IT'S A FUNNY THING ABOUT OFFICIAL CERTIFICATES
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
IT’S A FUNNY
THING ABOUT
OFFICIAL
CERTIFICATES
1
THIS ONE PROVES YOU'RE HERE. 2
THIS ONE SHOWS YOU'VE ARRIVED.
3
FROM GRADUATION
TO RETIREMENT,
(ISC) FAST TRACKS
2
®
CAREERS IN
INFORMATION
SECURITY.Secure your lifelong career in a field that knows Not to mention a prestigious title to help you on your
no bounds: information security. As a member way up the information security ladder no matter
of (ISC)2®, you’ll have access to the latest trends, which specialty you choose to pursue within the (ISC)2
in-depth, ongoing education and of course, a suite of career path.
unsurpassed certifications that represents tangible
proof of your expertise. Ultimately, it’s people who safeguard information.
And we’re the people who ensure your competency
(ISC)2 has carefully formulated a program for security and job competitiveness. So read on; determine where
professionals at every level. We are the only not- you fit; and let us help you develop the best course
for-profit, globally recognized consortium equipped to of action, hand-picked from a suite of highly-regarded
deliver an unsurpassed package unavailable elsewhere. (ISC)2 credentials.
A unique blend of advanced education, rigorous
testing, specialized concentrations... and the kind of In the ever-changing field of information security,
member support that keeps you at the forefront of merely keeping up is not an option. Anticipating future
today’s volatile information security industry. challenges and combating them adeptly requires
intense education and world-class certification by the
This is not about keystroke training – it’s about number one name in information security: (ISC)2 –
knowledge plus ethics, leadership and industry respect the quintessential over-achiever, just like those who
that comes with being part of the (ISC)2 family. With choose to join us.
an independent, non-affiliated vendor-neutral program
driven by the (ISC)2 CBK®, you have a global taxonomy Indeed, the standards are high…exceeded only by
of information security topics backing your career. the rewards.
5How a Career in Information
Security Measures Up
Average Base Salary
Information Security VP / Director - $147,504
Web Security Manager - $121,504
Information Security Manager - $117,662
Sr. Information Security Analyst - $92,336
Information Security Analyst - $80,683
Sr. Security Administrator - $78,411
Security Administrator - $70,480
Source: Foote Partners LLC (www.footepartners.com). IT Professional Salary Survey, 2nd Quarter 2008 U.S. edition. Survey of 80,000 IT professionals.
**Average Base Salary - U.S. (64 cities, 1,960 employers)
In addition to IT proficiency, knowledge of management best practices, communication skills, and
6 experience with policy, processes, and personnel are essential to a successful information security career.The Associate of (ISC) 2®
Bolstering Knowledge with Experience
It takes years of practical work experience to prove your competence in the field of
information security. Our credentials are based on a combination of experience, knowledge,
education and ethics. If you are a student considering moving into the field of information
security, or just starting out in the IS workforce, you are eligible to become an Associate
of (ISC)2 . By aligning yourself with the first name in information security, you’re jumping
ahead of thousands of others vying for solid positions in the early stages of their careers. In
addition to having an understanding of key information security concepts, you’ll be exposed
to the rigors of the profession while you accumulate the work experience needed for full
credential certification.
The Associate of (ISC)2 status is available to qualified candidates who:
• Subscribe to the (ISC)2 Code of Ethics
• Pass the CISSP ®, CAP ®, or SSCP ® certification exams based on the (ISC)2 CBK®,
our taxonomy of information security topics
Additionally, Associates can take advantage of the complete suite of (ISC)2 support: forums,
communications, peer networking and other educational opportunities to help you build the
discipline and structure needed to advance in the field.
Being an information security professional is a
complex job. You not only need technical skills,
but the ability to understand the big picture on
protecting information in a business context. Name: Chris Walker
Fortunately, it’s an immensely rewarding career
with unlimited possibilities with a partner Age: 23
like (ISC)2 .
Profession: Pounding the pavement for
For more information on the Associate of work in the information security field.
(ISC)2 , visit www.isc2.org/associate.
Goals: After taking the SSCP exam, Chris can
get an Associate of (ISC)2 status and
hopefully move out of his parents’ place.
