Embed Size (px)
Citation preview
1© (ISC)2, 2002
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC.
Andreja Satran, (ISC)2 & ITIL Manager
qSTC - (ISC)2 Certified Partner
2© (ISC)2, 2002
(ISC)2, “INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC.”
*The International Standard for Information Security*
(INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC.)
Not-for-profit chartered in 1989 to provide an international standard for professional certification
Established to aggregate a Common Body of Knowledge (CBK), train, test and certify
Led by a Board of top IS professionals representing a broad cross-section of industries
Professionally managed with offices in the United States, Europe and Asia
ABOUT (ISC)2
3© (ISC)2, 2002
International Information Systems Security Certification Consortium, Inc. Partnership Relation
Palsit d.o.o. Nova Gorica, Uradni Promotional Partner for (ISC)2 v Sloveniji
QSTC Solutions Training Center
Uradni Certified Partner for (ISC)2
za države: Slovenija, Hrvaška, Srbija in Črno Gora in Turčija
4© (ISC)2, 2002
International Information Systems Security Certification Consortium, Inc.; Partnership Relation
Background and Authorization;
Founded in 1998 as business unit of computer systems reseller as Compaq Authorized Training Center/ CTEC for EMEA region
Hewlett-Packard Certified Training Center in EMEAHewlett-Packard Education Services Training Partner in EEMMicrosoft Certified Technical Education Centre MCTVeritas Authorized Training CenterAuthorized CAT& Prometric Partner(ISC)2 Certified Partner
5© (ISC)2, 2002
International Information Systems Security Certification Consortium, Inc.; Partnership Relation
Location: Ljubljana, Slovenia Serving Central and Eastern Europe2 classrooms, Storage Lab
Location: Johannesburg, South Africa
Serving Sub Sahara1classroom, Storage Lab
Location: Istanbul, Turkey Serving Middle East
2 classrooms, Storage Lab
Location: Belgrade, Serbia&Montenegro, Serving Middle East
2 classrooms, Storage Lab
6© (ISC)2, 2002
Why Get Certified?
Professional certification is a symbol of status and credibility in any profession.
The CISSP certification is a public acknowledgment that the professional has devoted himself or herself to the field of information security or a closely related field, and passed a rigorous examination that encompasses all major elements of the industry’s accepted and recognized information system security Common Body of Knowledge (CBK).
7© (ISC)2, 2002
Threats to Systems Today
Employee ErrorEmployee Error New TechnologyNew Technology- Wireless- Wireless
HackersHackersNew RegulationsNew Regulations
CustomerCustomerExpectationsExpectations
VendorsVendors
Increased ComplexityIncreased Complexity
8© (ISC)2, 2002
Source: The Economist, 2003
28% from 2000 to 200128% from 2000 to 200128% from 2000 to 200128% from 2000 to 2001
$4.7B to $6B revenue$4.7B to $6B revenue$4.7B to $6B revenue$4.7B to $6B revenue
116% from 2001 to 2005 ($13B)116% from 2001 to 2005 ($13B)116% from 2001 to 2005 ($13B)116% from 2001 to 2005 ($13B)
Job growth—75,000 unfilled US jobsJob growth—75,000 unfilled US jobsJob growth—75,000 unfilled US jobsJob growth—75,000 unfilled US jobs
IT Security Growth
9© (ISC)2, 2002
Filling the Need for Security
IT Security Professionals who Understand Vulnerabilities and Weaknesses
IT Security Policy Makers Who Can Develop Strategies to Mitigate Risk
Improved Security of IT Infrastructures through policies, standards, guidelines, and procedures
What Is Needed?
10© (ISC)2, 2002
(ISC)2 – CISSP, SSCP, ISSEP, ISSAP, ISSMP CPP – American Society for Industrial Security (ASIS) CompTIA – Security + Certified Internal Auditor, Institute of Internal Auditors ISACA – Certified Information Systems Auditor
– Certified Information Systems Manager (CISM) DRI – Certified Business Continuity Planner (CBCP)
Vendor Neutral Certifications
Certification Options
11© (ISC)2, 2002
Vendor Specific Certifications
Certification Options
• SCSE – Symantec Certified Security Practitioner
• CCSA – Checkpoint Certified Security Professional
• CCIE – Security – Cisco Certified Internetworking
Expert/Security
• RSA – RSA Certified Security Systems Engineer
12© (ISC)2, 2002
CERTIFICATION SELECTION
What makes (ISC)² certifications valuable?
