IT S A FUNNY THING ABOUT OFFICIAL CERTIFICATES

IT S A FUNNY THING ABOUT OFFICIAL CERTIFICATES 1

2 THIS ONE PROVES YOU'RE HERE.

THIS ONE SHOWS YOU'VE ARRIVED. 3

FROM GRADUATION TO RETIREMENT, (ISC) 2 FAST TRACKS CAREERS IN INFORMATION SECURITY.

Secure your lifelong career in a field that knows no bounds: information security. As a member of (ISC) 2, you ll have access to the latest trends, in-depth, ongoing education and of course, a suite of unsurpassed certifications that represents tangible proof of your expertise. (ISC) 2 has carefully formulated a program for security professionals at every level. We are the only notfor-profit, globally recognized consortium equipped to deliver an unsurpassed package unavailable elsewhere. A unique blend of advanced education, rigorous testing, specialized concentrations... and the kind of member support that keeps you at the forefront of today s volatile information security industry. This is not about keystroke training it s about knowledge plus ethics, leadership and industry respect that comes with being part of the (ISC) 2 family. With an independent, non-affiliated vendor-neutral program driven by the (ISC) 2 CBK, you have a global taxonomy of information security topics backing your career. Not to mention a prestigious title to help you on your way up the information security ladder no matter which specialty you choose to pursue within the (ISC) 2 career path. Ultimately, it s people who safeguard information. And we re the people who ensure your competency and job competitiveness. So read on; determine where you fit; and let us help you develop the best course of action, hand-picked from a suite of highly-regarded (ISC) 2 credentials. In the ever-changing field of information security, merely keeping up is not an option. Anticipating future challenges and combating them adeptly requires intense education and world-class certification by the number one name in information security: (ISC) 2 the quintessential over-achiever, just like those who choose to join us. Indeed, the standards are high exceeded only by the rewards. 5

How a Career in Information Security Measures Up Average Base Salary Information Security VP / Director - $147,504 Web Security Manager - $121,504 Information Security Manager - $117,662 Sr. Information Security Analyst - $92,336 Information Security Analyst - $80,683 Sr. Security Administrator - $78,411 Security Administrator - $70,480 Source: Foote Partners LLC (www.footepartners.com). IT Professional Salary Survey, 2nd Quarter 2008 U.S. edition. Survey of 80,000 IT professionals. **Average Base Salary - U.S. (64 cities, 1,960 employers) 6 In addition to IT proficiency, knowledge of management best practices, communication skills, and experience with policy, processes, and personnel are essential to a successful information security career.

The Associate of (ISC) 2 Bolstering Knowledge with Experience It takes years of practical work experience to prove your competence in the field of information security. Our credentials are based on a combination of experience, knowledge, education and ethics. If you are a student considering moving into the field of information security, or just starting out in the IS workforce, you are eligible to become an Associate of (ISC) 2. By aligning yourself with the first name in information security, you re jumping ahead of thousands of others vying for solid positions in the early stages of their careers. In addition to having an understanding of key information security concepts, you ll be exposed to the rigors of the profession while you accumulate the work experience needed for full credential certification. The Associate of (ISC) 2 status is available to qualified candidates who: Subscribe to the (ISC) 2 Code of Ethics Pass the CISSP, CAP, or SSCP certification exams based on the (ISC) 2 CBK, our taxonomy of information security topics Additionally, Associates can take advantage of the complete suite of (ISC) 2 support: forums, communications, peer networking and other educational opportunities to help you build the discipline and structure needed to advance in the field. Being an information security professional is a complex job. You not only need technical skills, but the ability to understand the big picture on protecting information in a business context. Fortunately, it s an immensely rewarding career with unlimited possibilities with a partner like (ISC) 2. For more information on the Associate of (ISC) 2, visit www.isc2.org/associate. Name: Chris Walker Age: 23 Profession: Pounding the pavement for work in the information security field. Goals: After taking the SSCP exam, Chris can get an Associate of (ISC) 2 status and hopefully move out of his parents place. Hobbies: Bungee Jumping 7

