(ISC) 2 Headquarters US 19 North, Suite 205 Palm Harbor, Florida Gallows Road, Suite 210 Vienna,Virginia 22182

Transcription

1 1964 Gallows Road, Suite 210 Vienna,Virginia United States of America Ph: or Fx: Bayshore Boulevard, Suite 201 Dunedin, Florida United States of America Ph: or Fx: (ISC) 2 Headquarters US 19 North, Suite 205 Palm Harbor, Florida United States of America Ph: Fx: (ISC) 2 EMEA Winchester House Old Marylebone Road London, NW1 5RA United Kingdom Ph: +44 (0) Fx: +44 (0) (ISC) 2 Asia-Pacific Level 30, Bank of China Tower 1 Garden Road Central, Hong Kong Ph: Fx: (ISC) 2 Japan Yanagi Bldg., 4 FL Roppongi Minato-ku,Tokyo Japan Ph: Fx: Copyright 2006 (ISC) 2, Inc. All rights reserved.all contents of this brochure constitute the property of (ISC) 2, Inc. All marks are the property of the International Information Systems Security Certification Consortium, Inc. (10/06)

2 (ISC)² Career Guide European Edition Decoding the Information Security Profession Published by SECURITY TRANSCENDS TECHNOLOGY

3 Introduction Welcome to the rapidly growing field of information security! Twenty-five years ago, the information security profession was new and obscure. Many of us fell into information security jobs when our employers realised their business was at risk and they needed to protect their networks and assets. The catch is they weren t sure how in terms of technology or people to make that happen. We gathered in small groups and at conferences and tried to figure out how to tackle this job that no one had done before us.we had sketchy job descriptions and IT-oriented titles that didn t reflect business requirements, our company s environment or the actual jobs we were doing.there were also few standards and guidelines. Today, things are different. Hackers have evolved from a small group of highly specialised guys writing malicious code to widespread professional thieves actively stealing identities and assets, destroying individuals lives and ruining businesses. As a result, society has come to rely on information security professionals. Businesses recognise the value of the information they protect as critical to delivering their products and services. And they protect us all personally, securing much of what we use in our daily lives, from phones to electricity to home computers. Information security has become a real profession driven by common standards and supported by education opportunities and certifications like the CISSP and SSCP that empower professionals throughout their careers. Being an information security professional is a tough job.you need technical skills and the ability to understand how to protect information and information services in a business context. But it can also be an immensely rewarding career with thrilling prospects. I hope this guide helps you understand the opportunities before you and prepares you for this exciting and challenging career! Patricia A. Myers, CISSP-ISSMP, Chairperson, Board of Directors, (ISC) 2

4 About (ISC) 2 The International Information Systems Security Certification Consortium, Inc. [(ISC) 2 ] is the internationally recognised Gold Standard for certifying information security professionals. Founded in 1989, (ISC)² has certified over 45,000 information security professionals in more than 120 countries. Based in Palm Harbor, Florida, USA, with offices in Vienna, Virginia, USA, London, Hong Kong and Tokyo, (ISC) 2 issues the Certified Information Systems Security Professional (CISSP ) and related concentrations, Certification and Accreditation Professional (CAP CM ), and Systems Security Certified Practitioner (SSCP ) credentials to those meeting necessary competency requirements. The CISSP, CISSP-ISSEP and SSCP are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers a portfolio of education products and services based upon (ISC) 2 s CBK, a compendium of industry best practices for information security professionals, and is responsible for the annual (ISC)² Global Information Security Workforce Study. More information is available at 3

5 Table of Contents What is information security?...5 Jobs and industries...9 Entry requirements...13 Certifications...15 Typical salaries...21 Career outlook...22 Schools, education facilities, certification organisations...24 Additional resources and associations

6 What is Information Security? Information systems* is any written, electronic or graphical method of communicating information. The basis of an information system is the sharing and processing of information and ideas. Computers and telecommunication technologies have become essential information system components. The scope of information systems includes people, processes, infrastructures, architecture, and technical implementations. Information security, on the other hand, is assuring the correctness, reliability, availability, safety and security for all aspects of information and information systems. Information security is critical to the economic well-being of commercial enterprises and public services, as well as for the integrity of the global economy. Major businesses and governments using the Internet are deploying more and more complex, networked information systems. It is the job of information security professionals to ensure that these networks and computer systems are properly and adequately secure by protecting information assets, such as customer data, financial information and critical infrastructures. * Definition according to Barron s Dictionary of Business Terms,Third Edition 5