– Industry Recognition
– International Common Body of Knowledge Integrity
– Longevity
– Prestigious constituency
– Certification must be maintained via Continuing Professional Education (CPE)
– Not for profit
13© (ISC)2, 2002
What is (ISC)2’s CBK based on ?? Who’s Standards ??
Q: Is (ISC)2’s Common Body of Knowledge (CBK) based primarily on U.S. government standards?
A: Initially, a few components of the CBK, upon which both training and the CISSP exam are based, featured U.S. law and standards. Beginning in 1998, (ISC)2 invested significant effort and resources to “internationalize” the CISSP certification by removing references to U.S. law and policy and incorporating international standards such as BS7799.
This effort was implemented by the international committee led by Corey Schou of Idaho State University in conjunction with numerous international security professionals.
14© (ISC)2, 2002
TYPES OF CERTIFICATION
Professional (CISSP) Practitioner (SSCP)
15© (ISC)2, 2002
(CISSP) CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL
Tailored for experienced information security professionals
Minimum three years cumulative experience in at least one of the 10 CBK domains
Undergraduate degree or life experience required(effective Jan.1 2003)
Subscribe to (ISC)2 Code of Ethics
Certification maintained through continuing education (CPE)
16© (ISC)2, 2002
CISSP Content
• Security Management
• Security Architecture• Access Control• Applications• Cryptography• Telecommunication
& Network Security
• Law Investigation & Ethics
• Business Continuity Planning
• Operations• Physical Security
17© (ISC)2, 2002
CISSP Examination
Format– 250 multiple choice questions
– Up to 6 hours to complete
Scheduling– Major Information Security
Conferences
– CBK Review Seminar Locations
– Hosted Events
18© (ISC)2, 2002
(SSCP) SYSTEMS SECURITY CERTIFIED PRACTITIONER
Tailored for systems security practitioners
Minimum one year cumulative work experience in at least one of the CBK domains
Subscribe to (ISC)2 Code of Ethics
Certification maintained through continuing education
19© (ISC)2, 2002
• Access Control
• Administration
• Audit and Monitoring
• Risk, Response and Recovery
• Cryptography
• Data Communications
• Malicious Code/Malware
SSCP Content
Security Transcends Technology
20© (ISC)2, 2002
Benefits for the Professional and Enterprise
21© (ISC)2, 2002
IT Business Requirements
Organizational/Business Requirements
Security must address the business requirements, not just a blanket where one
size fits all.
22© (ISC)2, 2002
BENEFITS TO THE ENTERPRISE
Knowledge of best practices
Solutions-orientation, not specializationBroad understanding of the CBK
The rigor and regimen adds to credibility
A business and technology orientation to risk management
Networking with global and domain experts (ISC)² certifications help reflect to your market that
your organization takes info-security seriously and also a properly and consistently trained IT professional staff
23© (ISC)2, 2002
Recent World-wide Statistics
Individuals tested for the CISSP, year to date: 4,311
188 events in 21 countries this year
Currently more than 15,000 CISSPs world-wide
Projected end of year CISSPs world-wide will total: 18,500
We have certified more people in April of this year than all of 1999
24© (ISC)2, 2002
International Information Systems Security Certification Consortium, Inc.; Partnership Relation
qSTC Partnership Suport;(ISC)2 promotion activity and events Organization the Seminars and Exam eventProvide suport to all Partners and Customers qSTC Registration suport sistemInvoicingHelp and inform all candidates with certification
Schedule for 2003;28.10.2003 Promotion Event – One day CISSP revue seminar 24.11.-28.11.2003 CISSP CBK seminar13.12.2003 Exam for CISSP and SSCPAll information on; www.qstc.com/isc2, tel.; 01 234 53 25
25© (ISC)2, 2002
QUESTIONS AND ANSWERS
Achieve the Highest Standard
For More Information: www.qstc.comwww.isc2.org