Hobbies: Bungee Jumping 7The SSCP Certification ®
Where Sheer Ability Shines Through
The Systems Security Certified Practitioner (SSCP) credential is for tacticians with an implementation orientation – the go-
getters, the action-oriented, hands-on problem-solvers of the industry. Think of the SSCP as your chance to truly demonstrate
your competency in a highly visible way, which allows individuals to get ahead from positions such as:
• Senior Network Security Engineers
• Senior Security Systems Analysts
• Senior Security Administrators
Other non-security disciplines that require an understanding of and have a corporate responsibility for securing information
assets, will also benefit from the SSCP certification. People who have responsibility for application programming, system, network
and database administration; business unit representatives and systems analysts. In reality, the SSCP designation is viewed as an
in-depth education in information security. To attain the SSCP, you must:
• Possess one year of relevant information security • Pass the SSCP certification examination based on
experience in one or more of the seven domains the (ISC)2 CBK
of the (ISC)2® SSCP CBK®, our taxonomy of • Complete the endorsement process
information security topics
• Subscribe to the (ISC)2 Code of Ethics
Two Steps to Lasting Results
To attain an SSCP, a candidate must successfully complete two separate processes: examination and certification.You’ll be notified
once you have successfully passed the SSCP exam, and will be required to have your application endorsed by an (ISC)2 credential
holder. If an (ISC)2 credential holder is not available, you will need to contact an (ISC)2 regional office to request assistance with
this endorsement process.
What the SSCP Certification Brings to Information Security Professionals:
• Ongoing educational opportunities worth valuable • Sought-after job opportunities
CPEs to maintain your certification in good standing • Specialized credentials supporting distinct industry and
• Insider peer networking and industry communication professional needs
• Invaluable forums and a variety of frequent, relevant events • Speaking and volunteer opportunities
8The Seven SSCP® CBK® Domains
Applicants must have a minimum of one year of direct full-time relevant work experience and focus
on one of the seven domains of the (ISC)2® SSCP CBK:
• Access Controls • Networks and Communications
• Cryptography • Risk, Response and Recovery
• Malicious Code and Activity • Security Operations and Administration
• Monitoring and Analysis
SSCP CBK Review Seminars
(ISC)2 offers 3-day SSCP CBK Review Seminars that help candidates hone their knowledge of
information security. These classroom-based events are held worldwide on a regular basis, featuring
the latest information security-related developments and topics:
• Comprehensive, high-level study of all • (ISC)2 Authorized Instructors, unsurpassed
domains of the (ISC)2 SSCP CBK in teaching the seven CBK domains
• Post-seminar self assessments with real-world • Outlining the spectrum of understanding
examples of the rigorous (ISC)2 examination that distinguishes a certified IT security
experience, identifying areas where you practitioner
require additional study
For more information or to register for the SSCP Review Seminars and/or Exam,
visit www.isc2.org/sscp.
Name: Kara Patel, SSCP
Age: 30
Profession: Network Security Administrator
Goal: Having just passed the
(ISC)2 SSCP, Kara is intent
upon implementing her new
credentials (and someday
maybe even taking over
her boss’s job!).
Hobbies: Equestrienne 9The CAP Certification ®
A Road Map to U.S. Government Guidelines
Today, organizations must hire qualified information systems certification and accreditation personnel to assess and manage
the risks of security threats to information systems – especially in the U.S. Government. To address this critical need, the U.S.
Department of State’s Office of Information Assurance has collaborated with (ISC)2® to develop the CAP — a credential for
the information systems security certification and accreditation professional.
The CAP certification is an objective measure of the knowledge, skills and abilities required by professionals who assess risk
and establish security parameters to offset potential risk. It ensures that both employer and practitioner are equipped to build
the most impenetrable infrastructure possible; to monitor changing security requirements; and to anticipate emerging threats
as they happen.
The CAP credential allows information assurance professionals to carve out their own special niche. Combined with the
fulfillment of (ISC)2’s Continuing Professional Education (CPE) requirements, this certification ensures that you’ll get the job
done. And then some.
What the CAP Certification Brings to Information Security Professionals:
• Ongoing educational opportunities worth valuable CPEs to maintain your certification in good standing
• Insider peer networking and industry communication
• Invaluable forums and a variety of frequent, relevant events
• Sought-after job opportunities
• Specialized credentials supporting distinct industry and professional needs
• Speaking and volunteer opportunities
• Dramatically advances careers as the number one information systems security certification and accreditation expert
• Objectively evaluates competence and skill, leading to potential increased future earning potential
• Works as a distinct career differentiator
• Confirms your knowledge of the “taxonomy of information security topics” set by (ISC)2 and NIST guidelines
• Provides a network of global and CAP domain experts at your fingertips
10The Five CAP® CBK® Domains
The CAP exam tests the breadth and depth of a candidate’s qualifications by focusing on the five
domains of the (ISC)2® CISSP CBK:
• Understand the Purpose of Certification and Accreditation
• Initiate the C&A Process
• Perform Certification Phase
• Understand Accreditation Phase
• Perform Continuous Monitoring
CAP CBK Review Seminars
We offer CBK Review Seminars developed by subject matter experts and delivered by authorized (ISC)2
instructors to thoroughly refresh your information systems certification and accreditation knowledge. In
one 8-hour session, you’ll emerge with a full appreciation of the CAP knowledge areas and requirements.
As a bonus, all educational materials are included in the cost of the seminar.
For more information or to register for the CAP Review Seminars and/or Exam, visit www.isc2.org/cap.
Name: Anna Thompson, CAP
Age: 42
Profession: Network Security Engineer
Goals: Having just passed the CAP,
Anna is determined to work her way up
the government ladder, combining her
practical, on-the-job experience with
(ISC)2 credentials to attain the highest
level possible.
Hobbies: Shoe-shopping 11The CISSP Certification ®
Attaining and Maintaining the International Gold Standard
As the first credential accredited by ANSI/ISO/IEC Standard 17024:2003 in the field of information security, the Certified
Information Systems Security Professional (CISSP) is the premier credential. It provides an independent and objective tool to
demonstrate a globally recognized level of competence. The CISSP allows knowledgeable and accomplished mid- and senior-level
managers who are working toward or have already attained positions such as CISO, CSO, or Senior Security Engineer/Officers
to distinguish themselves with a credential that commands international respect. The CISSP is available only to those qualified
candidates who:
• Possess five cumulative years of relevant information security experience in two or more of the 10 domains listed in the
(ISC)2® CISSP CBK®
• Subscribe to the (ISC)2 Code of Ethics
• Pass the CISSP certification examination based on the (ISC)2 CISSP CBK
• Complete the endorsement process
What the CISSP Certification Brings to Information Security Professionals:
• Ongoing educational opportunities worth valuable • Specialized credentials supporting distinct industry
CPEs to maintain your certification in good standing and professional needs
• Insider peer networking and industry communication • Speaking and volunteer opportunities
• Invaluable forums and a variety of frequent, relevant events • Advanced CISSP Concentrations in areas of
• Sought-after job opportunities tactical specializations
A Framework of Credibility Within 10 Domains
(ISC)2 works to ensure that anyone holding the CISSP possess thorough and current knowledge of the profession. For this
reason, the CISSP examination rigorously tests the breadth and depth of a candidate’s qualifications against the 10 information
security domains of the (ISC)2 CISSP CBK:
• Access Control • Legal, Regulations, Investigations and Compliance
• Application Development Security • Operations Security
• Business Continuity and Disaster Recovery Planning • Physical (Environmental) Security
• Cryptography • Security Architecture and Design
• Information Security Governance and Risk Management • Telecommunications and Network Security
12CISSP® CBK® Review Seminars
(ISC)2® offers 5-day CISSP CBK Review Seminars worldwide on a regular basis to provide an objective
measure of competence in the ten domains of the CISSP CBK. These classroom and online events
feature the latest, up-to-date information security-related developments and topics:
• Comprehensive, high-level study of all domains of the (ISC)2 CISSP CBK
• Post-seminar self assessments that provide real-world examples of the rigorous (ISC)2
examination experience, identifying areas requiring additional study
• (ISC)2 Authorized Instructors, thoroughly versed in the 10 CBK domains
• Survey the spectrum of understanding that distinguishes a certified information security
professional
For more information or to register for the CISSP Review Seminars and/or Exam,
visit www.isc2.org/cissp.