7 Quotes Responsibilities 6 Corporate requirements for due diligence and compliance rely mainly upon security. Regulations in this area are applied more rigorously than a decade ago and cover every aspect of business and business control.unless the three requirements of security - confidentiality, integrity and availability - are applied for every asset, process and employee, companies cannot satisfy these requirements. Security touches every area of business, from physical security to transmission security, but it is mainly the foundation of business trust. In a number of European countries, the level of technological and security sophistication is also seen as a pre-requisite for joining the wider European Union. Stuart Hotchkiss, CISSP Security Principal, HP Services, EMEA I have a PhD in Applied Physics and worked with several European research organisations. Today at Motorola, I am responsible for security aspects in corporate technology research and design, covering about 30 centres worldwide. I am head of Security Services for the EMEA region. Dr.Wojciech Swiatek, CISM Director & Motorola Information Protection Services Officer

8 Recognising a deep responsibility of care to your customers doesn t just make commercial sense, but it s also a legal matter where data protection is concerned. The sensitive data held within BT, for example, includes online financial transactions and other confidential customer and employee data, which requires high levels of protection. Every company has a responsibility of care, and managing information assurance risk requires sound methodology and strong corporate governance to be effective. Mike Todd, CISSP, Head of Security Risk & Compliance, BT Exact Sarb Sembhi Quotes Job Challenges Many of the thorniest issues can be grouped together in the words compliance and governance, be it BS7799, SOX, Data Protection, Freedom of Information, etc. What makes compliance a thorny issue is the differing views one comes across within a single organisation, all basing their views on budgets and priorities which usually determine their willingness to ignore, avoid, or prioritise. I have had to go back and re-emphasise the purpose of the compliance. If a CCTV scheme does not comply with the Data Protection Act, for example, the organisation will not be able to use the data to prosecute, thus defeating the purpose of the initial investment. Sarb Sembhi, CISSP Security Consultant and Researcher 7

9 Shaun Fothergill Information technology is geared to move away from problems, while business is geared to march toward a goal. Despite efforts to liaise, each side naturally retrenches into its own comfort zone. They are akin to the Englishman shouting at the Frenchman in a misguided effort to be understood. One has to understand and translate the meaning of the different professional languages to facilitate real communication. Shaun Fothergill, CISSP EMEA Security and IT Strategist, Computer Associates Our infrastructure is the powerhouse for business intelligence gathering, day-to-day financial trading, management reporting, online transactions and the storage of confidential customer and employee data. Compliance with financial services and data protection regulations demands that this information is kept secure. For both commercial and legal reasons, it is essential that the bank takes a proactive stance on managing its IT risk.we must not only be risk averse, but we must show ourselves to be so. Externally recognised accreditation of key information security personnel sends a clear message that we are taking our IT security seriously. Andrew Brice, CISSP Head of IT Risk for Credit Suisse Group 8

10 What types of jobs are available? In what industries and organisations? Areas of expertise within information security: Access Control Systems and Methodology (how people enter and leave the system) Administration (planning, implementating and evaluating information security programs) Application and Systems Development Security (creating new computer programs to protect an organisation) Auditing and Monitoring (collecting information for identification and response to security breaches) Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) (uninterrupted access to critical data systems) Cryptography (the coding and decoding of data and messages) Law, Investigation and Ethics (computer crime laws and regulations and ethics) Malicious Code (counter measures and prevention techniques for dealing with viruses, worms and other forms of deviant code) Operations Security (setting identity controls; auditing and monitoring the mechanisms and tools) Physical Security (giving physical systems access solely to those who need it) Risk, Response and Recovery (processes to identify, measure and control loss) Security Architecture and Models (building the security infrastructure for a complex organisation) Security Management Practices (identification of information assets and development of policies and procedures) Telecommunications and Network Security (ensuring security through remote access management, network availability, firewall architectures,vpns, data networking, LAN devices, etc.) 9