The SSCP Certification Where Sheer Ability Shines Through The Systems Security Certified Practitioner (SSCP) credential is for tacticians with an implementation orientation the gogetters, the action-oriented, hands-on problem-solvers of the industry. Think of the SSCP as your chance to truly demonstrate your competency in a highly visible way, which allows individuals to get ahead from positions such as: Senior Network Security Engineers Senior Security Systems Analysts Senior Security Administrators Other non-security disciplines that require an understanding of and have a corporate responsibility for securing information assets, will also benefit from the SSCP certification. People who have responsibility for application programming, system, network and database administration; business unit representatives and systems analysts. In reality, the SSCP designation is viewed as an in-depth education in information security. To attain the SSCP, you must: Possess one year of relevant information security experience in one or more of the seven domains of the (ISC) 2 SSCP CBK, our taxonomy of information security topics Subscribe to the (ISC) 2 Code of Ethics Pass the SSCP certification examination based on the (ISC) 2 CBK Complete the endorsement process Two Steps to Lasting Results To attain an SSCP, a candidate must successfully complete two separate processes: examination and certification. You ll be notified once you have successfully passed the SSCP exam, and will be required to have your application endorsed by an (ISC) 2 credential holder. If an (ISC) 2 credential holder is not available, you will need to contact an (ISC) 2 regional office to request assistance with this endorsement process. What the SSCP Certification Brings to Information Security Professionals: Ongoing educational opportunities worth valuable Sought-after job opportunities CPEs to maintain your certification in good standing Specialized credentials supporting distinct industry and Insider peer networking and industry communication professional needs Invaluable forums and a variety of frequent, relevant events Speaking and volunteer opportunities 8

The Seven SSCP CBK Domains Applicants must have a minimum of one year of direct full-time relevant work experience and focus on one of the seven domains of the (ISC) 2 SSCP CBK: Access Controls Cryptography Malicious Code and Activity Monitoring and Analysis SSCP CBK Review Seminars (ISC) 2 offers 3-day SSCP CBK Review Seminars that help candidates hone their knowledge of information security. These classroom-based events are held worldwide on a regular basis, featuring the latest information security-related developments and topics: Comprehensive, high-level study of all domains of the (ISC) 2 SSCP CBK Post-seminar self assessments with real-world examples of the rigorous (ISC) 2 examination experience, identifying areas where you require additional study Networks and Communications Risk, Response and Recovery Security Operations and Administration (ISC) 2 Authorized Instructors, unsurpassed in teaching the seven CBK domains Outlining the spectrum of understanding that distinguishes a certified IT security practitioner For more information or to register for the SSCP Review Seminars and/or Exam, visit www.isc2.org/sscp. Name: Kara Patel, SSCP Age: 30 Profession: Network Security Administrator Goal: Having just passed the (ISC) 2 SSCP, Kara is intent upon implementing her new credentials (and someday maybe even taking over her boss s job!). Hobbies: Equestrienne 9

The CAP Certification A Road Map to U.S. Government Guidelines Today, organizations must hire qualified information systems certification and accreditation personnel to assess and manage the risks of security threats to information systems especially in the U.S. Government. To address this critical need, the U.S. Department of State s Office of Information Assurance has collaborated with (ISC) 2 to develop the CAP a credential for the information systems security certification and accreditation professional. The CAP certification is an objective measure of the knowledge, skills and abilities required by professionals who assess risk and establish security parameters to offset potential risk. It ensures that both employer and practitioner are equipped to build the most impenetrable infrastructure possible; to monitor changing security requirements; and to anticipate emerging threats as they happen. The CAP credential allows information assurance professionals to carve out their own special niche. Combined with the fulfillment of (ISC) 2 s Continuing Professional Education (CPE) requirements, this certification ensures that you ll get the job done. And then some. What the CAP Certification Brings to Information Security Professionals: Ongoing educational opportunities worth valuable CPEs to maintain your certification in good standing Insider peer networking and industry communication Invaluable forums and a variety of frequent, relevant events Sought-after job opportunities Specialized credentials supporting distinct industry and professional needs Speaking and volunteer opportunities Dramatically advances careers as the number one information systems security certification and accreditation expert Objectively evaluates competence and skill, leading to potential increased future earning potential Works as a distinct career differentiator Confirms your knowledge of the taxonomy of information security topics set by (ISC) 2 and NIST guidelines Provides a network of global and CAP domain experts at your fingertips 10

