In the past, the technology managers were more concerned with implementing strong password policy and felt that they were safe. Now-a-days, threats are coming in the form of identification theft, corporate espionage through weak doors, viruses that shut down corporate communication, hackers who can damage records – the list goes on. Certifications provide a way to expand and/or demonstrate professional expertise. The profession of information security has seen an increased demand for professionals who are experienced in network security auditing, penetration testing and digital forensics investigation. The increased demand for security professionals is one of the reasons why many of the highest paying technical certifications have a security focus. A wide variety of certifications are available in security and related disciplines.
Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by International Information Systems Security Certification Consortium also known as (ISC) ².The CISSP is a certification for information security professionals and for the purpose of recognizing individuals who have distinguished themselves as an experienced, knowledgeable and proficient information security practitioners. The CISSP certificate also provides a means of identifying those people who subscribe to a rigorous requirement for maintaining their knowledge and proficiency in the information security profession.
The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). Currently, the CISSP certification covers the following ten domains:
• Access Control
• Telecommunications and network security
• Information security governance and risk management
• Software development security
• Security architecture and design
• Operations security
• Business continuity and disaster recovery planning
• Legal, regulations, investigations and compliance
• Physical (environmental) security
Certification is awarded to those individuals who achieve a prescribed level of information security experience, comply with a professional code of ethics and pass a rigorous examination on the Common Body of Knowledge of information security. In order to maintain currency in the field, each CISSP must be recertified every three years by participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Common Body of Knowledge and service in professional organizations.
For Further Information: www.isc2.org/cissp/default.aspx
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is a certification for information security managers awarded by ISACA (formerly the Information Systems Audit and Control Association). Awarded by the Information Systems Audit and Control Association and a new certification and is specifically geared toward experienced information security professionals. CISM is business-oriented and focused on information risk management while addressing management, design and technical security issues at the conceptual level. It is for the individuals who must maintain a view of the big picture by managing, designing, overseeing and assessing an enterprise's information security.
The CISM requires demonstrated knowledge in four functional areas of information security. The updated current job practice analysis contains the following domains and percentages:
• Information Security Governance (24%)
• Information Risk Management and Compliance (33%)
• Information Security Program Development and Management (25%)
• Information Security Incident Management (18%)
The exam consists of 200 multiple-choice questions and is administered bi-annually in June and December during a four-hour session.
-Successfully complete the CISM Examination
-Adhere to the Information Systems Audit and Control Association's Code of Professional Ethics
-Submit verified evidence of a minimum of five (5) years of information security work experience, with a minimum of three (3) years of information security management work experience in three or more the CISM job practice areas
More information: www.isaca.org