11 Common job titles: Security auditor Security specialist Security consultant Security administrator Security analyst/engineer Web security manager Director/manager of security Chief privacy officer Chief risk officer Chief security officer (CSO) Chief information security officer (CISO) Typical industries: Professional services (real estate, consulting, legal, engineering) Government (national, regional, and local) Telecommunications Information technology Banking and financial services Manufacturing Defence Public services and utilities Healthcare Education Insurance Kinds of organisations that hire information security professionals: Although the majority of the organisations that hire information security professionals are in professional services, government, telecommunications, and banking, organisations of all kind and sizes, including a growing number of smaller businesses, need and are hiring information security staff. 10

12 James Robson Quotes Opportunities This is a great field to get into, full of opportunities for many people with different interests. Security has to be built into every part of the organisation. Anywhere that you find computers, you will find a need for information security knowledge, especially now with the need to comply with new laws addressing issues such as privacy and personal data. James Robson, CISSP, MBCS CITP, CISA Network Security Auditor, AT&T My career has grown as the need for security has been recognised. When I started, there was a single post created as IT Security Officer for the university. Now I manage a small team. I enjoy the diversity of my team's role.the team is part of the IT Technology Operations section, but I also sit on a College advisory committee, which develops security policy for the whole organisation. We have a broad mandate, from developing and selling security policy to our stakeholders to the detailed implementation of technical security solutions. Chris Roberts, CISSP IT Security Manager, Imperial College, London 11

13 Quotes Most Rewarding I particularly enjoy the opportunity to recognise and bridge cultural differences in discussions between Americans and Europeans. Information security is an international challenge, and we must recognise how we differ to ensure common ground in our approach to the task. John Morgan Salomon Independent Consultant I really enjoy what I do, so my future aspirations revolve around more of the same. The position of information security risk manager at Cancer Research UK is a first, and that I really like.there is nothing to beat being the first information security person in an organisation I know, because this is what has happened to me at the six companies I have been with since Brian Shorten, CISSP Information Systems Risk Manager, Cancer Research UK I love the business aspect of my job and being more than a pure technologist, i.e., helping business people understand how a particular piece of IT relates to their world and can help them in their business. I enjoy the excitement of having business people think security is dull and then smashing their perceptions. When businesses think about security differently and I don t have to drag budget out of them to secure their organisation, it s all worthwhile. Shaun Fothergill, CISSP Security Strategist for Computer Associates 12 The most rewarding aspect of my job is helping other people get it right. I find this on a corporate and personal level. Whether working with friends or at the office, I am helping them set things up so that they are more secure. James Robson, CISSP, MBCS CITP, CISA Network Security Auditor, AT&T

14 What do I need to do to become an information security professional? Increasingly, a specialised, post-secondary, and in many cases, a university degree, is required to pursue a career in information security. The profession has matured to see a steady increase of new university graduates that have made information security their first career choice. Education Options/Requirements HND or certificate degree for systems administrator PGDip, BSc, or BSc Honours in information technology, computer science or information security or related field for analyst, engineer or manager MSc. or higher in information technology, computer science or information security for director or chief information security officer Ph.D. for professor, researcher, advanced developer Vendor-specific and vendor-neutral certifications Technical Skills Knowledge of and the ability to implement and monitor security policy Knowledge of network systems and security protocols Knowledge of security software programs and implementation Knowledge of best practices in developing security procedures and infrastructure Develop and write information security policy General Skills and Aptitudes Strong conceptual and analytical skills Ability to operate as an effective member of a team Ability to manage multiple diverse tasks simultaneously Strong project management skills (ability to manage the project while understanding subcomponents and how they relate to the overall project) Demonstrate interpersonal and conflict management skills* Ability to effectively relate security-related concepts to a broad range of technical and non-technical staff* Excellent oral, written and presentation skills* Solid leadership qualities* * Especially if you want to become an executive information security professional 13

15 Quotes Skills As a risk manager, my chief concern is leading my company s payments and e-services departments in the compliance efforts. Within the retail division, I am responsible for influencing teams in cash management, netbanking (including mobile banking), card systems and payment services for individual and corporate customers. As a risk manager, I must have a solid business needs approach to assessing and developing security policy, as well as business continuity policy with relation to channel, procurement and product development. Kari Oksanen, CISSP Director of Risk Management, Electronic Banking Nordea Pascal Beau "I must assure IT best practices and methodology for outsourced services, as well as departments within the company. It means that I am responsible for risk assessment, policy implementation and quality control for application, infrastructure and business continuity solutions, and outsourced end-user support teams." Pascal Beau, CISSP Security & Quality Manager, IS/IT Department, Philip Morris France SAS 14

16 Certifications Technology alone cannot protect an organisation s critical information assets. People are the key to a secure organisation, and employers demand qualified information security staff to provide the highest standard of security for their customers, employees, shareholders and partners. There are two main categories of information security certifications: vendor-neutral and vendor-specific. A vendor-neutral certification, such as the Certified Information Systems Security Professional (CISSP ), encompasses a broad scope of knowledge and is not tied to any specific technology, vendor or product. Vendor-specific certifications, such as the Cisco Certified Security Professional (CCSP) or Microsoft Certified Systems Engineer: Security (MCSE): Security, are offered by technology vendors covering knowledge and content specific to their products, solutions, and best practices. Both kinds of certifications play an extremely important role in the market, fulfilling specific knowledge and learning requirements and demonstrating predetermined acceptable levels of competency and experience. Benefits of Certification To the Professional: Demonstrates a working knowledge of information security Validates the person s commitment to the profession Offers a career differentiator, enhanced credibility and marketability Provides access to valuable resources, such as continuing education, peer networking and idea exchange To the Organisation: Establishes a standard of best practices and information security governance for the organisation Provides the organisation with staff that have demonstrated a broad knowledge in information security and professional judgment Provides access to a network of global industry and subject matter/domain experts Provides comfort to employer as to the individual s competency/knowledge of information security 15

17 16 Associate of (ISC) 2 Recognition for students or those at the beginning of their careers who have acquired knowledge of key information security concepts but do not yet have the work experience required for full accreditation. Associates gain access to a vast network of professionals and various information security-related resources. (ISC) 2 Certifications (ISC) 2, the only non-profit body charged with maintaining and administering the compendium of industry best practices, the (ISC) 2 CBK, is the premier certification and education resource for information security professionals worldwide. Systems Security Certified Practitioner (SSCP) This certification offers information security tacticians the opportunity to demonstrate their level of competence with the seven domains of the (ISC) 2 SSCP CBK. The SSCP credential is ideal for those working toward or who have already attained positions as senior network security engineers, senior security systems analysts or senior security administrators. Certification and Accreditation Professional (CAP) Credential to validate the formalised process used to assess the risks and security requirements of an information system. To qualify for the CAP credential,a candidate must have two years of direct experience in Certification and Accreditation. Certified Information Systems Security Professional (CISSP) As the first information security credential accredited under ANSI/ISO/IEC Standard 17024, the CISSP provides information security professionals with not only an objective measure of knowledge, skills, abilities and experience but a globally recognised standard of achievement.the CISSP credential demonstrates competence in the 10 domains of the (ISC) 2 CISSP CBK.

18 The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or senior security engineers. The Information Systems Security Management Professional (ISSMP) and Information Systems Security Architecture Professional (ISSAP) Areas of concentration that validate indepth knowledge in management and architecture focused domains of the (ISC) 2 CISSP CBK. The CISSP is a prerequisite for both concentrations. (ISC) 2 certification services and programs include: Ongoing professional education Concentrations for specialised subject matter expertise Online discussion forums Networking receptions and resources (ISC)² Career Centre (job listings/resume postings) Research library Speaking and other volunteer opportunities Discounts on industry events Advocacy for your career and the information security profession IDC surveys information security professionals worldwide annually who are actively involved in making hiring decisions about the importance of security certifications, and in 2004, 93 percent of them said they believe security certifications are either somewhat or very important when making hiring decisions. And, more than 60 percent of respondents indicated they planned to acquire at least one information security certification within 12 months of the most recent survey, released December

19 Quotes Certification I am pro-certification. It helps to solve confusion. Whether or not you have a title to support your role in your organisation, the certification is a proof of what you claim to be able to do. Peter Vestergaard, CISSP Technical Manager at PROTEGO A/S I do see more and more job descriptions specifying that CISSP/CISA/CISM is required, and these days, a degree is also required. I have found that the studying required for the qualifications has taught me a great deal, and the network of peers is second to none in finding the answer to a problem I haven t seen before. Brian Shorten, CISSP Information Systems Risk Manager, Cancer Research UK The CISSP certification gives us a baseline from which we can build the capabilities of our security practitioners.when we decided to adopt this approach to IT security some years ago, the (ISC) 2 accreditation was the only viable formal confirmation of security knowledge and expertise on the market.today, they still do a terrific job. David Martin, CISSP Program Manager, Information Security Officer, Philip Morris International Technology is so fast-moving that you can t possibly keep up with all the security issues that might have an impact on our infrastructure or applications.the CISSP was a chance for me to maintain a level of knowledge that I can t afford to lose. Andrew Brice, CISSP Head of IT Risk for Credit Suisse Group 18

20 To transition to strategist - board interaction, strategic planning, people management, budgeting, project management, marketing, business risks, IT & networks, higher education and vendorspecific credentials. 19

21 Typical job path: University graduate Information security administrator, eligible for Associate of (ISC) 2 program 2+ years work experience Information security administrator/practitioner, eligible for SSCP certification 4+ years work experience Information security analyst/engineer and information security manager, eligible for CISSP certification 9+ years work experience Director of IT or information security, chief security officer (CSO) or chief information security officer (CISO) If you wish to have successful career progression and reach executive status, in addition to IT skills and technical knowledge, you must gain knowledge of and experience in management best practices and business-related skills, such as management and communications skills and an understanding of policy, processes and personnel. According to a study conducted by Auburn University in the US and sponsored by (ISC)², Managerial Dimensions in Information Security: A Theoretical Model of Organisational Effectiveness, implementing effective information security programs requires exceptionally high levels of task interdependence. Respondents reported that 62 percent of their daily tasks require the exchange of information or cooperation with others in their organisation to align security policy with business goals. 20

22 What will my salary be? Analysis conducted by Information Security Solutions ( during June 2006 throughout the European Union shows the following average salary bands according to job title and sector: 21

23 What is the career outlook? According the 2005 (ISC)² Global Information Security Workforce Study, the number of information security professionals worldwide in 2005 was 1.4 million, a nine percent increase over 2004, and nearly twice the expected growth in the number of IT employees globally. This figure is expected to increase to more than 1.9 million by 2009, or a compound annual growth rate (CAGR) of 8.5 percent from The profession continued to mature, and responsibility for information security moved up the management hierarchy. IDC expects this trend to continue. Also, according to the 2004 (ISC)² Global Information Security Workforce Study, more than 97 percent of respondents had moderate to very high expectations for career growth. Security professionals are experiencing growth in job prospects, career advancement, higher base salaries and salary premiums at faster rates than other areas of information technology. Worldwide Information Security Professionals by Region, EMEA = Europe, Middle East,Africa 22

24 Quotes The Future It s vital that we keep our network secure and that we ensure all our customer data is protected from attack. Technology is so fast-moving that it s easy to become focused purely on the area you know best, but security is about much more than the technology.we need to consider any operational, procedural and policy decisions that might damage the bank s security, as well as all the technological aspects.the realisation that protecting the integrity of our network is about more than just technology was perhaps the most important lesson to have come out of the CISSP. Tim Hart, CISSP Director of Network Security, an international investment bank Quotes Words of Wisdom The most rewarding aspect of my work is gaining acceptance from the business in business terms.technology changes quite rapidly and so do the opportunities to provide value to the business. When choosing a career for the long term, information security is one of the best choices that you can make. It is constantly evolving. Challenges can be met; then they change, which means that there will always be a challenge and with that comes growth, and with growth comes opportunity. Andrew Brice, CISSP Head of IT Risk for Credit Suisse Group Too many consider information security to be a technology problem. But there is a lot of technology out there in contrast to an enormous lack of skilled professionals who can actually take advantage of it and do the job not just planning and coordinating, but actually carrying out the day-to-day requirements. Drawing an analogy with the accounting profession, I would say that the IT-security industry needs more accountants,not more financial systems. Peter Vestergaard, CISSP Technical Manager at PROTEGO A/S 23

25 Schools and Education Facilities UK Higher education programs in the United Kingdom are available at the undergraduate and graduate level, as well as post-graduate PGDip or PhD. Many courses include a 'sandwich' or work placement year, or a skills and practical experience component. Further, quite a few universities, including those listed below, are offering modules on information security within broader programs covering law, computer science, Internet technologies, networking technologies, information technologies, mathematics and engineering programs. For this guide, we have listed only those that are focused on information security as a subject of study. * * Source: UCAS and individual universities for 2006/7 academic year University of Abertay, Dundee Tel: +44 (0) BSc (Hons) Ethical Hacking & Countermeasures University of The West of England, Bristol Tel: +44 (0) BSc (Hons) Forensic Computing MSc Systems Administration and Security Canterbury Christ Church University Tel: +44 (0) BSc (Hons) Forensic Computing University of Central Lancashire Tel: +44 (0) BSc (Hons) Computing (Forensics) University of Central England in Birmingham Technology Innovation Centre Tel: +44 (0) BSc (Hons) Computer Networks & Security 24