CISSP® and Beyond
Read on and discover the disciplines most in demand in the evolving information security industry.
Name: Vincent Houston, CISSP
Age: 51
Profession: Senior Security
Systems Analyst
Goals: Maintaining his good status as
an (ISC)2 member by accumulating CPEs;
inspiring those under him, and keeping
current on the latest information security
developments worldwide.
Hobbies: Sports Fiend 13CISSP Concentrations®
The Apex of a Career in Information Security
After you have become established in your career and acquired CISSP certification, you may be asking yourself, what next?
Do you want to investigate senior positions within a larger enterprise? Does this type of career move demand a higher degree
of specialization in a particular field? Or do you simply have a passion for knowledge of information security? Are there spheres
of the profession where you would like to gain greater experience? If these questions have crossed your mind, you should
probably be thinking about CISSP Concentrations: ISSAP®, ISSEP® and ISSMP®.
For experienced information security professionals with valid CISSP credentials, attaining an (ISC)2® Concentration raises your
knowledge of information security to expert level. Plus, you get all the respect and prestige that goes with it.
CISSP-ISSAP®
Information Systems Security Architecture Professional
CISSP-ISSAP understands the technical limitations and the need to run security as a project and that an effective security program
requires careful planning, design, monitoring and implementation of technologies.
CISSP-ISSAP Requirements: The six domains of the CISSP-ISSAP CBK® are:
• Be a CISSP in good standing • Access Control Systems and Methodology
• Pass the CISSP-ISSAP examination • Communications & Network Security
• Demonstrate two years of professional experience in • Cryptography
the area of architecture • Security Architecture Analysis
• Maintain the appropriate CPE requirements • Technology Related Business Continuity Planning (BCP) &
Disaster Recovery Planning (DRP)
• Physical Security Considerations
CISSP-ISSEP®
Information Systems Security Engineering Professional
Developed in conjunction with the U.S. National Security Agency (NSA), CISSP-ISSEP is a very valuable tool for any systems
security engineering professional and is the guide for the incorporation of security into projects, applications, business processes
and all information systems.
CISSP-ISSEP Requirements: The four domains of the CISSP-ISSEP CBK are:
• Be a CISSP in good standing • Systems Security Engineering
• Pass the CISSP-ISSEP examination • Certification and Accreditation (C&A)
• Maintain the appropriate CPE requirements • Technical Management
14 • U.S. Government Information Assurance (IA) Governance
(e.g., laws, regulations, policies, guidelines, standards)CISSP®-ISSMP®
Information Systems Security Management Professional
CISSP-ISSMP looks at a larger enterprise model of security and management. It contains more managerial elements such as project
management, risk management, setting up and delivering a security awareness program and managing a Business Continuity Planning
program. An CISSP-ISSMP must demonstrate an understanding of business and the relationships between technology, security and
business objectives.
CISSP-ISSMP Requirements: The five domains of the CISSP-ISSMP CBK® are:
• Be a CISSP in good standing • Security Management Practices
• Pass the CISSP-ISSMP examination • Systems Development Security
• Demonstrate two years of professional experience in the • Security Compliance Management
area of management • Understand Business Continuity Planning (BCP) & Disaster
• Maintain the appropriate CPE requirements Recovery Planning (DRP)
• Law, Investigation, Forensics and Ethics
Proven Expertise of Specialized Capabilities
A CISSP Concentration allows credentialed information security professionals to demonstrate a rigorous, acquired
knowledge of select CBK® domains. Passing a concentration examination shows proven capabilities and subject matter
expertise beyond that required for the CISSP or SSCP® credentials. From educating you for initial exams to ensuring
updated skills and continued success, (ISC)2® offers you a full range of support for your success including many other
invaluable opportunities:
• Seminars combining high-level overviews with a focus on key topics
• Forums and industry advisory groups addressing developing industry concerns
• Communications discussing timely issues
• Additional educational opportunities and academic affiliations
• Specialized credentials for distinct industry, government
and professional areas
• Peer networking
For more information or to register for the CISSP Concentration
Review Seminars and/or Exam, visit www.isc2.org/concentrations.
Linda Westfield, CISSP-ISSMP
Cheryl Baker, CISSP-ISSAP
Mike Jones, CISSP-ISSEP 15Chart your way through excellence in the field of information security.
