Information Security Certifications



Similar documents
Pentests: Exposing real world attacks

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

ISO 27001:2005 & ISO 9001:2008

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

Certification and Training

Hacking (and securing) JBoss AS

Information for Schools and Colleges. So you want to. Know more about the BS EN ISO 9000:2000 family of quality management system standards

All about CPEs. David Gittens CISA CISM CISSP CRISC HISP

Achieving Governance, Risk and Compliance Requirements with HISP Certification Course

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Security Transcends Technology

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology

SCAN. Associates Berhad.

Executive Management of Information Security

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

Using Information Shield publications for ISO/IEC certification

Information Security Principles and Practices

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Terms of Reference for an IT Audit of

Compliance & information security A (bit of a) rant. Jodie Siganto

State of South Carolina InfoSec and Privacy Career Path Model

So Why on Earth Would You WANT To be a CISO?

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

System Audit Framework

Information Security Specialist Training on the Basis of ISO/IEC 27002

CFPB Readiness Series: Compliant Vendor Management Overview

Application for CISM Certification

Curriculum Vitae. Personal information. VASILEIADIS Nikolaos. Work experience. Surname / First name

Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.

Privileged user management

Implementation of eidas through Member States Supervisory Bodies

Field of Study Area of Expertise Certification Vendor Course

Cloud Computing An Auditor s Perspective

Information Security Standards by Dr. David Brewer Gamma Secure Systems Limited Diamond House, 149 Frimley Road Camberley, Surrey, GU15 2PS

Certificate of Cloud Security Knowledge (CCSK) v3 FAQ

14 October 2015 ISACA Curaçao Conference By: Paul Helmich

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

Athens, 2 December 2011 Hellenic American Union Conference Center

IT Governance Dr. Michael Shaw Term Project

How To Become A Security Professional

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

KEY TRENDS AND DRIVERS OF SECURITY

Forensic Certifications

ADMINISTRATIVE POLICY # (2014) Information Security Roles and Responsibilities

HP Cyber Security Control Cyber Insight & Defence

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Core Fittings C-Core and CD-Core Fittings

DoD Directive (DoDD) 8570 & GIAC Certification

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers

Electronic signature and compliance assurance: what s new?

Security Consulting. Services Overview

Using COSO Small Business Guidance for Assessing Internal Financial Controls

Database Security and Auditing

Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers

IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES

Chapter 1. The ISO 9001:2000 Standard and Certification Process

The Next Generation of Security Leaders

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

APEC Guide to Information Security Skills Certification. Booklet

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Nigel Taylor Head of e-invoicing Solutions, EMEA

Security and privacy standardization for the SME community

ISACA Privacy Principles and Program Management Guide Preview Yves LE ROUX Principal consultant

Security Controls What Works. Southside Virginia Community College: Security Awareness

PROJECT: EURO-AUDITS THE EUROPEAN ROAD SAFETY AUDITOR TRAINING SYLLABUS APPENDIX E SURVEY RESULTS. October 2007

G11 EFFECT OF PERVASIVE IS CONTROLS

The Business Benefits of Logging

Hans Bos Microsoft Nederland.

ISQ Handbook. Security. Information. Qualifications. An in-depth coverage of vendor and vendor-neutral qualifications

Spillemyndigheden s Certification Programme Change Management Programme

GIAC Program Overview 2015 Q4 Version

IT Audit in the Cloud

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

The Information Security Management System According ISO The Value for Services

Réponse à une question de Roger Bastide Document 40

The enemies ashore Vulnerabilities & hackers: A relationship that works

Transcription:

HERVÉ SCHAUER CONSULTANTS Cabinet de Consultants en Sécurité Informatique depuis 1989 Spécialisé sur Unix, Windows, TCP/IP et Internet Information Security Certifications Persons / Organizations ENISA workshop What can we achieve with information security certification? Athens, november 28, 2006 Hervé Schauer <Herve.Schauer@hsc.fr> Slides will be available at www.hsc.fr

Hervé Schauer Consultants 2 / 7 Information security consulting since 1989 15 consultants Leading company for security training in french Certifications achieved by consultants : CISSP (ISC2), GIAC GCFA (SANS), ProCSSI (INSECA), BS7799 Lead Auditor (BSI, BVQI), ISO 27001 Lead Auditor (LSTI) HSC provides ISO 27001 Lead Auditor training Certification is done independently by a certification body : LSTI, to comply with ISO 17024 HSC works as ISO 27001 certification auditor for several certification bodies In several european countries

Security certifications for persons 1/3 HSC provide technical security training since 1989 In 2003 and 2004 HSC tried to adopt existing personnel certifications in security, not binded to a product or vendor CISM & CISA from ISACA Not technical, not for resell CEH/CHFI from EC-Council Very low technical level to our experience OPSA, OPST, OPSE from ISECOM Seemed the best after first analysis, but difficult negotiation, very low technical level for first grade to our experience GIAC from SANS Huge investment before starting by attending all existing courses, 60% of the money for them & 40% for HSC, technical level Ok 3 / 7

Security certifications for persons 2/3 CISSP from ISC2 4 / 7 80% of the money for them and 20% for HSC SCNP/SCNA from SecurityCertified (Ascendant Learning) Business model Ok Not easy to sell in France No update of course material ProCSSI from INSECA No training TICSA from TrueSecure Not a reliable company for certification ISO 27001 Lead Auditor Not owned by anyone Based upon ISO 27001, ISO 19011 and ISO 27006 standards, and guides ISO 27002 (ISO 17799), ISO 27004, ISO 27005,...

Security certifications for persons Most "non-profit organizations" providing security certifications for persons are pure profit companies Not claiming the truth does not bring confidence in them Also true for colateral activities such as auditors registrars All existing models have training and certification provided by the same company 3/3 5 / 7

Security certifications for organizations ISO 27001 is attainable to small businesses and any kind of organizations ISO27001 brings to every certified organization a minimum security level True with ISO 17021 and ISO 27006 certification process ISO 27001 implies continuous improvement ISO 27001 is the only way to stop proliferation and costs of information security audits (SoX, Basel II, banking regularory authority, public sector regulatory authority, ITIL/ISO 20000, privacy, etc) ISO 27001 popular in some countries, not popular in others In France, 4 published ISO 27001 certificates 57 in Germany, 42 in Italy, 38 in Spain,... 6 / 7

Conclusion Information security certifications for persons are necessary ENISA shall have a role to promote something complete, not binded to a particular company, with separate training and certification ISO27001 is the easiest way to improve information security in organizations EC should promote ISO 27001 certification of organizations as a requirement in calls for offers EC must request ISO 27001 certification as mandatory for organizations using EU funding, and organizations using personal data, eventually with privacy extensions Questions? Herve.Schauer@hsc.fr www.hsc.fr 7 / 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information