26 Coventry University School of Science and the Environment Centre for Disaster Management Tel: +44 (0) Business Continuity Certificate/Diploma Cranfield University Cranfield University Tel: +44 (0) MSc/PGDip forensic computing MSc/PGDip Military Electronic Systems Engineering MSc Systems Engineering for Defence De Montfort University Tel: +44 (0) BSc Forensic Computing University of East London Barking Campus Tel: +44 (0) MSc Information Security & Computer Forensics The University of Essex Tel: +44 (0) BEng/CNS Computer and Network Security BSc Mathematics with Network Security University of Glamorgan Tel: +44 (0) MSc Computer Systems Security MSc Information Security and Computer Crime MSc Information Security and Corporate Intelligence BSc (Hons) Network Management and Security BSc (Hons) Post HND degree Network Management and Security Glasgow Caledonian University City Campus Tel: +44 (0) MSc Network Security MSc Wireless Networking 25

27 The University of Huddersfield Tel: +44 (0) BSc (Hons) Secure and Forensic Computing University of Kingston Tel: +44 (0) BSc in Cyber Security and Computer Forensics (joint honours with business, mathematics or statistics) University of Leeds Tel: +44 (0) Cyberlaw: Information Technology, Law & Society LLM (Master of Laws)/ PGCERT Leeds Metropolitan University Tel: +44 (0) BSc (Hons) Cybercrime & Security MSc Digital Security Liverpool John Moores University Tel: +44 (0) BSc/BSc (Hons)/Internet Computing (with specialisation module in Security) Kings College London, University of London Tel: +44 (0) MSc PG DIP Information Technology & Internet Law MSc PG DIP Computing & Internet Systems (has particular emphasis on Internet Security) London Metropolitan University Tel: +44 (0) Certificate Fundamentals of Network Security Queen Mary, University of London Tel: +44 (0) Broad curriculum of undergraduate information technology, telecommuniations, internet and e-commerce technology and engineering courses with a significant emphasis on systems security issues. 26

28 Northumbria University Tel: +44 (0) BSc (Hons) Network and Computer Systems Security The Open University Tel: +44 (0) Information Security Management post-graduate level course. Royal Holloway, University of London Information Security Group Tel: +44 (0) MSc Information Security Post Graduate Certificate & Diploma Information Security Mathematics for Information Security PhD Research programs Southampton Solent University Tel: +44 (0) BSc (Hons) Information Security Management BSc (Hons) Information Security Management, Business Information Technology Staffordshire University Tel: +44 (0) Computer Networks & Security BSc/Bsc (Hons)/MEng /BEng/BEng (Hons) Computer Science: Biometrics BSc/BSc (Hons);MEng Computer Science: Computer Security BSc/BSc (Hons) /MEng/BEng/BEng (Hons) Design Technology for Security BSc (Hons) Forensic Computing BSc/Bsc (Hons)/MEng/BEng/BEng (Hons) The University of Strathclyde Tel: +44 (0) LLM/Pg Dip IT & Telecommunications Law University of Sunderland Tel: +44 (0) Foundation Network Security Technologies BSc (Hons) Forensic Computing 27

29 Swansea Institute of Higher Education Mount Pleasant Campus Tel: +44 (0) Computer Systems Security HND/BSc (Hons) University of Teesside Tel: +44 (0) BSc (Hons) Digital Forensics University of Westminster Harrow School of Computer Science Tel: +44 (0) BSc (Hons) Digital Forensics MSc Information Technology Security Schools and Education Facilities Europe The educational institutions listed below offer a range of programs in the computer science and technology fields. Some offer specific degree programs or certifications in information security disciplines. Denmark Niels Brock Kultorvet Copenhagen K Tel: Fax: brock@brock.dk Copenhagen IT University Rued Langgaards Vej Copenhagen S Tel: Fax: itu@itu.dk PwC Academy Strandvejen Hellerup Tel: Fax: academy@pwc.dk 28

