Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 3: Certification Programs and the Common Body of Knowledge
Certification & Information Security Industry standards, ethics, and certification of information systems professionals and practitioners is critical to ensuring that a high standard of security is achieved Certification benefits both the employer and the employee Oversight and governance of the professional certification process is needed To help maintain its relevance and currency To aid professionals in networking with other professionals To meet that need, the ISC 2 organization was created Principles and Practices 2
Certification & Information Security... International Information Systems Security Certification Consortium (ISC 2 ) Maintaining a CBK for information security Certifying industry professionals and practitioners Administering training and certification examinations Ensuring credentials are maintained Two primary certifications Certified Information Systems Security Professional (CISSP) System Security Certified Practitioner (SSCP) Principles and Practices 3
Information Security Common Body of Knowledge (CBK) The CBK is a compilation and distillation of all security information collected that is relevant to information security professionals CISSP certification includes a working knowledge of all 10 domains (www.isc2.org) Principles and Practices 4
Information Security CBK cont. 10 Domains Security Management Practices (Chap 4) Security Architecture and Models (Chap 5) Business Continuity Planning (Chap 6) Law, Investigations, and Ethics (Chap 7) Physical Security (Chap 8) Operations Security (Chap 9) Access Control Systems and Methodology (Chap 10) Cryptography (Chap 11) Telecommunications, Network, and Internet Security (Chap 12) Applications Development Security (Chap 13) Principles and Practices 5
Other Certificate Programs Certified Information Systems Auditor (CISA) Focuses more on business procedures than technology Certified Information Security Manager (CISM) To assure that information security manager has the required knowledge and ability to provide effective security management and consulting Global Information Assurance Certifications (GIAC) Intended primarily for practitioners or hands-on personnel such as system administrators and network engineers CompTIA Security+ Certification Tests the security knowledge mastery of an individual with two years on-the-job networking security experience Principles and Practices 6
Other Certificate Programs Vendor-Specific Certification Programs Check Point Certified Security Principles Associate Cisco Qualified Specialist Programs Such as Firewall, VPN, Intrusion Protection, etc Cisco Certified Security Professional Cisco Certified Internetwork Expert - Security TracK (CCIE Security Track) INFOSEC Professional Microsoft Certified Systems Engineer Security RSA Certified Systems Engineer Sun Certified Security Administrator for the Solaris Operating System Symantec Technology Architect Principles and Practices 7
Summary The benefits of certification and immersion into the CBK are clear to both employers and professionals who commit to life-long learning and to the betterment of themselves and their careers Principles and Practices 8