Visit the US Government resources page for more information.

CompTIA Security+ Benefits:

CompTIA Security+ is a solid credential that can be utilized in any industry.
U.S. Dept. of Defense and Directive 8570.1: U.S. DOD employees or contractors engaged in work related to information security are required to be certified, as specified in a list of certifications included in the DOD Directive 8570.1 manual, and CompTIA Security+ is one of the designated certifications.

Healthcare industry and HIPAA (Health Insurance Portability and Accountability Act): This Congressional Act of 1996 requires that standards be met in the security and privacy of data in the healthcare industry. One way that healthcare companies can demonstrate their compliance with the standards in this act is to verify certification of their network and information security staff.

Financial industry and Web-based attacks: The financial industry and its customers are vulnerable to attacks designed to gain access to personal account information. Those who provide network security are critical in this business, and the CompTIA Security+ certification is an assurance of baseline competency.
CompTIA Security+ validates your achievement in an industry-valued skill.
All industries need trained security professionals to combat hackers and security threats. CompTIA Security+ shows employers you can maintain the integrity of their business communications, infrastructure and operations.

CompTIA Security+ provides a viable career path and employers value certified professionals.
Nearly 33 percent of U.S. firms require a security certification, which has increased from only 25 percent in 2006 and 14 percent in 2005.

Summary of “Trends in Information Security: A CompTIA Analysis of IT Security and the
Workforce”Survey Information

About the Study

The annual CompTIA in-depth research study on IT security focuses on identifying key trends in IT security, quantifying current and future spending on IT security, assessing the costs associated with IT security breaches, understanding the causes of IT security breaches and impact of these breaches, and determining the effectiveness of IT security training and certification. More than two thousand IT professionals responsible for security at their organizations answered the questionnaire. Respondents were from the United States, Canada, the United Kingdom, and China and represented a wide range of industries including Education, Financial Services, Government, Healthcare, and IT.

Key Findings

Information security is seen as a key risk among firms, with 80% of US respondents indicating that it is considered top priority by management. Nearly two-thirds of US firms, more than half of UK and Chinese firms, and two-fifths of Canadian firms have implemented written IT security policies.

The most widespread threats in the US today stem from spyware, the lack of user awareness, and virus and worm attacks. Canadian organizations indicate riskier browser-based attacks and wireless networking security while Chinese organizations indicate significant threats from spyware, viruses, worms, and browser-based attacks.

The percentage of their IT budget that companies dedicate to security is growing year after year. In the US, companies earmarked 12% of their IT budget in 2007 for security purposes – up from only 7% in 2005. The bulk of these dollars are used to procure security-related technologies.

Companies spend substantial amounts on prevention because security breaches can be costly if they occur. In the past year, US firms shelled out an average of over $200,000 as a result of security breaches, a third of which was attributed to the loss of employee productivity. Moreover, in the last year in the US, Canada and UK, IT staff members spent over 10% of their time dealing
with security breaches, and in China, almost 20% of their time.

Nearly 60% of US companies require IT security training for IT staff and more than half make training available to non-IT staff. Companies are also increasingly requiring IT security certification. Nearly 33% of US firms make certification required now compared to only 25% in 2006 and 14% in 2005. However, a full 78% of organizations in China require certification.Security training has saved US organizations upwards of $2.2 million in total, much of which is due to a reduction of server/network downtime and fewer impacts to employee productivity. Likewise, the provision of IT security certification has saved US companies over $675,000 in total for similar reasons.