The Five CAP CBK Domains The CAP exam tests the breadth and depth of a candidate s qualifications by focusing on the five domains of the (ISC) 2 CISSP CBK: Understand the Purpose of Certification and Accreditation Initiate the C&A Process Perform Certification Phase Understand Accreditation Phase Perform Continuous Monitoring CAP CBK Review Seminars We offer CBK Review Seminars developed by subject matter experts and delivered by authorized (ISC) 2 instructors to thoroughly refresh your information systems certification and accreditation knowledge. In one 8-hour session, you ll emerge with a full appreciation of the CAP knowledge areas and requirements. As a bonus, all educational materials are included in the cost of the seminar. For more information or to register for the CAP Review Seminars and/or Exam, visit www.isc2.org/cap. Name: Anna Thompson, CAP Age: 42 Profession: Network Security Engineer Goals: Having just passed the CAP, Anna is determined to work her way up the government ladder, combining her practical, on-the-job experience with (ISC) 2 credentials to attain the highest level possible. Hobbies: Shoe-shopping 11

The CISSP Certification Attaining and Maintaining the International Gold Standard As the first credential accredited by ANSI/ISO/IEC Standard 17024:2003 in the field of information security, the Certified Information Systems Security Professional (CISSP) is the premier credential. It provides an independent and objective tool to demonstrate a globally recognized level of competence. The CISSP allows knowledgeable and accomplished mid- and senior-level managers who are working toward or have already attained positions such as CISO, CSO, or Senior Security Engineer/Officers to distinguish themselves with a credential that commands international respect. The CISSP is available only to those qualified candidates who: Possess five cumulative years of relevant information security experience in two or more of the 10 domains listed in the (ISC) 2 CISSP CBK Subscribe to the (ISC) 2 Code of Ethics Pass the CISSP certification examination based on the (ISC) 2 CISSP CBK Complete the endorsement process What the CISSP Certification Brings to Information Security Professionals: Ongoing educational opportunities worth valuable Specialized credentials supporting distinct industry CPEs to maintain your certification in good standing and professional needs Insider peer networking and industry communication Speaking and volunteer opportunities Invaluable forums and a variety of frequent, relevant events Advanced CISSP Concentrations in areas of Sought-after job opportunities tactical specializations A Framework of Credibility Within 10 Domains (ISC) 2 works to ensure that anyone holding the CISSP possess thorough and current knowledge of the profession. For this reason, the CISSP examination rigorously tests the breadth and depth of a candidate s qualifications against the 10 information security domains of the (ISC) 2 CISSP CBK: Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal, Regulations, Investigations and Compliance Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security 12

CISSP CBK Review Seminars (ISC) 2 offers 5-day CISSP CBK Review Seminars worldwide on a regular basis to provide an objective measure of competence in the ten domains of the CISSP CBK. These classroom and online events feature the latest, up-to-date information security-related developments and topics: Comprehensive, high-level study of all domains of the (ISC) 2 CISSP CBK Post-seminar self assessments that provide real-world examples of the rigorous (ISC) 2 examination experience, identifying areas requiring additional study (ISC) 2 Authorized Instructors, thoroughly versed in the 10 CBK domains Survey the spectrum of understanding that distinguishes a certified information security professional For more information or to register for the CISSP Review Seminars and/or Exam, visit www.isc2.org/cissp. CISSP and Beyond Read on and discover the disciplines most in demand in the evolving information security industry. Name: Vincent Houston, CISSP Age: 51 Profession: Senior Security Systems Analyst Goals: Maintaining his good status as an (ISC) 2 member by accumulating CPEs; inspiring those under him, and keeping current on the latest information security developments worldwide. Hobbies: Sports Fiend 13

