comparison, the number of IT jobs, in general, has grown about 30%. That’s a 300% increase in demand compared to the overall IT job market. Cybersecurity jobs now account for 13% of all information technology jobs. (IBM)
Anyone who decides to create a career for themselves in the IT security sector is set to be part of a fast-growing domain. Within IT, security is the area where the most money has been spent over the past few years and this trend is set to continue:
Worldwide spending on security products and services will enjoy solid growth over the next five years as organizations continue to invest in solutions to meet a wide range of security threats and requirements. (IDC)
As an Information Security Officer, you will be certain to receive enough budget and support for your department given these global developments.
The diagram below shows the path you will need to take to become EXIN Certified Information Security Officer. There are 3 certifications you need to complete successfully before you will be awarded the EXIN ISO title. Two of the certifications focus on Information Security. For the third certification, you can select a specialism from Privacy & Data Protection, Business Continuity Management, and Cyber & IT Security. This makes your EXIN Certified Information Security Officer certification personalized to your needs. The highest level certification also includes practical assignments to ensure that you have the required skills to step straight into the ISO role. This certification has been designed to reflect a career path - it gradually becomes more difficult as you progress through the certifications.
Structure of EXIN Information Security Officer
We recommend that you start off with EXIN Information Security Management Foundation and the work your way through the certifications in order as they become more advanced. However, if you have previously attained one of the certifications below, you only have to take the exams for the other 2 to be awarded the career path certification.
Within the EXIN Information Security Officer Career Path there are alternative certifications that are accepted as a replacement for the ones that are shown. For a full list of currently allowed alternatives see the document here.
To give candidates a good, solid understanding to build on, the Certified Information Security Officer certification starts with the foundation module of the Information Security Management program.
EXIN Information Security Foundation is a relevant certification for all professionals who work with confidential information. It tests the understanding of concepts and value of information security as well as the threats and risks.
For the second domain in this certification candidates can choose from 3 different EXIN modules related to security. Each of these foundation certifications will give the final certification an element of specialism - whether you choose Privacy & Data Protection, Business Continuity Management or Cyber & IT Security.
EXIN Privacy & Data Protection Foundation covers the main subjects related to the protection of personal data. Candidates benefit from a certification that is designed to validate the required knowledge to help ensure compliance to the General Data Protection Regulation.
EXIN Business Continuity Management Foundation enables professionals to identify potential threats to an organization and the impacts to business operations those threats, if realized, might cause. It provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities (Source: ISO 22301:2012).
The EXIN Cyber & IT Security Foundation certification builds IT professionals’ knowledge and understanding of the technical background surrounding digital security. It enables candidates to explain, understand and describe key concepts in Cyber and IT Security.
The last certification is the specialist level Information Security Management certification that includes practical assignments so that candidates get to experience what is asked of an ISO and to test their skills before putting them into practice in real-life situations.
Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational, physical and technical aspects of information security.
How do I become an EXIN Certified Information Security Officer?
After you have completed the 3 required certifications you will automatically be awarded the EXIN Certified Information Security Officer certification. To get started, please go to the Get Certified tool and select the certification you wish to attain first. If you would like to find out more information, please contact our support team: