1 / 26

Security Certification

Security Certification. David Cass, CISSP, NSA-IAM. Why Security Certification. Professional validation of skills exposure to industry standards best practices baseline skills for a specific role. Why Security Certification. Internal & External Value Credible advice & support

noah-jordan
Download Presentation

Security Certification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Certification David Cass, CISSP, NSA-IAM

  2. Why Security Certification • Professional validation of skills • exposure to industry standards • best practices • baseline skills for a specific role

  3. Why Security Certification • Internal & External Value • Credible advice & support • Quality of work & productivity • Differentiation of your organization or group • Culture of excellence

  4. Why Security Certification • Certification: • Not a substitute for years of experience

  5. Which certifications are right for my organization? • Organizational Needs Assessment: • Roles & Responsibilities • Experience • Types of Infrastructure equipment supported

  6. Security Certifications • Classifications: • Benchmark • Wide recognition by professionals in all sectors • Advanced level • Prerequisite for many senior jobs • Foundation • Introductory certifications • One to four years of experience

  7. Security Certifications • Classifications: • Intermediate • 3 to 4 years of networking experience • 2 years of IT Security experience • Advanced • Expert level • Minimum of 4 years of IT Security experience

  8. Security Certifications • Vendor and Product Specific • Hardware/ software dependent • Range from intro to expert or advanced levels • Examples include: Cisco, Check Point, Symantec, Tivoli, Microsoft, and others

  9. Security Certifications • Benchmark certifications: • CISSP • isc2.org • Common Body of Knowledge • Access Control Systems and Methodology • Applications & Systems Development • Business Continuity Planning • Cryptography • Law, Investigation & Ethics

  10. Security Certifications • Benchmark: • CISSP • Common Body of Knowledge • Operations Security • Physical Security • Security Architecture & Models • Security Management Practices • Telecommunications, Network & Internet Security

  11. Security Certifications • Benchmark: • Certified Information Systems Auditor (CISA) • isaca.org • IT audit community • Covers: • Management, planning and organization of IS • Technical infrastructure and operational practices • Protection of Information Assets • Disaster Recovery and Business Continuity

  12. Security Certifications • Benchmark: • Certified Information Systems Auditor (CISA) • Covers: • Business Application Systems Development, Acquisition, Implementation and Maintenance • Business Process Evaluation and Risk Management • IS Audit Process

  13. Security Certifications • Foundation level: • Security+ • CompTIA • Focus on basic architecture, business, and products • Covers: • General Security Concepts • Communications Security • Infrastructure Security • Basics of Cryptography • Operational/Organizational Security

  14. Security Certifications • Foundation level: • TICSA Certified Security Associate by Trusecure • Network admins, and entry level audit personnel • Focus on architecture and products • Covers: • Security Practices and Procedures • Security Fundamentals • TCP/IP Networking Fundamentals • Firewall Management Fundamentals • Detection, Response & Recovery

  15. Security Certifications • Foundation level: • TICSA Certified Security Associate by Trusecure • Covers: • Administration & Maintenance Fundamentals • Design & Configuration Basics • Malicious Code Fundamentals • Law, Ethics, and Policy • Authentication Fundamentals • Cryptography Basics

  16. Security Certifications • Foundation level: • SANS • GIAC Security Essentials (GSEC) • Basic understanding of the CBK • Basic skills to incorporate good infosec practices • GIAC IT Security Audit Essentials • Developing audit checklists • Perform limited risk assessment

  17. Security Certifications • Foundation level: • SSCP (Systems Security Certified Practitioner) • isc2 • Covers: • Access Controls • Administration • Audit and Monitoring • Risk, Response, and Recovery • Cryptography • Data Communications • Malicious Code/Malware

  18. Security Certifications • Intermediate level: • National Security Agency Infosec Assessment Methodology • NSA-IAM • NSA process for identifying and correcting security weaknesses in information systems and networks • GIAC Systems and Network Auditor (GSNA) • Apply risk analysis techniques • Conduct technical audits

  19. Security Certifications • Intermediate level: • CIW Security Analyst Certification • Deployment of e-business transaction and payment security solutions • Implementing e-business security policies • GIAC Certified Windows Security Administrator (GCWN) • Secure and audit Windows systems • GIAC Certified UNIX Security Administrator (GCUX) • Secure and audit UNIX and Linux systems

  20. Security Certifications • Intermediate level: • GIAC Specializations • Firewall Analyst • Forensic Analyst • Incident Handler

  21. Security Certifications • Advanced level: • Certified Information Systems Security Professional (CISSP) • isc2: CBK • Additional concentrations: • Information Systems Security Engineering Professional • Information Systems Security Management Professional • Information Systems Security Architecture Professional

  22. Security Certifications • Advanced level: • Certified Information Systems Auditor • Information Systems Audit and Control Association • Globally accepted standard IS Audit and Control

  23. Security Certifications • Vendor Specific: • Cisco: • Cisco Certified Security Professional (Intermediate) • Cisco Certified Internetwork Expert Security (Advanced) • Check Point: • Check Point Certified Security Administrator (Foundation) • Check Point Certified Security Expert (Advanced)

  24. References & Resources • (isc)2 = International Information Systems Security Certifications Consortium, Inc. • https://www.isc2.org • Information Systems Audit and Control Association • http://www.isaca.org • SANS & Global Information Assurance Certification • http://www.giac.org/subject_certs.php • Certification Magazine • http://certmag.com

  25. References & Resources • CIW Certified • http://www.ciwcertified.com • Cisco • http://cisco.com • Check Point • http://checkpoint.com • CSO Magazine • http://csoonline.com

  26. The End • For Additional Information: • David.Cass.wt06@wharton.upenn.edu

More Related