Here is a pretty decent site for comparing certification exams and certifications:
http://www.cramsession.com/
(Use the grey menu buttons about 1/2 way down the right side.)
I just passed CompTIA Security+ in May 2004. The questions were not hard but the pass score is pretty high compared to other vendor exams; something like 764 on a scale from 100 - 900. I do have extensive experience in developing cryptography so that may have helped some questions seem easier.
I studied using the Microsoft Security+ Study Guide and the Mike Myers Passport Guide. I also used the SelfTestSoftware practice exam. I did find free questions on the web for this exam but I've had a lot of success with the SelfTest products and I like them. YMMV.
ISC2.org offers the CISSP and recently added the SSCP:
https://www.isc2.org/cgi-bin/index.cgi
From what I've read, the CISSP is the "policy level" while the SSCP is the "practioner level". You've read correctly, the CISSP requires 4 years commerical security experience or 3 years + degree. You also have to be sponsored for certification by an existing CISSP, and your experience may be auditted. The SSCP requires one year of commercial experience, and does not require sonsorship or an audit. Also, ISC2 only offers the exams at specific locations at specific times. You can't just rack up to your nearest VuePrometric centre. This may be an issue in India, check the ISC website for the exam schedules.
A co-worker recently passed the GIAC. It seemed closely linked to a week long class that he attended first. I don't have much more detail than that outside of what's on the web.
Which exam is best?
CISSP definitely gets the "hits" on the job sites. Security+ is considered entry level and the SSCP is a bit new to be well known. All the security exams and certifications that I've uncovered focus a majority on network security. I have not found a certification or exam that emphasises cryptography or application security. Maybe the new Microsoft 100-340.
Hope this helps!
- kev