Complete reports, white papers and Web poll results are available to CompTIA Corporate Members. Use the ‘Member Login’ box on the left to access all of CompTIA research, or click here if you have forgotten your username or password. The information contained throughout the studies is proprietary to CompTIA. Small segments may be quoted if proper citation is made. For more information please contact research@comptia.org.
What is CompTIA Security+?
CompTIA Security+™ certification is an internationally recognized
validation of the technical knowledge required of foundation-level
security practitioners. CompTIA Security+ candidates will have a minimum of two
years experience in networking with an emphasis on security. They should also
have prepared using adequate study materials or formal training. The objectives
of the CompTIA Security+ exam were derived through input from industry,
government and academia, through a job task analysis and a survey of more than
300 organizations with participants from 26 countries.
What the Industry is Saying About Security+
“A security manager can’t go wrong having their entire staff CompTIA Security+
certified, including the help desk. It gives them a broad based common level of
knowledge. It allows a level of communication that would not otherwise be
there. CompTIA Security+ is a logical stepping stone – management should
require it for every sensitive position.”

CompTIA Security+ now places more importance on knowing “how to” rather than just knowing or recognizing security concepts. For example, phrases such as “carry out the appropriate procedures” and “deploy various authentication models” appear in the new objectives.

Candidates for CompTIA Security+
CompTIA recommends that CompTIA Security+ candidates be information security professionals with a minimum of two years technical experience in security. This includes network administrators with a security focus, security administrators or specialists in information security.

Click here to download the CompTIA Security+ exam objectives.

CompTIA Security+ 2008 Exam Update FAQs
How were the CompTIA Security+ exam objectives developed?
Why did CompTIA update CompTIA Security+?
When will the new exam be available?
What topics does the new exam cover?
What companies were involved in the development of the exam?
When will training materials be available for the new exam?
How long will the 2007 version of CompTIA Security+ be available?
Should candidates wait to take the new exam?
Are there prerequisites for the exam?
In what languages has the exam been developed?
Will candidates ever need to renew their certification?

How were the CompTIA Security+ exam objectives developed?
CompTIA uses a method for exam development that is accepted by the testing industry and considered to be “psychometrically sound”, meaning that it is approved by PhD testing professionals. The skills and knowledge for this exam are derived from an industry-wide Job Task Analysis (JTA) and are validated by an industry-wide global survey. The results of the survey are used to determine the relative weight of each objective and its content, and to ensure that the weighting is representative of the importance of the content. CompTIA exam development method has been approved by ISO, the International Organization for Standardization; and CompTIA is an ANSI (American National Standards Institute) accredited Certifier.

Why did CompTIA update CompTIA Security+?
CompTIA is constantly reviewing the content of our certifications to be sure they address the latest technologies and meet the needs of the industry. The new exam covers the latest skills and technologies IT security professionals need to address threats in today’s networks.

When will the new exam be available?
The 2008 version of CompTIA Security+ exam is available as of October 14, 2008. The exam can be taken at any Prometric or Pearson VUE test center. This includes test centers on some U.S. Military bases.

What topics does the new exam cover?
The new exam includes Systems Security, Network Infrastructure, Access Control, Assessments and Audits, Cryptography and Organizational Security.

What companies were involved in the development of the exam?
Organizations across a variety of industries contributed to the development of the new exam including Booz Allen Hamilton, General Mills, HP, IBM, Motorola, Symantec, U.S. Air Force, U.S. Navy and others.

When will training materials be available for the new exam?
CompTIA Authorized Quality Curriculum (CAQC) training materials are available now. Click here and choose CompTIA Security+ in the first box.

How long will the 2007 version of CompTIA Security+ be available?
The current version of the exam will be available through July 2009.

Should candidates wait to take the new exam?
Candidates who are currently preparing to take CompTIA Security+ are encouraged to complete their studies and certify under the 2002 objectives.

Are there prerequisites for the exam?
There are no prerequisites, but CompTIA recommends two years experience in networking with an emphasis on security, along with CompTIA Network+ certification.

In what languages has the exam been developed?
At first the exam will only be available in English. Translations into other languages are based on market demand.

Will candidates ever need to renew their certification?
CompTIA certifications are lifetime certifications. Unless an employer requires recertification, CompTIA certification is valid for the rest of a professional’s career.