9.4 Professional cybersecurity certifications

Previous page
Table of content
Next page

  < Day Day Up > 


Chapter 8 discusses many aspects of the educational programs that have been funded by the U.S. government that will help to train both lawenforcement professionals and IT security staff. In addition, there is a growing movement for certification of IT security professionals. Many technology producers, including Microsoft and Cisco, set standards for certifying IT professionals on their products and the security aspects of their products. These programs, combined with independent offerings, have created a plethora of computer security certification opportunities.

International Information Systems Security Certifications Consortium (ISC2) is a not-for-profit organization dedicated to maintaining a common body of knowledge for information security, certifying industry professionals and practitioners in an international IS standard, administering training and certification examinations, and ensuring credentials are maintained, primarily through continuing education. ISC2 is based in Framingham, Massachusetts. More information is available at the organization's Web site at www.isc2.org.

The organization is run by an elected board of directors. IS professionals in over 60 countries worldwide have attained certification in one of the two designations administered by ISC2:

  • Certified Information Systems Security Professional (CISSP)

  • System Security Certified Practitioner (SSCP)

The CISSP certification is the mostly widely recognized professional certification in the IT security area. The CISSP examination consists of 250 multiple-choice questions. Candidates have up to six hours to complete the examination. The following ten CISSP IS security test domains are covered in the examination pertaining to the common body of knowledge:

  1. Access control systems and methodology

  2. Applications and systems development

  3. Business-continuity planning

  4. Cryptography

  5. Law, investigation, and ethics

  6. Operations security

  7. Physical security

  8. Security architecture and models

  9. Security management practices

  10. Telecommunications, network, and Internet security

The SSCP certification examination consists of 125 multiple-choice questions. Candidates have up to three hours to complete the examination. Seven SSCP IS security test domains are covered in the examination pertaining to the common body of knowledge:

  1. Access controls

  2. Administration

  3. Audit and monitoring

  4. Risk, response, and recovery

  5. Cryptography

  6. Data communications

  7. Malicious code/malware

When it comes to vendor-neutral organizations, SANS is probably the leading private organization in the computer security training business. Many SANS resources, such as news digests, research summaries, security alerts, and award-winning papers are free to all who ask. Income from printed publications funds university-based research programs. Income from SANS educational programs funds special research projects and SANS training programs. More information is available at their Web site at sans.org.

In 1999, SANS founded the Global Information Assurance Certification (GIAC). GIAC offers certifications that address a range of skill sets, including security essentials, intrusion detection, incident handling, firewalls and perimeter protection, operating system security, and more. GIAC is unique in the field of information-security certifications by not only testing a candidate's knowledge, but also testing a candidate's ability to put that knowledge into practice in the real world.

GIAC certifications address a range of skill sets, including entry-level information-security officer skills and broad-based security essentials, as well as advanced subject areas such as audit, intrusion detection, incident handling, firewalls and perimeter protection, forensics, hacker techniques, and Windows, and UNIX operating system security. GIAC certifications available for open registration are the following:

  • GIAC Security Essentials Certification (GSEC)

  • GIAC Certified Firewall Analyst (GCFW)

  • GIAC Certified Intrusion Analyst (GCIA)

  • GIAC Certified Incident Handler (GCIH)

  • GIAC Certified Windows Security Administrator (GCWN)

  • GIAC Certified UNIX Security Administrator (GCUX)

  • GIAC Information Security Officer (GISO)

  • GIAC Systems and Network Auditor (GSNA)

  • GIAC Certified Forensic Analyst (GCFA)

  • GIAC IT Security Audit Essentials (GSAE)

Additional SANS courses include the following:

  • Advanced Network Penetration Testing Methodology-Hands-on

  • National Information Leadership Conference IV

  • Securing Windows 2000-The Gold Standard

  • Reverse Engineering Malware

  • CCNA +S

  • Wireless Networks

  • Building a Syslog Infrastructure

  • Securing IIS 5.0

  • E-Money

In January 2003, the Information Systems Security Association (ISSA) announced that it will be conducting a review of professional computer security certifications to provide guidance for both security practitioners and the companies looking to hire them. The study will provide a road map that explains the relevance of particular certifications to job functions, as well as identifying the strengths and weaknesses of each. More information about the study will be available at www.issa.org when the study is completed.


 < Day Day Up > 


Previous page
Table of content
Next page
Implementing Homeland Security for Enterprise IT
Implementing Homeland Security for Enterprise IT
ISBN: 1555583121
EAN: 2147483647
Year: 2003
Pages: 248
Authors: Michael Erbschloe
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Managing Enterprise Systems with the Windows Script Host
101 Microsoft Visual Basic .NET Applications
Microsoft VBScript Professional Projects
File System Forensic Analysis
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy