Understanding the Federal Cyber Security Professional (FCSP) Certifications
|
|
- Darleen Cole
- 8 years ago
- Views:
Transcription
1 Understanding the Federal Cyber Security Professional (FCSP) Certifications Introducing a new set of performance-based credentials from the Federal IT Security Institute First Public Draft Copyright FITSI 1 FCSP Performance-Based Certifications v1.0
2 This page is left intentionally blank Copyright FITSI 2 FCSP Performance-Based Certifications v1.0
3 TABLE OF CONTENTS 1. EXECUTIVE OVERVIEW... 5 A. INTRODUCTION... 5 B. WHO IS FITSI?... 5 C. WHY NOW? FCSP CERTIFICATION PROGRAM DETAILS... 7 A. OVERVIEW... 7 B. EXAM STAGES... 7 C. USE OF THE ADVANCED PERSISTENT THREAT AS AN EVALUATION TOOL... 8 D. CANDIDATE PRE-REQUISITES... 9 E. RECERTIFICATION REQUIREMENTS... 9 F. MAINTENANCE DETAILS... 9 G. AUDITS...10 H. GRANDFATHERING...10 I. EXAM COSTS...10 J. EXAM AVAILABILITY FCSP-PENETRATION TESTER...11 A. DESCRIPTION...11 B. PERFORMANCE MODEL...11 C. EXAM LOGISTICS...11 D. STANDARDS...11 E. SKILLS MEASURED FCSP-SECURITY CONTROL ASSESSOR...13 A. DESCRIPTION...13 B. PERFORMANCE MODEL...13 C. EXAM LOGISTICS...13 D. STANDARDS...14 E. SKILLS MEASURED FCSP-INCIDENT HANDLER...15 A. DESCRIPTION...15 B. PERFORMANCE MODEL...15 C. EXAM LOGISTICS...15 D. STANDARDS...15 E. SKILLS MEASURED FCSP-FORENSICS SPECIALIST...17 A. DESCRIPTION...17 B. PERFORMANCE MODEL...17 C. EXAM LOGISTICS...17 D. STANDARDS...17 E. SKILLS MEASURED FCSP- NETWORK DEFENDER...18 A. DESCRIPTION...18 B. PERFORMANCE MODEL...18 C. EXAM LOGISTICS...18 D. STANDARDS...18 E. SKILLS MEASURED PERFORMANCE-BASED LAB...20 Copyright FITSI 3 FCSP Performance-Based Certifications v1.0
4 A. OVERVIEW OVERVIEW OF THE FITSI MANAGEMENT TEAM...21 A. JIM WIGGINS, EXECUTIVE DIRECTOR...21 B. AMEE DEVINE, CHIEF OPERATING OFFICER...21 C. MARIBETH KUZMICKI, PROGRAM MANAGER OVERVIEW OF THE FCSP SCHEME COMMITTEE...22 A. JIM WIGGINS, EXECUTIVE DIRECTOR, FCSP SCHEME COMMITTEE...22 B. JAY COPLON, FCSP SCHEME COMMITTEE...22 C. DAVID KEYES, FCSP SCHEME COMMITTEE...22 D. TINA KULIGOWSKI, FCSP SCHEME COMMITTEE...23 E. JIM WILSON, FCSP SCHEME COMMITTEE...23 F. LEO DREIGER, FCSP SCHEME COMMITTEE...23 G. PIERRE COLOMBEL, FCSP SCHEME COMMITTEE...24 H. JOHN DUNLEAVY, FCSP SCHEME COMMITTEE...24 I. ROBERT VESCIO, FCSP SCHEME COMMITTEE INSTRUCTIONS FOR PUBLIC COMMENT CONCLUSION LEGAL...27 Copyright FITSI 4 FCSP Performance-Based Certifications v1.0
5 1. Executive Overview A. Introduction Professional certifications are a part of most industries and have become an important tool in measuring the knowledge, skills and abilities of individuals in different job roles. For the Information Technology (IT) security industry this is no different. Over the past 20 years a number of certifications from a plethora of organizations have certified information security (INFOSEC) professionals in best practices and guidance across a multitude of different industries. A recent report from the Center for Strategic and International Studies (CSIS) last summer highlighted the need for more technically competent information security professionals. In the study the commission made the following comments: It is the consensus of the Commission that the current professional certification regime is not merely inadequate; it creates a dangerously false sense of security for the following reasons: Individuals and employers are spending scarce resources on credentials that do not demonstrably improve their ability to address security-related risks; and Credentials, as currently available, are focusing on demonstrating expertise in documenting compliance with policy and statutes rather than expertise in mitigating risks and preventing and responding to attacks. A Human Capital Crisis in Cyber security CSIS Commission on Cyber security for the 44th Presidency Understanding the need for highly trained technical cyber security professionals, this whitepaper has been developed to detail the work the Federal IT Security Institute (FITSI) is currently pursuing to help develop rigorous certifications in the federal space that will help secure the nation s federal information systems. B. Who is FITSI? The Federal IT Security Institute is a certification body whose purpose is to focus on helping the Federal government certify workforce members in appropriate cyber and IT security knowledge, skills and abilities. The organization was launched officially in November of 2009 and in March of 2010 FITSI introduced the Federal IT Security Professional (FITSP) certification program. The FITSP certification is a role based program that validates the IT security knowledge of Managers, Designers, Operators and Auditor of Federal IT systems. FITSI is currently pursuing American National Standards Institute (ANSI) accreditation under the International Organization for Standardizations (ISO) standard for the FITSP program. Copyright FITSI 5 FCSP Performance-Based Certifications v1.0
6 C. Why now? Cyber security is fast becoming a high priority for both commercial and government agencies. A number of high profile security breaches have occurred in the past few years placing organizations on notice that they must increase the security posture of their information systems. In order to protect their system adequately, these organizations need professionals with technical competency in cyber security skills to be able to fight the invasion of hackers, malicious code and even foreign powers. Currently, few certification programs on the market are performance-based and validate the technical competency of candidates. Programs from Cisco and Red Hat (the CCIE and RHCE, respectively) are two examples where candidates must prove their knowledge in a performance-based model. Unfortunately, these certifications are predominately targeted at operational aspect of an organization IT infrastructure rather than focusing on cyber security skills. With these points in mind, FITSI is working on developing a second generation of certifications known as the Federal Cyber Security Professional (FCSP). These credentials, coupled with the FITSP certifications, provide a method to ideally evaluate and test the knowledge, skills and abilities of cyber security professionals who work on systems owned by, or operated on behalf of, the federal government. The intent of the FCSP is to provide a meaningful way to evaluate five classes of cyber security professionals: Penetration Testers - designed for those who ethically break into systems Control Assessors - designed for those who validate controls on a system Incident Handlers - designed for those who deal with security incidents Forensic Specialists - designed for those who deal with forensic investigations Network Defenders - designed for those whose job is to protect the network This white paper discusses these performance-based certifications currently in development by FITSI and discusses the logistics of the program. Copyright FITSI 6 FCSP Performance-Based Certifications v1.0
