Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

Transcription

1 Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

2 DA!

3 (by Global knowledge & TechRepublic)

4 Top certifications by salary:

5 CISM? CISA? CRISC? CISSP? CZYZXV?

6 ISACA Information Systems Audit and Control Association ISACA s membership more than 100,000 strong worldwide more than 180 countries and cover a variety of professional IT-related positions IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. ISACA has more than 190 chapters established in over 75 countries worldwide, and those chapters provide members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level.

7 ISACA:

8 COBIT 5 is the latest edition of ISACA s globally accepted framework that helps enterprises of all sizes: Maintain high-quality information to support business decisions Achieve strategic goals and realize business benefits through the effective and innovative use of IT Achieve operational excellence through reliable, efficient application of technology Maintain IT-related risk at an acceptable level Optimize the cost of IT services and technology Support compliance with relevant laws, regulations, contractual agreements and policies

9 CRISC Certified in Risk and Information Systems Control Successful completion of the CRISC examination Work experience - risk management and information systems control experience (3 years experience in at least 3 CRISC domains) Adherence to the Code of Professional Ethics Adherence to the Continuing Professional Education Policy (120 CPE hours in 3 years) Submit an Application for CRISC certification

10 CRISC job practice areas 1. Risk Identification, Assessment and Evaluation (31%) 2. Risk Response (17%) 3. Risk Monitoring (17%) 4. Information Systems Control Design and Implementation (17%) 5. IS Control Monitoring and Maintenance (18%)

11 CISM Certified Information Security Manager Successfully pass the CISM exam. Work experience - 5 years of information security work experience, with 3 years of information security management work experience in at least 3 CISM domains Adhere to ISACA's Code of Professional Ethics. Agree to comply with the Continuing Education Policy (120 CPE hours in 3 years) Submit an Application for CISM Certification.

12 CISM job practice areas 1. Information Security Governance (24%) 2. Information Risk Management and Compliance (33%) 3. Information Security Program Development and Management (25%) 4. Information Security Incident Management (18%)

13 CISA Certified Information Systems Auditor Successful completion of the CISA examination Work experience - 5 years of professional information systems auditing, control or security work experience in the CISA job practice areas Adherence to the Code of Professional Ethics Adherence to the Continuing Professional Education Policy (120 CPE hours in 3 years) Compliance with the Information Systems Auditing Standards Submit an Application for CISA Certification

14 CISA job practice areas 1. The process of auditing information systems (14%) 2. Governance and management of IT (14%) 3. Information systems acquisition, development and implementation (19%) 4. Information systems operations, maintenance and support (23%) 5. Protection of Information Assets (30%)

15 (ISC)2 - International Information Systems Security Certification Consortium Headquartered in the United States and with offices in London, Hong Kong and Tokyo, (ISC)² is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. Provides vendor-neutral education products, career services, and Gold Standard credentials to professionals in more than 135 countries an elite network of nearly 75,000 certified industry professionals worldwide.

16 (ISC)2:

17 CISSP - Certified Information Systems Security Professional 1. Obtain the Required Experience (5 years in at least 2 of 10 CISSP domains, or 4 years and a college degree) 2. Study for the Exam 3. Register for the CISSP Exam 4. Pass the Exam 5. Complete the Endorsement Process 6. Maintain the CISSP Certification (120 CPE hours in 3 years) 7. Audit

18 CISSP knowledge domains 1. Access Control 2. Telecommunications and Network Security 3. Information Security Governance and Risk Management 4. Software Development Security 5. Cryptography 6. Security Architecture and Design 7. Operations Security 8. Business Continuity and Disaster Recovery Planning 9. Legal, Regulations, Investigations and Compliance 10. Physical (Environmental) Security

19 Certification fees ISACA s CISA, CISM and CRISC: USD 445 / 595 examination fee + USD 40 / 85 annual maintenance fee (ISC)2 s CISSP: EUR 520 examination fee + USD 85 annual maintenance fee

20 Exams CRISC, CISM, CISA: paper based 4 hours 200 multiple choice questions only twice a year, in June and December, at the same day in all exam locations CISSP computer based testing (Pearson VUE) 6 hours 250 multiple choice questions

21 Ostendo Consulting offers Exam Preparation Courses: CISA Sarajevo, /2012. CISM Sarajevo, /2012. CRISC Zagreb, /2012. CISSP Zagreb, /2012. Official COBIT 5 introduction course: Zagreb,

22 HVALA NA PAŽNJI!