For the CISSP®-ISSAP® and CISSP-ISSMP®, candidates must
demonstrate 2 years of professional work experience in the area
of their concentration. This does not apply to the CISSP-ISSEP®.
For the CISSP certification, candidates must have 5 years of
experience in two or more of the domains of the CISSP CBK®.
For the CAP ® certification, candidates must have 2 years of
experience in information systems security certification and
accreditation.
For the SSCP ® certification, candidates must have 1 year of
experience in one of the domains of the SSCP CBK.
For the Associate of (ISC)2®, candidates must pass the CISSP,
CAP, or SSCP exam. After successfully completing the exam, the
candidate must earn the years of experience required for the
appropriate credential, then will be certified accordingly after
completing the endorsement process.
16 17
All (ISC)2 credentials are accredited to ANSI/ISO/IEC Standard 17024:2003.The Value of (ISC) 2®
Founded in 1989, the International Information Systems Security university. (ISC)² does not underestimate the importance of a formal
Certification Consortium, Inc. [(ISC)2], has certified over 60,000 education, in fact a Bachelor's Degree or higher from a recognized
information security professionals in over 138 countries. school provides a one-year waiver on the experience requirement for
the CISSP certification.
(ISC)2 is headquartered in Palm Harbor, Florida, USA, with offices in
Washington D.C., London, Hong Kong and Tokyo. Our credentials are To affirm our commitment to the ongoing research into the field
the Gold Standard in the industry, and the most recognizable and well of information security, (ISC)2 established the Information Security
respected in the world. Scholarship program. This program demonstrates (ISC)²’s dedication to
advancing the profession through education and research, and providing
CISSP® - Certified Information Systems Security Professional opportunities for information security professionals throughout
and related concentrations their careers. After all, keeping critical information infrastructures
CAP® - Certification and Accreditation Professional secure while maintaining confidentiality, integrity and accessibility is a
SSCP® - Systems Security Certified Practitioner worldwide problem that can not be solved by technology alone.
The CISSP and SSCP have become synonymous with excellence in In keeping with (ISC)2’s mission to support information security
information security around the globe. They’re also among the first professionals throughout the lifetime of their careers, we also offer an
information security credentials to meet the stringent requirements of entire portfolio of educational products and services based upon the
ANSI under ISO/IEC Standard 17024, a global benchmark for assessing (ISC)2 CBK® – a global taxonomy of information security topics. To
personnel certification programs. The CAP was created specifically for ensure that we keep abreast of developing trends in the information
government employees who perform information systems security security profession, we regularly sponsor the (ISC)2 Global Information
certification and accreditation (C&A) activities. Security Workforce Study, which reveals invaluable trends and success
factors to help you stay at the forefront of the field.
Within the academic community, (ISC)² works in cooperation with
educational institutions throughout the world to provide programs that For complete information about (ISC)2 , membership, certifications,
further the discipline and professionalism of the information systems concentrations, domains and education, please visit our Website at
security field. Each program is designed to meet the needs of the www.isc2.org.
student body and complement the existing curricula of the college or
18The Overall Benefits of
an (ISC)2 Membership ®
Advance your career as part of a globally recognized family of information security professionals.
With (ISC)2 , you’ll have access to our full spectrum of global resources. Industry newsletters and inside
informational activities; private forums and peer networking; mentoring and sponsoring; research and
teaching… a wealth of ongoing information security opportunities at your fingertips.
What’s more, as a member of (ISC)2 , you’re automatically eligible for deep discounts on valuable
information security textbooks, conference sessions, educational materials, industry publications and the
opportunity to earn valuable CPEs to maintain your credential in good standing.
Being a member of (ISC)2 says a lot about who you are, which is,
above all, a consummate professional in a world fraught with security
threats. Certification gives you the backing, the education, the
colleagues, the networking system and the power to face these
threats head on.
For more information on Member Benefits, please visit
www.isc2.org/advantages.
999
999
05/0
1/11
19The CBK ®
Starting From Square One
The (ISC)2® CBK is a taxonomy of topics recognized and accepted by information security professionals
around the world. It establishes a common framework of terms and principles which allows
information security practitioners everywhere to discuss, debate, and resolve matters pertaining to
The Path to a Well-rounded the profession.