7 2. FCSP Certification Program Details A. Overview The Federal Cyber Security Professional is a role based program and is made up of five performance-based certifications. These include: 1. FCSP-Penetration Tester 2. FCSP-Security Control Assessor 3. FCSP-Incident Handler 4. FCSP-Forensics Specialist 5. FCSP-Network Defender Each exam is two days in length. Each FCSP certification is separate and examines a candidate s ability to demonstrate knowledge, skills, and abilities in a mock operational environment. The FCSP certifications are complementary to the FITSP program that FITSI currently manages. While the FITSP is predominantly information based, the FCSP is performance-based. When earned together, both of these credentials help to demonstrate a security practitioner s holistic approach in addressing Federal IT security. Below is how the two certifications work together to help prove the practitioner s real cyber capabilities. B. Exam Stages The FCSP exams are conducted over a two day period (Saturday and Sunday) and are broken into three stages: 1. Multiple-choice exam - Two hour 100 question multiple choice test; this stage evaluates a candidate s knowledge and understanding of the given job role. 2. Hands on exam - Ten hour performance-based exam consisting of 10 to 15 major tasks; this stage validates a candidate s technical competency within the given job role. 3. Written/Essay exam - Four hour writing component; this stage requires the candidate to create a report detailing their observations. (A template is provided to Copyright FITSI 7 FCSP Performance-Based Certifications v1.0
8 all candidates to ensure consistency). This report validates that the candidate can put together a report documenting security incidents and events; additionally, the candidate must be able to perform root cause analysis and present remediation steps necessary to fix the issues. This stage tests both the writing skills of the candidate as well as his or her ability to think analytically about the causes of INFOSEC problems and how the organization should manage the situation. The diagram below demonstrates the exam stages visually: C. Use of the Advanced Persistent Threat as an evaluation tool The Advanced Persistent Threat (APT) is a serious issue to information systems used in government and the commercial world. Mandiant 1 defines APT as a group of sophisticated, determined and coordinated attackers that have been systematically compromising U.S. government and commercial computer networks for years. The vast majority of APT activity observed by MANDIANT has been linked to China. The FCSP exams use a simulated APT as way to evaluate the skills of candidates in properly detecting, containing, and remediating this serious threat to government and commercial systems. Each role-based performance certification deals with the APT at some point during the exam and depending upon the role of the certification the candidate must take steps to help address the issue. Each of the five roles deals with APT in the following way: 1 Mandiant White paper M-trends: The Advanced Persistent Threat Mandiant 2010 Copyright FITSI 8 FCSP Performance-Based Certifications v1.0
9 1. FCSP-Penetration Tester Acts as an APT to gain access to a mock governmental system 2. FCSP-Security Control Assessor Runs into the APT as part of control assessment 3. FCSP-Incident Handler Identifies the APT at a CAT 1 event (Unauthorized Access) and must remediate the threat. 4. FCSP-Forensic Specialist Investigates the APT present on an information system and must remediate the threat. 5. FCSP-Network Defender Must defend the network against an APT intrusion and take steps to stop the intrusion before a foothold can be established. D. Candidate Pre-requisites Candidates that wish to pursue one of the FCSP exams must first earn a FITSP-Operator credential to demonstrate their ability to understand and apply appropriate federal IT security standards. The FCSP exams are highly technical and the FITSP-Operator role is the ideal perquisite as it is designed for candidates that are highly technical (system administrators, network engineers, and so on). The FCSP is a performance-based environment which focuses on the hands on skills and abilities of the 5 respective roles. Below is a visual representation of the complimentary role of the FITSP and FCSP certifications: E. Recertification Requirements The FCSP certifications are valid for no more than a five year period. Certified individuals carrying the credentials must recertify every five years by sitting for the FCSP exam to prove their technical competency in the latest knowledge, skills and abilities of their respective cyber security professional credential. F. Maintenance Details Because of the premier nature of the FCSP certifications, FITSI members who hold one of these certifications are required to pay a $99 annual maintenance fee. The fees go to supporting the nonprofit. To maintain the certification over a three year period certified individuals must earn at least 20 CPE per year that correlate to the credential they are carrying. Copyright FITSI 9 FCSP Performance-Based Certifications v1.0
10 G. Audits Candidates will be randomly audited over the three year period to verify compliance with the Federal IT Security Institute s FCSP CPE policy. H. Grandfathering Due to the performance nature of the program, candidates are not allowed to grandfather into the program. I. Exam Costs The cost for the two day exam is still being determined. This will include proctoring and administration of both the written and practical portions of the exam. J. Exam Availability The exams are expected to be available sometime in 2012 and will be administered biannually in 6 geographic markets. Those markets are: Washington, DC Annapolis Junction, MD San Diego, CA Colorado Springs, CO San Antonio, TX Orlando, FL Copyright FITSI 10 FCSP Performance-Based Certifications v1.0
11 3. FCSP-Penetration Tester A. Description The FCSP-Penetration Tester (FCSP-PT) is an offensive certification developed to test a candidate s ability to find and exploit operational, technical and management control weaknesses in United States Government information systems. It is a certification designed for members of red teams and other types of offensive groups which proactively attack systems to test their defenses before the bad guys can. B. Performance Model The FCSP-PT certification is broken into three components: a written exam, hands on exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge of both the Open Source Security Testing Methodology Manual (OSSTMM) framework as well as National Institute of Standards and Technology (NIST) guidance as promoted in Special Publication , Technical Guide to Information Security Testing and Assessment. The lab environment is a ten hour evaluation of candidate s ability to demonstrate relevant penetration testing skills. Candidates must complete between major tasks. The written exam is a four hour period of time where the candidate will have to put together a penetration testing report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-PT credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-PT Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses the OSSTMM framework promoted by the Institute for Security and Open Methodologies (ISECOM) as well as NIST Special Publication Copyright FITSI 11 FCSP Performance-Based Certifications v1.0
12 E. Skills Measured See the most current version of the FCSP-PT Candidate Exam Guide for details on a breakdown of the skills measured on the exam. The following are the planned skills measured on the FCSP-PT exam: 1. Perform a reconnaissance on the network and attached systems 2. Intrude into the network where the systems are located 3. Ability to establish a back door in the network and systems 4. Obtain user credentials 5. Install various utilities 6. Escalate privilege on a system 7. Move laterally in a system 8. Maintain persistence Copyright FITSI 12 FCSP Performance-Based Certifications v1.0
13 4. FCSP-Security Control Assessor A. Description The FCSP-Security Control Assessor (FCSP-SCA) is an operational certification developed to test a candidate s ability to certify the controls found and used in United States Government information systems. It is designed for those who certify and assess a system as prescribed in NIST SP Rev1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. B. Performance Model The FCSP-SCA certification is broken into three components: a written exam, a handson exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge found in NIST guidance as promoted in Special Publication A Rev1, Guide for Assessing the Security Controls in Federal Information Systems. The lab environment is a 10 hour evaluation of candidate s to effectively certify a mock government system. Candidates are given appropriate system documentation (organizational policies, System Security Plan, Contingency Plan) and vendor neutral tools, and are expected to verify the controls from 6 of the 18 control families as found in NIST SP A Rev1. The output of this work must result in delivery of a mini Security Assessment Report (SAR). The lab environment will require the candidate to analyze a number of control issues and make judgment calls as to the residual risk left on the system. Candidates must complete between major tasks. The written exam is a four hour period of time where the candidate will have to put together a security assessment report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-SCA credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-SCA Candidate Exam Guide for a full exam blue print at the FITSI website. Copyright FITSI 13 FCSP Performance-Based Certifications v1.0
14 D. Standards This certification uses the processes and standards as defined in NIST SP A Rev1. E. Skills Measured See the most current version of the FCSP-SCA Exam Guide for details on a breakdown of the skills measured on the exam. The following are the planned skills to be measured on the FCSP-SCA exam: 1. Review a SSP on a sample system 2. Use examine, interview and test techniques to verify the security state of a number of controls found on a mock government information system. 3. Review the technical controls found for two control families as defined in NIST SP A. a. Identify which items and issues should be added to a Plan of Action and Milestone (POAM) for remediation by the system owner 4. Review the operational controls found for two control families as defined in NIST SP A. a. Identify which items and issues should be added to a POAM for remediation by the system owner 5. Review the management controls found for two control families as defined in NIST SP A. a. Identify which items and issues should be added to a POAM for remediation by the system owner 6. Generate a SAR based upon the findings detailed in the review of the operational, technical and management controls found on a system. Copyright FITSI 14 FCSP Performance-Based Certifications v1.0
15 5. FCSP-Incident Handler A. Description The FCSP-Incident Handler (FCSP-IH) is an operational certification developed to deal with a number of different types of incidents targeted against United States Government information systems. It is a certification designed for members of CIRT teams that are in direct support of the US Government. B. Performance Model The FCSP-IH certification is broken into three components: a written exam, a hands-on exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge found in NIST SP , Computer Security Incident Handling Guide. The lab environment is a 10 hour evaluation of candidate s ability address a number of categories of events. Candidates must work within a mock environment and successfully deal with types of events including, but not limited to, unauthorized access, malicious code, and denial of service. Candidates must complete between major tasks. The written exam is a four hour period of time where the candidate will have to put together an incident handling report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-IH credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-IH Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses guidance as specified in NIST SP , Computer Security Incident Handling Guide as well as guidance from US-CERT. E. Skills Measured See the most current version of the FCSP-Incident Handler Candidate Exam Guide for details on a breakdown of the skills measured on the exam. Copyright FITSI 15 FCSP Performance-Based Certifications v1.0
16 The following are the planned skills measured on the FCSP-IH exam: 1. Be able to identify different types of incidents using a number of open source tools. 2. Be able to respond to a denial of service attack 3. Be able to respond successfully to an incident involving unauthorized access 4. Be able to respond successfully to a malicious code outbreak. Copyright FITSI 16 FCSP Performance-Based Certifications v1.0
17 6. FCSP-Forensics Specialist A. Description The FCSP-Forensics Specialist (FCSP-FS) is an operational certification developed to test a candidate s ability to forensically identify security issues in United States Government information systems. It is a certification designed for forensic teams. B. Performance Model The FCSP-FS certification is broken into three components: a written exam, a hands-on exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge of the following NIST guidance: o SP Guide to Integrating Forensic Techniques into Incident Response. o SP Guidelines on PDA Forensics o SP Guidelines on Cell Phone Forensics The lab environment is a 10 hour evaluation of candidate s ability to run a forensic investigation against a number of targeted devices. Candidates must complete between major tasks. The written exam is a four hour period of time where the candidate will have to put together a forensics analysis report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-ST credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-FS Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses the standards and practices identified in NIST SP , and E. Skills Measured See the most current version of the FCSP-Forensics Specialist Candidate Exam Guide for details on a breakdown of the skills measured on the exam. Copyright FITSI 17 FCSP Performance-Based Certifications v1.0