CISSP Concentrations The Apex of a Career in Information Security After you have become established in your career and acquired CISSP certification, you may be asking yourself, what next? Do you want to investigate senior positions within a larger enterprise? Does this type of career move demand a higher degree of specialization in a particular field? Or do you simply have a passion for knowledge of information security? Are there spheres of the profession where you would like to gain greater experience? If these questions have crossed your mind, you should probably be thinking about CISSP Concentrations: ISSAP, ISSEP and ISSMP. For experienced information security professionals with valid CISSP credentials, attaining an (ISC) 2 Concentration raises your knowledge of information security to expert level. Plus, you get all the respect and prestige that goes with it. 14 CISSP-ISSAP Information Systems Security Architecture Professional CISSP-ISSAP understands the technical limitations and the need to run security as a project and that an effective security program requires careful planning, design, monitoring and implementation of technologies. CISSP-ISSAP Requirements: Be a CISSP in good standing Pass the CISSP-ISSAP examination Demonstrate two years of professional experience in the area of architecture Maintain the appropriate CPE requirements The six domains of the CISSP-ISSAP CBK are: Access Control Systems and Methodology Communications & Network Security Cryptography Security Architecture Analysis Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Physical Security Considerations CISSP-ISSEP Information Systems Security Engineering Professional Developed in conjunction with the U.S. National Security Agency (NSA), CISSP-ISSEP is a very valuable tool for any systems security engineering professional and is the guide for the incorporation of security into projects, applications, business processes and all information systems. CISSP-ISSEP Requirements: Be a CISSP in good standing Pass the CISSP-ISSEP examination Maintain the appropriate CPE requirements The four domains of the CISSP-ISSEP CBK are: Systems Security Engineering Certification and Accreditation (C&A) Technical Management U.S. Government Information Assurance (IA) Governance (e.g., laws, regulations, policies, guidelines, standards)

CISSP -ISSMP Information Systems Security Management Professional CISSP-ISSMP looks at a larger enterprise model of security and management. It contains more managerial elements such as project management, risk management, setting up and delivering a security awareness program and managing a Business Continuity Planning program. An CISSP-ISSMP must demonstrate an understanding of business and the relationships between technology, security and business objectives. CISSP-ISSMP Requirements: Be a CISSP in good standing Pass the CISSP-ISSMP examination Demonstrate two years of professional experience in the area of management Maintain the appropriate CPE requirements Proven Expertise of Specialized Capabilities A CISSP Concentration allows credentialed information security professionals to demonstrate a rigorous, acquired knowledge of select CBK domains. Passing a concentration examination shows proven capabilities and subject matter expertise beyond that required for the CISSP or SSCP credentials. From educating you for initial exams to ensuring updated skills and continued success, (ISC) 2 offers you a full range of support for your success including many other invaluable opportunities: Seminars combining high-level overviews with a focus on key topics Forums and industry advisory groups addressing developing industry concerns Communications discussing timely issues Additional educational opportunities and academic affiliations Specialized credentials for distinct industry, government and professional areas Peer networking For more information or to register for the CISSP Concentration Review Seminars and/or Exam, visit www.isc2.org/concentrations. The five domains of the CISSP-ISSMP CBK are: Security Management Practices Systems Development Security Security Compliance Management Understand Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Law, Investigation, Forensics and Ethics Linda Westfield, CISSP-ISSMP Cheryl Baker, CISSP-ISSAP Mike Jones, CISSP-ISSEP 15

Chart your way through excellence in the field of information security. For the CISSP -ISSAP and CISSP-ISSMP, candidates must demonstrate 2 years of professional work experience in the area of their concentration. This does not apply to the CISSP-ISSEP. For the CISSP certification, candidates must have 5 years of experience in two or more of the domains of the CISSP CBK. For the CAP certification, candidates must have 2 years of experience in information systems security certification and accreditation. For the SSCP certification, candidates must have 1 year of experience in one of the domains of the SSCP CBK. For the Associate of (ISC) 2, candidates must pass the CISSP, CAP, or SSCP exam. After successfully completing the exam, the candidate must earn the years of experience required for the appropriate credential, then will be certified accordingly after completing the endorsement process. 16 17 All (ISC) 2 credentials are accredited to ANSI/ISO/IEC Standard 17024:2003.

