Geprüfter Berufsspezialist für Informationssicherheit/Geprüfte Berufsspezialistin für Informationssicherheit

Preparation courses for the examination take place at the respective educational institution. For digital learning formats (e.g., virtual classroom), learning locations are at home, and if necessary, training rooms for in-person phases.

Occupation Type: Advanced Training Profession (Berufsspezialist/in). Type of Advanced Training: Advanced training examination according to nationwide uniform regulations. Participation in preparation courses is not required. Duration of Advanced Training: Approx. 8-12 months (part-time). Tasks and Activities: Information security specialists develop and implement security concepts and ensure the secure operation of IT systems. They analyze threats and risks and identify vulnerabilities in IT infrastructure, software, user behavior, and data protection. They create organizational and technical rules and conduct additional security analyses if necessary. In doing so, they observe technical standards, legal requirements, and economic aspects, estimate costs, and regularly document and review measures. They support projects from planning to completion and participate in tests and security audits. Furthermore, they advise users and conduct training sessions.

Part-time: approx. 8-12 months.

Distribution of hours (example): Learning and Working Methodology: 10 teaching hours. Ensuring Information Security: 400 teaching hours. Analyzing Threat and Risk Scenarios: 90 teaching hours. Planning Security Measures: 90 teaching hours. Ensuring Secure Operation: 90 teaching hours. Initiating, Documenting, and Evaluating Security Measures: 40 teaching hours. Organizational and Legal Requirements: 40 teaching hours. Project Support and Coordination: 50 teaching hours. Total Teaching Hours: 410 teaching hours.

Course fees are incurred for attending preparation courses, and examination fees for the examination itself. Additional costs may arise, for example, for work materials, travel to the training center, or external accommodation. Funding Opportunities: Preparation courses for the advanced training examination can be financially supported according to the Advanced Training Assistance Act (Aufstiegsfortbildungsförderungsgesetz). Further information: Aufstiegs-BAföG - Advancement with Funding. Funding for particularly talented young professionals: Foundation for the Promotion of Talented Vocational Education (Stiftung Begabtenförderung berufliche Bildung - SBB) - Advanced Training Scholarship.

Ensuring information security. Analyzing threat and risk scenarios, e.g., identifying and analyzing malware and its propagation paths, and documenting analysis results. Planning security measures, e.g., participating in the development of an information security concept, providing technical support in the creation of data protection-relevant documents. Ensuring secure operation, e.g., implementing the requirements of a backup and recovery concept, checking compliance with security requirements. Initiating, documenting, and evaluating security measures, e.g., archiving data protection and IT security-relevant documents, initiating emergency measures in acute threat situations. Organizational and legal requirements, e.g., determining requirements for data security concepts, ensuring compliance with organizational and legal requirements. Project support and coordination, e.g., supporting project management by taking over and implementing sub-projects.

In-depth knowledge in the following areas is a good prerequisite for successfully passing the advanced training examination: In computer science, e.g., to design powerful IT security systems. In German/English, e.g., to create training concepts for data protection.

The advanced training consists of theoretical and practical lessons. Depending on the education provider, one should be prepared for the following conditions: Class times are usually part-time advanced training on weekends or in the evening. Learning format is usually digital learning methods (e.g., virtual classroom): exclusive learning via electronic learning platforms and systems (predominantly in a classroom setting from home).

For advanced training abroad, the following options are available, for example: In Austria, advanced training offers are available from WIFI Austria (e.g., with the search terms 'Informationssicherheit' or 'IT-Security'). In Switzerland, advanced training offers are available from wab - The Swiss Advanced Training Database (e.g., with the search terms 'Informationssicherheit' or 'IT-Security'). Documentation of professional experience abroad: Europass offers the possibility to document learning stays completed abroad. Further information on Europass is available.

Participation in preparatory courses is not remunerated.

The following advanced training alternatives are available for the profession of Information Security Specialist: In the area of Networking, Data and Information Security: Certified Data Analysis Specialist, Certified IT Consulting Specialist, Certified System Integration and Networking Specialist. State-certified Technician/Technician specializing in Computer Science with a focus on IT Security/Bachelor Professional in Technology. Bachelor Professional in Business Informatics. Commonality: Setting up, protecting, and managing IT infrastructure. In the area of Hardware and Software Development: Certified Software Development Specialist. Commonality: Installing and developing security software.

In 2002, IT advanced training was reorganized: Nationwide 'Regulation on Professional Advanced Training in the Field of Information and Telecommunication Technology' (IT-Fortbildungsverordnung): Establishment of 3 career levels (Specialists, Operative Professionals, Strategic Professionals). Examination regulations for 4 Operative and 2 Strategic Professionals. Definition of 29 specialist profiles. In 2010, the IT-Fortbildungsverordnung was amended: Changes to the admission requirements for Operative Professionals (shorter professional experience). Inclusion of specialist profiles in the regulation, reduction of specialist profiles from 29 to 14. In 2020, the Vocational Training Act (BBiG) and the Crafts Code (HWO) were revised: among other things, the introduction of the advanced training qualifications 'Geprüfte/r Berufsspezialist/in', 'Bachelor Professional' and 'Master Professional' to emphasize the equivalence of vocational and academic education. The use of professional titles depends on the enactment of corresponding new regulations.

Certified Specialist for Information Security

The Specialist for Information Security is a vocational advanced training. The examination is uniformly regulated nationwide. It is not required to attend a course to be admitted to the examination.

After their advanced training, Specialists for Information Security primarily work in the IT sector. They can also be employed in companies across various economic sectors or in public administration. Through adaptive advanced training (Anpassungsweiterbildung), one can keep their expertise current, up-to-date, and expand it. The range of topics extends from IT security to data protection law. Building on existing qualifications, advanced training for career progression (Aufstiegsweiterbildung) can broaden and complement the competence profile. It is a natural step to take an examination as a Bachelor Professional in IT. With their advanced training qualification, Specialists for Information Security can also gain access to a Studium (university degree program) without a general higher education entrance qualification and, for example, obtain a bachelor's degree.

For the examination: Ordinance on the examination for the recognized advanced training qualification with the designation Certified Specialist for Information Security (Informationssicherheits-Fortbildungsprüfungsverordnung - InSiFPrV), promulgated as Article 2 of the Ordinance of 24.09.2024 (BGBl. I 2024 Nr. 296). Further: Certified Specialist for Information Security - Framework plan with learning objectives, 2024 (Deutscher Industrie- und Handelskammertag - DIHK).

The prerequisite for admission to the advanced training examination is generally: the final or journeyman's examination in a recognized Ausbildung (vocational training) occupation in the field of information and communication technology OR a qualification in another recognized Ausbildung occupation and at least 1 year of relevant professional experience OR at least 60 credit points in a Studium (university degree program) and at least 2 years of professional experience OR at least 4 years of professional experience with significant relevance to tasks in the field of information security.