18 7. FCSP- Network Defender A. Description The FCSP-Network Defender (FCSP-ND) is a defensive certification developed to test a candidate s ability to defend networks and information systems used by the United States Government. It focuses on skills and capabilities to identify remediate and correct issues real time in the protection of government information systems. B. Performance Model The FCSP-ND certification is broken into three components: a written exam, a hands-on exam and a written / essay exam. The multiple choice exam is a 100 questions focusing on the knowledge of network defense. The lab environment is a 10 hour evaluation of a candidate s ability to properly defend a network against a barrage of external and internal attacks. Candidates must complete between major tasks. The written / essay exam is a four hour period of time where the candidate will have to put together a network defense report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-ND credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-SCA Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses a full range of standards and best practices across a number of NIST Special Publications and Interagency Reports. Copyright FITSI 18 FCSP Performance-Based Certifications v1.0
19 E. Skills Measured See the most current version of the FCSP-ND Candidate Exam Guide for details on a breakdown of the skills measured on the exam. The following are the planned skills measured on the FCSP-ND exam: 1. Ability to perform a vulnerability analysis on a system a. Vulnerability analysis of an operating system b. Vulnerability analysis of a web server c. Vulnerability analysis of a database server 2. Ability to review network traffic real time looking for attack signatures a. Identify a DoS attack signature b. Identify a virus found on a system 3. Ability to remediate attacks real time by reconfiguring ACL rules on a route (Cisco device) 4. Ability to deal with an APT threat found on a system 5. Ability to identify malicious code on a system Copyright FITSI 19 FCSP Performance-Based Certifications v1.0
20 8. Performance-Based Lab A. Overview The FCSP exams are hosted online with technology based upon cloud computing and virtualization. FITSI plans to host the necessary equipment for up to 10 exams to be conducted at one time. Because the lab environment is online exams locations can be easily established nationwide without extensive local setup requirements. The mock operational environment simulates a government agency known as the Department of Information Technology. Each candidate will be allocated a group of systems in this mock environment known as a POD. Each POD will consist of 12 virtualized systems. The systems are: 2 Domain Controllers (Windows Server 2003 ) 1 Server (Exchange 2003 ) 2 Web Servers (1 Apache and 1 IIS ) 1 Database Server (Oracle ) 1 Configuration Management System (SMS) 5 user Systems (Windows XP with the FDCC) The lab environment contains 3 accreditation boundaries. The three system boundaries are: 1. GlobalNet A general support system that encompasses all SBU systems on the department s network. 2. Webconnect a major information system that runs on the IIS and a local install of MS SQL Server Infoshare a major information system that run on the Apache webservice and uses the Oracle server. Candidates are provided all necessary equipment at the exam site. Each exam will be broken into a separate module that will be scored at the end by a proctor who is certified by FITSI to administer the exam. Copyright FITSI 20 FCSP Performance-Based Certifications v1.0
21 9. Overview of the FITSI Management Team The Federal IT Security Institute has a team of highly trained individuals with years of IT security, training and Federal government experience. To demonstrate the caliber of individuals that are involved in this project they are listed below with their qualifications and capabilities. A. Jim Wiggins, Executive Director Jim is the executive director of the Federal IT Security Institute (FITSI). FITSI in a nonprofit organization that provides a role-based IT security certification program targeted at the federal workforce. In 2011, the Federal Information Systems Security Educators Association (FISSEA) named him Educator of the Year for his tireless work training those who operate and defend federal information systems, as well as the impact FITSI is making in relation to the federal workforce. Jim possesses over 15 years direct experience in the design, operation, management, and auditing of information technology systems, with the past 11 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. Jim has the following IT security certifications: FITSP-M, FITSP-O, CISSP-ISSEP, CISM, CISA, CAP, SSCP, IAM, IEM, SCNA, SCNP, SCNS, CEH, ECSA, CHFI, LPT, TICSA, CIWSA, Security+, and MCSE: Security B. Amee Devine, Chief Operating Officer Amee is a successful business woman who has run a number of training organizations and programs in her 20+ year professional career. In the 1990's she ran a successful FutureKids franchise and until 2002 she was involved with an IT training company in Northern Virginia. From 2002 to the present she's been involved in a small private boutique IT training company focusing on IT security training courses such as CISSP, Ethical hacking, Security+, etc. Amee has an MBA from Penn State. C. Maribeth Kuzmicki, Program Manager Maribeth Kuzmicki is a program manager for FITSI. She handles such programs as membership, exam delivery, and is currently working on FITSI ANSI accreditation program under the ISO standard. Maribeth has a PhD from Case Western Reserve University. Copyright FITSI 21 FCSP Performance-Based Certifications v1.0