30 University of Copenhagen Nørregade Copenhagen K Tel: Fax: ku@ku.dk University of Southern Denmark Campusvej Odense M Tel: Fax: sdu@sdu.dk France Collaboration Université Paris 12, Université d Evry, Institut d Informatique des Entreprises and Institut National de Télécommunications Paris, France Ecole Nationale Supérieure d Ingénieurs de Bourges ENST Bretagne et SUPELEC Sécurité des Systèmes d Information Université de Bordeaux DESS Codes, Cryptologie, Sécurité Informatique Talence, France Université Joseph Fourier www-fourier.ujf-grenoble.fr/ DESS/ Cryptologie, Sécurité et Codage de l Information Université Nantes Département Informatique Université de Technologies de Troyes Sécurité des Systèmes d Information Université de Tours Falcuté des Sciences et techniques/ Site de Blois 29

31 Germany Fachhochschule für Oekonomie & Management, University of Applied Sciences Ruhr-Universität Bochum Faculty of Electronics and Information Technology Ireland Dublin City University Dublin Ireland Tel: +353 (0) , MSc in Security and Forensic Computing (PAC Code: DC823) Waterford Institute of Technology Waterford, Ireland Tel: +353 (0) BSc (Honours) in Computer Forensics Italy Master Universitario in Sicurezza delle Tecnologie dell Informazione e della Comunicazione Politecnico di Milano e CEFRIEL Corso die alta formazione in Information Security Management Polo di Crema dell Università degli Studi di Milano Sicurezza dei Sistemi e delle Reti Informatiche Università Ca Foscari Venezia 30

32 Università di Roma La Sapienza Russia Moscow Engineering Physics Institute (State University) Sweden Göteborgs Universitet Computer Science and Engineering IT-universitetet i Kista Switzerland Center for Security Studies (CSS), ETH Zurich Additional Resources and Professional Associations (ISC) 2 Resource Guide for Today s Information Security Professional Global Edition (ISC) 2 EMEA European Office Winchester House Old Marylebone Road London NW15RA United Kingdom Ph: +44 (0) Fx: +44 (0) institute@isc2.org * Scholarships are available through (ISC) 2. Visit: or call for more details. 31

33 Professional Associations Europe Associazione Nazionale Specialisti per la Sicurezza in Aziende di Intermediazione Finanziaria (ANSSAIF) Branchefællesskabet for IT,Tele, Elektronik og Kommunikationsvirksomheder (ITEK) British Computer Society Bundesamt für Sicherheit in der Informationstechnik (BSI) Central Sponsor for Information Assurance (CSIA) Computer Security Clubs CLUSIB Belgium CLUSIF France CLUSIS Switzerland CLUSSIL Luxembourg-Kirchberg CLUSIT Italy Competence Center for Applied Security Technology (CAST) Forum www-en.cast-forum.de/home Dataföreningen i Sverige Foundation for Information Policy Research (FIPR) Gesellschaft für Informatik E.V. Information Assurance Advisory Council (IAAC) Information Security Society of Switzerland (ISSS) 32

34 Information Systems Audit and Control Association (ISACA) Chapters in Europe Information Systems Integrity Group (ISIG), London School of Economics & political Science, Department of Information Systems Information Systems Security Association (ISSA) Chapters in Europe InfoSurance Foundation for the Security of Information and Communication in Switzerland Institute for Communications Arbitration and Forensics Institute of Engineering and Technology (IET) Institute for the Management of Information Systems (IMIS) Internet Enforcement Group (IEG) Observatoire de la Sécurité des Systèmes d Information et des Réseaux (OSSIR) SIG Security Swiss Association for Research in Information Technology (SARIT) TeleTrust - Non-profit Organisation for the Promotion of Trustworthiness of Information and Communication Technology 33

35 34 Professional Associations International AFCEA International ASIS International The Computing Technology Association (CompTIA) ECRYPT: European Network of Excellence for Cryptology EEMA The Independent European Association for e-business The European Information Society Group (EURIM) European Network and Information Security Agency (ENISA) Information Security Forum (ISF) Institute for Information Security Professionals International Federation of Information Processing International Information Systems Security Certification Consortium, Inc. [(ISC)²] International Security,Trust, and Privacy Alliance (ISTPA) The Jericho Forum SANS Institute

36 35