Beruflich Dokumente
Kultur Dokumente
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training
About:
Focus on Training offers the largest UK schedule of accredited courses for these certifications. Explore them on the Focus website at:
http://www.focus-on-training.co.uk/it-governance-and-security-training/courses/skillarea/15/
Rex Gibson leads the IT team at Focus. He has successfully executed major business change and IT projects, and has managed international engineering companies with significant IT dependency.
info@focus-on-training.co.uk
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training
2. Formal Qualifications
Formal qualifications are increasingly important in the field of Information Security, in part reflecting the assurance and compliance nature of the task. There is a confusing array of different certifications from a number of industry bodies. The following is a summary of the more commonly recognised qualifications:
CISM CISA CISSP ISMAS CISMP Security+ CEH Certified Information Security Manager Certified Information Systems Auditor Certified Information Security Professional Information Security Management Advanced Certificate in Information & Security Principles CompTIA Security+ Certification Certified Ethical Hacker ISACA ISACA (ISC)2 EXIN BCS/ISEB CompTIA EC-Council
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training
4. Leading Certifications
CISM Certified Information Security Manager CISM is a management focused certification that has been earned by more than 13,000 professionals since its introduction in 2003. CISM is for the individual who manages, designs, oversees and assesses an enterprise's information security. The emphasis is on risk management rather than technical expertise. As well as passing the CISM exam it is necessary to evidence a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam. There are one or two year offsets to the experience requirements depending upon prior certification and education. Exams are held in June and December each year and are organised directly by ISACA. The exam is a closed book, 4 hour paper with 200 questions. Candidate scores are reported on a common scale from 200 to 800. A candidate must receive a score of 450 or higher to pass the exam. In the UK exams are held in London, Birmingham and Manchester. Exam preparation courses are typically 5 days in order to cover the growing curriculum covered. They are often scheduled to take place a few weeks prior to the June and December exams.
CISA Certified Information Systems Auditor The CISA certification was launched in 1978 and has become a globally accepted standard of achievement among information systems (IS) audit, control and security practitioners. It was the precursor to the CISM and follows the same structure. Closed book exams are held in June and December. Five years experience is required for certification though subject to certification and education waivers. This qualification specifically identifies those with the competency to conduct and interpret systematic information system audits.
CISSP Certified Information Security Professional The CISSP certification is governed by the International Information Systems Security Certifications Consortium (ISC)2 and has gained importance as a key component in the selection process for mid and senior level information security management positions.
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training
CISSP was the first security certification to be endorsed by American Standards Institute, ANSI. As well as passing a demanding examination, candidates for this credential must be able to demonstrate extensive security experience. You must have at least five full years of experience in information security (though there is a one year waiver for a relevant degree or other specified qualification). Your experience must cover two or more of these 10 (ISC) CISSP domains: Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal, Regulations, Investigations and Compliance Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security The CISSP exam is booked with (ISC)2. It is a closed book multiple choice paper with 250 questions. Up to six hours are available to complete the paper. The pass mark is 70%. Allow 6 weeks for papers to be marked. It is recommended that candidates attend a 5 day course which will cover the subject matter and prepare students for the exam.
ISMAS
The ISMAS certification is relatively new but is unique in that it is specifically aligned to ISO/IEC 27001. This is the international standard for Information Security which replaced BS 7799 and is achieving rapid global uptake. EXIN offers both Foundation and Advanced certification. The Foundation level provides an overview and is appropriate for those needing awareness of the topic. Advanced is for those who need to apply the principles. A third certification tier (Expert) with more complex exam and experience pre-requisites is under development. Those requiring this certification will typically attend a 5 day course which includes both Foundation and Advanced exams.
CISMP
The CISMP does also reference ISO/IEC 27001. It provides a base level of knowledge for individuals moving into a security or security related function. It also offers the opportunity for IT security managers to enhance or refresh their knowledge.
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training
Candidates must have a minimum of twelve months experience in IT; six months of this experience must have been in a security control activity. The certification is described as Foundation by ISEB. It is true that it is relevant to new entrants but equally there is a wide range of knowledge expected. This qualification is probably better recognised in the UK than internationally. The exam is a two hour, 100 question, multiple choice paper with pass mark of 65%. The exam is typically taken on the final day of a 5 day instructor led training course.
Security+
Security+ is one of a series of specialist certifications offered by CompTIA. It is an international, vendor-neutral certification that proves competency in system security, network infrastructure, access control and organizational security. Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years of technical networking experience, with an emphasis on security. The CompTIA Network+ certification is also recommended. The exam is a 90-minute, 100 question multiple choice paper available at Prometric and Pearson Vue test centres. The pass mark is 750 on a scale of 100-900.
CEH
The CEH certification has achieved rapid international recognition because it is unique in recognising those individuals who command the skills, expertise and trust to test the integrity of the latest web based systems. The definition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a Hacker. To prepare for the exam students attend an intensive 5 day class where they learn to think like a hacker. The class will immerse the students into a hands on environment where they will scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. This course prepares you for EC-Council Certified Ethical Hacker exam. The four hour examination consists of 150 multiple choice questions. The exam can be taken at Pearson Vue and Prometric test centres. The pass mark is 70%.
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training
* ** ***
This is for outline guidance only. Focus would be pleased to advise on your specific requirements.
Focus on Training
Web: www.focus-on-training.co.uk
ITIL and PRINCE2 are Trade Marks of the Office of Government Commerce 2010 Focus on Training