22 10. Overview of the FCSP Scheme Committee The Federal IT Security Institute has a team of highly trained individuals with years of IT security, training and Federal government experience. To demonstrate the caliber of individuals that are involved in this project they are listed below with their qualifications and capabilities. A. Jim Wiggins, Executive Director, FCSP Scheme Committee Jim is the executive director of the Federal IT Security Institute (FITSI). FITSI in a nonprofit organization that provides a role-based IT security certification program targeted at the federal workforce. In 2011, the Federal Information Systems Security Educators Association (FISSEA) named him Educator of the Year for his tireless work training those who operate and defend federal information systems, as well as the impact FITSI is making in relation to the federal workforce. Jim possesses over 15 years direct experience in the design, operation, management, and auditing of information technology systems, with the past 11 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. Jim has the following IT security certifications: FITSP-M, FITSP-O, CISSP-ISSEP, CISM, CISA, CAP, SSCP, IAM, IEM, SCNA, SCNP, SCNS, CEH, ECSA, CHFI, LPT, TICSA, CIWSA, Security+, and MCSE: Security B. Jay Coplon, FCSP Scheme Committee Jay is a C&A lead for the Department of State. He is an information assurance professional implementing the NIST Certification and Accreditation domain for the past 10 years. His experience is focused in the risk management discipline where he spends a great part of his day reviewing security assessments and supporting artifacts as well as validating accreditation package documentation. Jay meets changes in federal guidance with sound interpretations that result in process improvements necessary to support his customers. Jay is currently working on the next generation implementation of C&A in support of Near Real-time Continuous C&A. Jay has the following IT security certifications: FITSP-M, CISSP, CAP, CISM and ISSPCS C. David Keyes, FCSP Scheme Committee Currently a private consultant, Mr. Keyes enjoyed a twenty-seven-year federal career in which he held multiple senior executive service (SES) leadership positions. His experience includes both interagency and intergovernmental coordination on issues including: personnel, physical, and computer security issues; special operations and crisis management; critical infrastructure protection; risk assessments, continuity of operations, and consequence and emergency management. He was selected as an Intelligence Fellow by the Director of Central Intelligence. In May 1999, the Armed Forces Electronics and Copyright FITSI 22 FCSP Performance-Based Certifications v1.0
23 Communications Association (AFCEA) recognized him with their first annual award for excellence in critical infrastructure protection. He has provided critical infrastructure protection consulting services to the Executive Office of the President; the Departments of Energy, State, Education, Veteran Affairs, and Commerce; the National Aeronautics and Space Administration (NASA); and the Kingdom of Saudi Arabia. He has also served as a Visiting Scientist at Carnegie Mellon s Software Engineering Institute CERT CC. David has the following IT security certifications: FITSP-M, CISA, CISSP, CISM, and CAP D. Tina Kuligowski, FCSP Scheme Committee Tina has worked for the Department of State for the past 12 years as a Systems Instructor at the Foreign Service Institute in Arlington, VA., punctuated by an excursion assignment to the US Embassy in Bangkok, Thailand. In her capacity as an FSI trainer, she trained Foreign Service IT Specialist on a number of different Microsoft operating platforms. She holds a Masters Degree in Information Assurance and specializes in the development and delivery of IT security curriculum, to include ISC² Certified Authorization Professional, the well-regarded CISSP, and the fundamentals of CompTIA Security+. In addition, she has developed and taught Information Assurance courses, as adjunct faculty, on behalf of the Department s Diplomatic Security Training Center in Dunn Loring, VA. Tina has the following IT security certifications: FITSP-M, CISSP-ISSEP, ISSAP, ISSMP, CAP, CEH, MCITP:EA, MCSE: Security, Security+ E. Jim Wilson, FCSP Scheme Committee Jim is an experienced Information Assurance Professional paving new trails while setting the direction, the pace, and the mind-set to find complete solutions to the most challenging problems. Jim enables humans and technologies, with fact based science to defend, secure, and counter unwanted digital activities across and throughout enterprise environments. He specializes in Electronic Countermeasures, imaginative and creative solution. Jim has the following IT security certifications: FITSP-M, CISSP, CEH, and Security+ F. Leo Dreiger, FCSP Scheme Committee Leo owns and has operated TheSecurityMatrix.com since He has provided consulting services to many Federal clients to include The Department of State, The Department of Labor, Internal Revenue Service and the Centers for Medicaid and Medicare. Additionally, he has help thousands of IT professionals achieve their certifications and maintains an evaluation level above 90+%. Leo currently maintains online training and mentoring portal for the Information Assurance Community. Copyright FITSI 23 FCSP Performance-Based Certifications v1.0
24 Leo has the following IT security certifications: CISSP, CEH, CHFI, CISM, and Security+ G. Pierre Colombel, FCSP Scheme Committee Pierre runs his own successful IT consulting business that is focused on Microsoft based cloud computing. He is a successful trainer teaching security courses for a number of clients. He is a high-energy, well-rounded senior consultant/trainer successful in overseeing the development and implementation of enterprise strategic visions through a balanced approach of skilled personnel, practical policy, well-defined procedures and tactical technology deployments. Leverages over 15 years of diverse industry experience and business acumen gained with start-up and mature multi-million dollar companies. Skilled at developing and maintaining customer relationships and identifying and exploiting opportunities Pierre has the following IT security certifications: CISSP, ECSA, LPT, CEH, and Security+ H. John Dunleavy, FCSP Scheme Committee John Dunleavy is the founder and President of The 3877 Group an Information Technology consulting firm. John has been providing IT support, training and consulting services for more than 25 years and provides top tier solutions for a broad range of clients and is considered an expert in network design, problem solving and information security by his peers. John focuses much of his time teaching information security related courses (CISSP, Security +, Certified Ethical Hacker) to staff at firms like Booz Allen Hamilton, TASC, Boeing, Teledyne to name a few. John s specialty is successfully resolving complex Windows and Exchange Server configuration problems. John has the following IT security certifications: CISSP, CEH, MCSE, and Security+ I. Robert Vescio, FCSP Scheme Committee Robert is the Director of Global Strategic Solutions (Managed Security Services, GRC Programs, and Hosting) for Verizon Cybertrust Security. He currently sits as the head of the Cybertrust Certification Board for the Security Management Program. Over the last eight years, he has specialized in compliance standards, essential security practices, risk modeling, and decision analysis. In his spare time, he teaches the occasional security class. Robert has the following IT security certifications: CISSP and HISP Copyright FITSI 24 FCSP Performance-Based Certifications v1.0
