‘Information security’ briefly is that branch of study that deals with securing data and identifying weaknesses in systems and sealing them. Anti-virus software, firewalls are simple aspects of ‘Information security’ that we use unknowingly. There are a number of Information security certifications and we will review some of them here:
The CISSP certification is the gold standard in the Information security space. However, it is NOT an entry level certification. It is organized by the International Information System Security Certification Consortium, also known as (ISC)². It is for professionals who can demonstrate 5 years of full time work experience in two or more of the domains listed below:
• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management (IAM)
• Security Assessment and Testing
• Security Operations
• Software Development Security
The Associate of (ISC)² certification is for professionals who do not have the required 5 years work experience but can demonstrate the same within 6 years time. For more information about the CISSP certification please visit: https://www.isc2.org/Certifications/CISSP
CISM is ‘Certified Information Security Manager’. It is organized by ISACA( Information Systems Audit and Control Association) It is for managers who lead and manage information security programs within their organization. This is not an entry level certification too. The CISM demands 5 years experience in information security management.
The exam has 150 questions with a time limit of 4 hours. The questions are based on the following domains:
Domain 1—Information Security Governance (24%)
Domain 2—Information Risk Management (30%)
Domain 3—Information Security Program Development and Management (27%)
Domain 4—Information Security Incident Management (19%)
The cost of the exam is $575 for ISACA members and $760 for non-ISACA members. For more information about the CISM certification please visit: http://www.isaca.org/certification/cism-certified-information-security-manager/pages/default.aspx
In addition, ISACA also conducts the CISA(Certified Information Systems auditor), CRISC (Certified in Risk and Information Systems Control),
and CGEIT (Certified in the Governance of Enterprise IT). For more information on each of these exams visit: http://www.isaca.org/cisa, http://www.isaca.org/crisc, http://www.isaca.org/cgeit
CEH is ‘Certified Ethical Hacker’ which is offered by EC-Council. The CEH is a professional who is skilled at identifying vulnerabilities and uses the same techniques as a hacker but in a legitimate way. The eligibility requirements for the CEH exam are as follows:
- 2 years of work experience in the Information security domain which will be verified. The fees if you are taking the exam with experience will be 100$(non-refundable verification fee) + 950$(exam voucher price)
- It is also possible to take the exam without the experience but by attending an official EC-Council training either at an Accredited Training Center or at an approved academic institution. The course is priced at 850$.
The exam has 125 questions with a time limit of 4 hours.
For more information about the CEH exam visit: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
These are just some of the certifications in the InfoSec domain. I will cover more certifications in subsequent posts.
This post is for alphabet ‘L’ for the Blogchatter challenge… the previous post is here