The Value of (ISC) 2 Founded in 1989, the International Information Systems Security Certification Consortium, Inc. [(ISC) 2 ], has certified over 60,000 information security professionals in over 138 countries. (ISC) 2 is headquartered in Palm Harbor, Florida, USA, with offices in Washington D.C., London, Hong Kong and Tokyo. Our credentials are the Gold Standard in the industry, and the most recognizable and well respected in the world. CISSP - Certified Information Systems Security Professional and related concentrations CAP - Certification and Accreditation Professional SSCP - Systems Security Certified Practitioner The CISSP and SSCP have become synonymous with excellence in information security around the globe. They re also among the first information security credentials to meet the stringent requirements of ANSI under ISO/IEC Standard 17024, a global benchmark for assessing personnel certification programs. The CAP was created specifically for government employees who perform information systems security certification and accreditation (C&A) activities. Within the academic community, (ISC)² works in cooperation with educational institutions throughout the world to provide programs that further the discipline and professionalism of the information systems security field. Each program is designed to meet the needs of the student body and complement the existing curricula of the college or university. (ISC)² does not underestimate the importance of a formal education, in fact a Bachelor's Degree or higher from a recognized school provides a one-year waiver on the experience requirement for the CISSP certification. To affirm our commitment to the ongoing research into the field of information security, (ISC) 2 established the Information Security Scholarship program. This program demonstrates (ISC)² s dedication to advancing the profession through education and research, and providing opportunities for information security professionals throughout their careers. After all, keeping critical information infrastructures secure while maintaining confidentiality, integrity and accessibility is a worldwide problem that can not be solved by technology alone. In keeping with (ISC) 2 s mission to support information security professionals throughout the lifetime of their careers, we also offer an entire portfolio of educational products and services based upon the (ISC) 2 CBK a global taxonomy of information security topics. To ensure that we keep abreast of developing trends in the information security profession, we regularly sponsor the (ISC) 2 Global Information Security Workforce Study, which reveals invaluable trends and success factors to help you stay at the forefront of the field. For complete information about (ISC) 2, membership, certifications, concentrations, domains and education, please visit our Website at www.isc2.org. 18

The Overall Benefits of an (ISC) 2 Membership Advance your career as part of a globally recognized family of information security professionals. With (ISC) 2, you ll have access to our full spectrum of global resources. Industry newsletters and inside informational activities; private forums and peer networking; mentoring and sponsoring; research and teaching a wealth of ongoing information security opportunities at your fingertips. What s more, as a member of (ISC) 2, you re automatically eligible for deep discounts on valuable information security textbooks, conference sessions, educational materials, industry publications and the opportunity to earn valuable CPEs to maintain your credential in good standing. Being a member of (ISC) 2 says a lot about who you are, which is, above all, a consummate professional in a world fraught with security threats. Certification gives you the backing, the education, the colleagues, the networking system and the power to face these threats head on. For more information on Member Benefits, please visit www.isc2.org/advantages. 999999 05/01/11 19