25 10. Instructions for Public Comment FITSI is interested in public comment on the proposed certification program. Interested parties are asked to submit commentary by ing responses to by May 31 st, Copyright FITSI 25 FCSP Performance-Based Certifications v1.0
26 11. Conclusion Certifications have become an important tool in measuring the knowledge, skills and abilities of individuals in all types of job roles. The FITSI certification programs (FITSP and FCSP) have been developed to help validate and demonstrate a level of knowledge of Federal workers and contractors in helping secure the nation s federal information systems. Copyright FITSI 26 FCSP Performance-Based Certifications v1.0
27 12. Legal A number of organizations and trademarks were cited in this document. 1. Microsoft, MCSE, MCSE: Security, MCSE: Messaging, MCT, MCP, MCITP, MCITP:EA, Widows, Windows Server 2003, Exchange, Exchange 2003, and Windows XP are registered trademarks or trademark of Microsoft Corporation. 2. Cisco, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco IOS, Cisco Systems, are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. 3. Oracle is a registered trademarks or trademark of Oracle, Inc. and/or its affiliates in the U.S. and certain other countries. 4. ISC², CISSP, SSCP, ISSEP, ISSMP, ISSAP, CSSLP, and CAP are registered trademarks or trademarks of the International Information Systems Security Certification Consortium or ISC². 5. ISACA, CISA, CISM, CGEIT, are registered trademarks or trademarks of ISACA. 6. Red Hat and RHCE are registered trademarks or trademarks of Red Hat, Inc. 7. HISP is a registered trademark or trademark of the HISP Institute. 8. Ec-council, CEH, ECSA, LPT, CEI, CHFI, CIH, are registered trademarks or trademark Ec-council. 9. CompTIA, Security+, Network+ and A+ are registered trademarks or trademark of CompTIA. 10. SCNA, SCNP,SCNS are registered trademarks or trademark of the Security Certified Program corporation. 11. FITSI, FITSP, FCSP, FBK, are registered trademarks or trademarks of the Federal IT Security Institute. 12. Mandiant is a registered trademarks of the Mandiant corporation. All other trademarks mentioned in this document are the property of their respective owners. Copyright FITSI 27 FCSP Performance-Based Certifications v1.0
Understanding the Federal IT Security Professional (FITSP) Certification
Understanding the Federal IT Security Professional (FITSP) Certification Jim Wiggins Executive Director Federal IT Security Institute ISACA NCAC Conference Certification and Emerging Standards Holiday
More informationHelping our Wounded Warriors and our Nation by Building Technical Cyber Capabilities
Helping our Wounded Warriors and our Nation by Building Technical Cyber Capabilities Building the Next Generation of Cyber Defenders Copyright 2012 FITSI 1 Building Technical Cyber Capabilities This page
More informationSocial Media Security Training and Certifications. Stay Ahead. Get Certified. Ultimate Knowledge Institute. ultimateknowledge.com
Ultimate Knowledge Institute ultimateknowledge.com Social Media Security Training and Certifications Social Media Security Professional (SMSP) Social Media Engineering & Forensics Professional (SMEFP)
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationFITSP-Auditor Candidate Exam Guide
FITSP-Auditor Candidate Exam An Overview of the FITSP-A Certification 2010 Edition Copyright 2009-2010 FITSI 1 FITSP-Auditor Candidate Exam This page is left intentionally blank Copyright 2009-2010 FITSI
More informationBrandman University. School of CCNA
Information Technology Certifications CCNA The Cisco CCNA Training Package (ICND: Parts 1 and 2) includes expert instructor-led training modules with customized presentations, practice exam simulators
More informationAccess FedVTE online at: fedvte.usalearning.gov
FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationof Highly Effective Security Professionals By Sondra Schneider CEO Security University s0ndra@securityuniversity.net 203.357.7744
6 Skills of Highly Effective Security Professionals By Sondra Schneider CEO Security University s0ndra@securityuniversity.net 203.357.7744 Basic Principles The Basic Principles of InfoSecurity are Universal
More informationCertification and Training
Certification and Training CSE 4471: Information Security Instructor: Adam C. Champion Autumn Semester 2013 Based on slides by a former student (CSE 551) Outline Organizational information security personnel
More informationBuilding the Next Generation of Cyber Defenders
Building the Next Generation of Cyber Defenders Tapping into the League of Wounded Warriors to help Protect and Defend the Nation s Information Systems Sam Maroon Jim Wiggins Speaker Introduction Mr. Sam
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationEC-Council. Certified Ethical Hacker. Program Brochure
EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional
More informationIT Security Training. Why Security Certification? A Serious Business - Fear Drives the Demand High Demand Freedom to Make and Break Rules
IT Security Training Why Security Certification? A Serious Business - Fear Drives the Demand High Demand Freedom to Make and Break Rules Benefits of Certification Provides Assurance to Employers Certification
More informationCompTIA CASP Pre-approved Training for CompTIA CASP Continuing Education Units (CEUs)
CompTIA CASP Pre-approved Training for CompTIA CASP Continuing Education Units (CEUs) Note: Approved training courses in this document are subject to change without prior notification. Training submitted
More informationField of Study Area of Expertise Certification Vendor Course
Field of Study Area of Expertise Certification Vendor Course Advanced Security Certified Information Systems Security Professional (CISSP) ISC2 CISSP Advanced Security CompTIA Advanced Security Practitioner
More informationSecurity Transcends Technology
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com
More informationKevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor
IT Audit/Security Certifications Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor Certs Anyone? There are many certifications out there
More informationCAST Center for Advanced Security Training
CAST Center for Advanced Security Training Advanced Security Training (CAST) EC-Council s Center for Advanced Security Training (CAST) was created to address the need for highly technical and Advanced
More informationINSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL
INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL BY 2 In enterprise IT, there is a single point where everything that matters in information, technology and business converges: Cybersecurity Nexus