Career in Information Security
(ISC)2 was established in part, to aggregate, standardize, and maintain a compendium of industry
knowledge. We pioneered the (ISC)2 CBK, which is the recognized authority of knowledge for both
global information security professionals and academic communities worldwide. Today, the CBK
provides a common ground for over 60,000 members.
Domains from (ISC)2 credentials are drawn from various topics within the CBK to assess a
candidate’s level of mastery of information security. The collective (ISC)2 CBK is updated annually
by the respective (ISC)2 CBK Committees to reflect the most current and relevant topics required
to practice in this field.
(ISC)2 CBK Review Seminars are designed to provide candidates with an overview of the many
topics within the domains which comprise each individual (ISC) 2 credential.
Please refer to www.isc2.org/cbk for additional information.
20Code of Ethics
Trust, Confidence and Professionalism
The (ISC)2® Code of Ethics
(ISC)2 certification is a privilege that must be earned and maintained. Strict adherence to, and public
compliance with the Code of Ethics is mandatory. Any infractions would be subject to a peer review
panel, which could result in the revocation of certification.
That said, only four canons comprise the (ISC)2 Code of Ethics. Applied consistently, they will allow you
to maintain the integrity required of every outstanding practitioner in the field. In resolving conflicts,
the Official Guidance Policy outlined below is advisory only -- compliance is neither necessary nor
sufficient for ethical conduct. In truth, good personal and professional judgment is the real guide to
the ethical practice of information security, and a characteristic common to (ISC)2 members in good
standing worldwide.
(ISC)2 Members Adhere to the Highest Ethical Standards of Behavior:
• Protect society, the commonwealth, and the infrastructure by promoting and preserving public trust
and confidence in information systems.
• Act honorably, honestly, justly, responsibly, and legally by being truthful, objective and cautious when
conducting business contracts and agreements, or providing advice.
• Provide diligent and competent service to principals by preserving the value of systems, applications
and information, and respecting established trust and granted privileges.
• Advance and protect the profession by continuing professional education and donating time and
knowledge in training others.
For a complete and detailed discussion of the (ISC)2 Code of Ethics, please refer to
www.isc2.org/ethics.
21Technology alone cannot protect sensitive global information. Security threats cannot be countered with a keyboard. And no amount of software will ever be as powerful as the people behind it. For these reasons, (ISC)2 concentrates on the “people” part of the equation. Considering the hours of education, testing, refreshing and learning brand new security trends, (ISC)2 credentials are invaluable to the information security professional. Employers who demand qualified information security staff to give their organizations a leading edge need only look for an (ISC)2 certification on your resume. It’s the mark of safety, security and competence top employers seek in a candidate.
23
Regional Offices:
(ISC)2 Corporate (ISC)2 EMEA
33920 U.S. Highway 19 North Winchester House
Suite 205 259-269 Old Marylebone Road
Palm Harbor, Florida 34684 London NW1 5RA
Phone: +1.727.785.0189 United Kingdom
Fax: +1.727.786.2989 Phone: +44 (0)207.170.4141
Fax: +44 (0)207.170.4139
(ISC)2 Education
1964 Gallows Road (ISC)2 Asia-Pacific
Suite 210 Unit A, 10/F, BOCG Insurance Tower
Vienna,Virginia 22182 No. 134–136 Des Voeux Road Central
Phone: +1.866.462.4777 or Hong Kong
+1.703.891.6781 Phone: +852.8226.7798
Fax: +1.703.356.7977 Fax: +852.8226.7723 or 2850.6959
(ISC)2 Services (ISC)2 Japan
33920 U.S. Highway 19 North Kamiyacho Prime Place3FL 4-1-17
Suite 205 Toranomon Minato-ku
Palm Harbor, Florida 34684 Tokyo 105-0001 Japan
Phone: +1.888.331.4722 or Phone: +81.3.6311.8800
+1.727.785.0189 Fax: +81.3.6311.8801
Fax: +1.727.683.0157
Copyright 2009 (ISC)2, Inc
All rights reserved. All contents of this brochure constitute the property of (ISC)2, Inc.
All marks are the property of the International Information Systems Security Certification Consortium, Inc.
Printed on recycled paper.
(10/09)eYou can also read