The CBK Starting From Square One The Path to a Well-rounded Career in Information Security The (ISC) 2 CBK is a taxonomy of topics recognized and accepted by information security professionals around the world. It establishes a common framework of terms and principles which allows information security practitioners everywhere to discuss, debate, and resolve matters pertaining to the profession. (ISC) 2 was established in part, to aggregate, standardize, and maintain a compendium of industry knowledge. We pioneered the (ISC) 2 CBK, which is the recognized authority of knowledge for both global information security professionals and academic communities worldwide. Today, the CBK provides a common ground for over 60,000 members. Domains from (ISC) 2 credentials are drawn from various topics within the CBK to assess a candidate s level of mastery of information security. The collective (ISC) 2 CBK is updated annually by the respective (ISC) 2 CBK Committees to reflect the most current and relevant topics required to practice in this field. (ISC) 2 CBK Review Seminars are designed to provide candidates with an overview of the many topics within the domains which comprise each individual (ISC) 2 credential. Please refer to www.isc2.org/cbk for additional information. 20

Code of Ethics Trust, Confidence and Professionalism The (ISC) 2 Code of Ethics (ISC) 2 certification is a privilege that must be earned and maintained. Strict adherence to, and public compliance with the Code of Ethics is mandatory. Any infractions would be subject to a peer review panel, which could result in the revocation of certification. That said, only four canons comprise the (ISC) 2 Code of Ethics. Applied consistently, they will allow you to maintain the integrity required of every outstanding practitioner in the field. In resolving conflicts, the Official Guidance Policy outlined below is advisory only -- compliance is neither necessary nor sufficient for ethical conduct. In truth, good personal and professional judgment is the real guide to the ethical practice of information security, and a characteristic common to (ISC) 2 members in good standing worldwide. (ISC) 2 Members Adhere to the Highest Ethical Standards of Behavior: Protect society, the commonwealth, and the infrastructure by promoting and preserving public trust and confidence in information systems. Act honorably, honestly, justly, responsibly, and legally by being truthful, objective and cautious when conducting business contracts and agreements, or providing advice. Provide diligent and competent service to principals by preserving the value of systems, applications and information, and respecting established trust and granted privileges. Advance and protect the profession by continuing professional education and donating time and knowledge in training others. For a complete and detailed discussion of the (ISC) 2 Code of Ethics, please refer to www.isc2.org/ethics. 21

Technology alone cannot protect sensitive global information. Security threats cannot be countered with a keyboard. And no amount of software will ever be as powerful as the people behind it. For these reasons, (ISC) 2 concentrates on the people part of the equation. Considering the hours of education, testing, refreshing and learning brand new security trends, (ISC) 2 credentials are invaluable to the information security professional. Employers who demand qualified information security staff to give their organizations a leading edge need only look for an (ISC) 2 certification on your resume. It s the mark of safety, security and competence top employers seek in a candidate.

23

Regional Offices: (ISC) 2 Corporate 33920 U.S. Highway 19 North Suite 205 Palm Harbor, Florida 34684 Phone: +1.727.785.0189 Fax: +1.727.786.2989 (ISC) 2 Education 1964 Gallows Road Suite 210 Vienna, Virginia 22182 Phone: +1.866.462.4777 or +1.703.891.6781 Fax: +1.703.356.7977 (ISC) 2 Services 33920 U.S. Highway 19 North Suite 205 Palm Harbor, Florida 34684 Phone: +1.888.331.4722 or +1.727.785.0189 Fax: +1.727.683.0157 (ISC) 2 EMEA Winchester House 259-269 Old Marylebone Road London NW1 5RA United Kingdom Phone: +44 (0)207.170.4141 Fax: +44 (0)207.170.4139 (ISC) 2 Asia-Pacific Unit A, 10/F, BOCG Insurance Tower No. 134 136 Des Voeux Road Central Hong Kong Phone: +852.8226.7798 Fax: +852.8226.7723 or 2850.6959 (ISC) 2 Japan Kamiyacho Prime Place3FL 4-1-17 Toranomon Minato-ku Tokyo 105-0001 Japan Phone: +81.3.6311.8800 Fax: +81.3.6311.8801 Copyright 2009 (ISC) 2, Inc All rights reserved. All contents of this brochure constitute the property of (ISC) 2, Inc. All marks are the property of the International Information Systems Security Certification Consortium, Inc. Printed on recycled paper. (10/09)e