More informationState of South Carolina InfoSec and Privacy Career Path Model
State of South Carolina InfoSec and Privacy Career Path Model Start Introduction This Career Path Model for the State of South Carolina (State) is designed to help define the various career options available
More informationThe Value of Information Security Certifications
The Value of Information Security Certifications Ed Zeitler, CISSP Executive Director, (ISC) 2 www.isc2.org Overview Why professional certificate for information security? About (ISC) 2 and its credentials
More informationPresented by Frederick J. Santarsiere
http://cinoltd.com/ Presented by Frederick J. Santarsiere CHFI, CISSP, CISM, CISA, CEH, CEI, CAP, SSCP Sec+, Net+, A+, MCSA, MCSE, MCITP, MCT CCENT, CCNA, CCNA Wireless, CCNA Voice CISCO SMBEN, SMBAM,
More informationEC Council Certified Ethical Hacker V8
Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they
More informationInformation Systems Security Certificate Program
Information Technologies Programs Information Systems Security Certificate Program Accelerate Your Career extension.uci.edu/infosec University of California, Irvine Extension s professional certificate
More informationEC-Council Certified Security Analyst (ECSA)
EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for
More informationTechnology Approved Certifications
Date Approved Designation Certificate Name Points Microsoft Systems Engineering 04/16/2002 MCSE Microsoft Certified Systems Engineer 280 06/14/2007 MCSE: WIN 2003 Microsoft Certified Systems Engineer:
More informationISACA S CYBERSECURITY NEXUS (CSX) October 2015
ISACA S CYBERSECURITY NEXUS (CSX) October 2015 DO2 EXECUTIVE OVERVIEW Will you be a Cyber defender? ISACA launched the Cybersecurity Nexus (CSX) program earlier this year. CSX, developed in collaboration
More informationCyber R &D Research Roundtable
Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationHOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE
HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE ISACA S CYBER SECURITY NEXUS Ivan Sanchez-Lopez Senior Manager Information Security, IT Risk & Continuity, DHL Global Forwarding ISACA Luxembourg
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationVal-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning
Val-EdTM Valiant Technologies Education & Training Services 2-day Workshop on Business Continuity & Disaster Recovery Planning All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies.
More informationForensic Certifications
Forensic Certifications Mayuri Shakamuri CS 489-02 Digital Forensics October 31, 2006 New Mexico Tech Executive Summary Digital Forensics is rapidly growing and evolving to become a scientific practice
More informationCourse and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages
Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages provided by international certifications Cyber & IT Governance
More informationIT and Cybersecurity. Workforce Development with CompTIA Certification
IT and Cybersecurity Workforce Development with CompTIA Certification CompTIA solutions meet the federal IT security workforce challenge Federal agencies and contractors face an urgent and unrelenting
More informationSecurity Forensics Training
Security Forensics Training Vision, Mission, and Values 3 Vision: To be the brand of choice for computer forensics, cyber security, and training solutions Mission: To provide digital forensics, cyber
More informationDeveloping a Mature Security Operations Center
Developing a Mature Security Operations Center Introduction Cybersecurity in the federal government is at a crossroads. Each month, there are more than 1.8 billion attacks on federal agency networks, and
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More information11th AMC Conference on Securely Connecting Communities for Improved Health
11th AMC Conference on Securely Connecting Communities for Improved Health Information Security Testing How Do AMCs Ensure Your Networks are Secure June 22, 2015 Ray Hillen, Dennis Schmidt, Adam Bennett
More informationInformation Security Principles and Practices
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 3: Certification Programs and the Common Body of Knowledge Certification & Information Security Industry standards,
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationInfoSec Academy Pen Testing & Hacking Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationCertification Programs
Registration Questions? Please contact us directly. 507 S. Grand Ave., Lansing, MI 48933 sfisher@mibankers.com (517) 342-9057 Certification Programs 2015 Following the lecture on day 2, students have the
More informationCybercrime & Cybersecurity: the Ongoing Battle International Hellenic University
Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path
More informationInformation Technology Cluster
Network Systems Pathway Information Technology Cluster Assistant Network Technician -- This major prepares students to install, configure, operate, and connections to remote sites in a wide area network
More informationITS425: Ethical Hacking and Penetration Testing
ITS425: Ethical Hacking and Penetration Testing Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The
More informationBoost elearning IT Training INSTRUCTIONAL DESIGN, LEARNING PATHS, AND COURSE CATALOGUE
2016 Boost elearning IT Training INSTRUCTIONAL DESIGN, LEARNING PATHS, AND COURSE CATALOGUE Instructional Design Boost elearning Interactive IT Training Boost elearning's Interactive IT Training provides
More informationWCA WEBINAR SERIES: The Case for Cyber Security Training
WCA WEBINAR SERIES: The Case for Cyber Security Training PLEASE NOTE: IN ORDER TO HEAR THE AUDIO FOR THIS WEBCAST YOU WILL NEED TO USE YOUR TELEPHONE TO DIAL INTO THE FOLLOWING CONFERENCE LINE: Conference
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationAbout Our 2015 WTA Cyber Security Speakers and Sessions
About Our 2015 WTA Cyber Security Speakers and Sessions The constant threat of cyber security attacks is the number one concern for most businesses today. Weaknesses in networks and data security can expose
More informationMaster of Science in Information Security and Assurance
Master of Science in Information Security and Assurance The Master of Science in Information Security and Assurance is a competency-based degree program that encompasses the 10 security domains that are
More informationAnalyze. Secure. Defend. Do you hold ECSA credential?
1 Analyze. Secure. Defend. Do you hold ECSA credential? TM E C S A EC-Council Certified Security Analyst 1 EC-Council Cyber Security Professional Path Threat Agent Application of Methodology So You Can
More informationI. PREREQUISITE For information regarding prerequisites for this course, please refer to the Academic Course Catalog.
Note: Course content may be changed, term to term, without notice. The information below is provided as a guide for course selection and is not binding in any form, and should not be used to purchase course
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationPenetration Testing in Romania
Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationInfoSec Academy Application & Secure Code Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationIndustrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities
Industrial Cyber Security Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities WE HEAR ABOUT CYBER INCIDENTS EVERY DAY IN THE NEWS, BUT JUST HOW RELEVANT ARE THESE
More informationPrinciples of Information Assurance Syllabus
Course Number: Pre-requisite: Career Cluster/Pathway: Career Major: Locations: Length: 8130 (OHLAP Approved) Fundamentals of Technology or equivalent industry certifications and/or work experience. Information
More informationWyoming Community College Commission Request for New, Pilot or Revised Degree or Certificate Program
Wyoming Community College Commission Request for New, Pilot or Revised Degree or Certificate Program A. College: Laramie County Community College B. Date submitted to WCCC: C. Program 1. Request for: X
More informationEC-Council C E. Hacking Technology. v8 Certified Ethical Hacker
EC-Council Hacking Technology C Certified E Ethical Hacker Certified Ethical Hacker v8 Certified Ethical Hacker Course Description CEHv8 is a comprehensive Ethical Hacking and Information Systems Security
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 Department
More informationHEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY
More informationWyoming Community College Commission Request for New, Pilot or Revised Degree or Certificate Program
Community Commission Request for New, Pilot or Revised Degree or Certificate Program A. : Laramie County Community B. Date submitted to WCCC: C. Program 1. Request for: X New Program Pilot Program Revised
More informationWasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute
Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name
More informationCompTIA Certification Renewal Policy and Continuing Education (CE) Program. Kyle Gingrich Senior Director, Product Management kgingrich@comptia.
CompTIA Certification Renewal Policy and Continuing Education (CE) Program Kyle Gingrich Senior Director, Product Management kgingrich@comptia.org CompTIA s Mission Our Mission Educate The IT Community
More informationEduca&onal Event Spring 2015. Cyber Security - Implications for Records Managers Art Ehuan
Educa&onal Event Spring 2015 Cyber Security - Implications for Records Managers Art Ehuan Risk to Corporate Information The protection of mission dependent intellectual property, or proprietary data critical
More informationCorporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.
Corporate Overview MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.com IS&P Practice Areas Core Competencies Clients & Services
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationLinux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications
NETWORK ENGINEERING TRACK Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office
More informationCertification Programs
Certification Programs 2014 The SBS Institute serves community banks by providing educational programs that will certify a banker has the knowledge and skills to protect against todays information security
More informationInformation Security Workforce Development Matrix Initiative. FISSEA 23 rd Annual Conference March 23, 2010
Information Security Workforce Development Matrix Initiative FISSEA 23 rd Annual Conference March 23, 2010 Professionalization of the Workforce The CIO Council s IT Workforce Committee partnered with Booz
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:
More informationEditor Stacy Simpson, SAFECode. Contributors
Security Engineering Training A Framework for Corporate Training Programs on the Principles of Secure Software Development April 20, 2009 Editor Stacy Simpson, SAFECode Contributors Eric Baize, EMC Corporation
More informationTHE SANS 2005-2007 INFORMATION SECURITY SALARY & CAREER ADVANCEMENT SURVEY
THE SANS 2005-2007 INFORMATION SECURITY SALARY & CAREER ADVANCEMENT SURVEY What factors impact compensation? Which security certifications matter? What makes security people mad? What matters for career
More informationSecurity Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014
Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion
More informationSecurity Certifications. A Short Survey. Welcome. Stan Reichardt stan2007@sluug.org
Security Certifications A Short Survey Welcome Stan Reichardt stan2007@sluug.org Disclaimer This is just a cursory look at what is out there. I believe certifications are good training tools, but not necessarily
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationISO 27001 Information Security Management Services (Lot 4)
ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...
More informationTechnical Courses. Course Catalog
COMPUTER INSTITUTE Technical Courses Course Catalog Copyright 1983, Computer Institute Volume September 23, 2009 1335 Rockville Pike Rockville, MD 20852 WWW.TRAINUS.COM (301) 424-0044 TABLE OF CONTENTS
More informationITS425: Ethical Hacking and Penetration Testing
ITS425: Ethical Hacking and Penetration Testing Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The
More informationRenewing CompTIA Certifications With Achieving Other Vendor Certifications
Renewing CompTIA Certifications With Achieving Other Vendor Certifications Overview You may earn Continuing Education Units (CEUs) toward your certification renewal by earning other industry certifications.
More information167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College
167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College Information Security Certificate: Designed to introduce students to programming, security basics, network monitoring,
More informationExpert Reference Series of White Papers. 10 Security Concerns for Cloud Computing
Expert Reference Series of White Papers 10 Security Concerns for Cloud Computing 1-800-COURSES www.globalknowledge.com 10 Security Concerns for Cloud Computing Michael Gregg, Global Knowledge Instructor,
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationInformation Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008
Information Security and Privacy Lynn McNulty, CISSP Advisory Board November 2008 Global leaders in certifying and educating information security professionals with the CISSP and related concentrations,
More informationLogical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110
Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam
More informationIndividual Certification of Security Proficiency for Software Professionals: Where Are We? Where Are We Going?
Individual Certification of Security Proficiency for Software Professionals: Where Are We? Where Are We Going? Dan Shoemaker January 2009 ABSTRACT: The software industry needs a universally acknowledged
More informationApplication Security Audit Fault Injection Model, Fuzz Generators & Static Code Analysis. Training Brochure
Application Security Audit Fault Injection Model, Fuzz Generators & Static Code Analysis Training Brochure Synopsis This Four-day practical training is designed for Information Systems auditors, application
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationCYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA
CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA Robert Stroud International President, ISACA VP Strategy & Innovation, CA Technologies
More informationDoD Directive (DoDD) 8570 & GIAC Certification
DoD Directive (DoDD) 8570 & GIAC Certification Date Updated: January 2014 National Account Manager 678-714-5712 Director 703-968-0103 What is DoDD 8570? Department of Defense Directive 8570 provides guidance
More information