 SECURITY
CERTIFICATIONS
Information security is increasingly becoming a critical
business function and in many organisations is represented at senior management
and director level. There are a number of certification programmes available
to those aspiring to reach the higher echelons of the information security
profession.
The certification schemes available recognise higher
level technical or managerial skills. The most general programme is the
CISSP award. Others such as CISM and CISA address
the requirments of security managers and auditors. In the technical domain,
the most rigorous programme is the GIAC award. The CISSP
programme is the most well established.
The professional certification schemes are administered
by a handful of industry bodies and tend to be viewed as largely complementary
to each other. In January 2006, the Institute for Information
Security Professionals (IISP) launched with a mission to offer a unified
standardisation effort. The IISP is intended to support a simple and consistent
framework of training and certifcation, working close co-operation with
the existing standards bodies.
CISSP
The qualification of Certified Information Systems Security
Professional (CISSP) was created in 1989. It was established by
the US-based International Information Systems Security Certification
Consortium (ISC)2. It is the most popular and well known security certification.
The CISSP study programme gives a broad overview of information
security. Certificationis by way of a multiple choice examination that
covers 10 subject areas, including 'Cryptology', 'Law, Investigation and
Ethics'.
Members have to maintain their accreditation by undertaking
Continual Professional Education. More information can be found at www.cissps.com
and www.isc2.org.
CISM
The Certified Information Security Manager (CISM)
programme is intended to recognise those with the technical and managerial
abilities to oversee an enterprise wide information security system. Individuals
in such a role require an understanding of business goals and IT strategies,
as well as the ability to define sensible security policies, acceptable
usage policies for the use of email and Internet, and the configuration
of the organisations firewall.
The CISM certification is for the individual
who manages, designs, oversees and/or assesses an enterprise’s information
security (IS). The CISM certification promotes international practices
and provides executive management with assurance that those earning the
designation have the required experience and knowledge to provide effective
security management and consulting services.
The CISM certification is administered by the
US based Information Systems Audit and Control Association (ISACA). More
information can be found at www.isaca.org.
CISA
The Certified Information Security Auditor (CISA)
award recognises practioners who can audit an organisation's security
policies and practices.
With a growing demand for professionals possessing IS
audit, control and security skills, CISA has become a preferred
certification program by individuals and organizations around the world.
CISA certification signifies commitment to serving an organisation
and the IS audit, control and security industry.
More information can be found at www.isaca.org.
GIAC
The Global Information Assurance Certification (GIAC)
was founded in 1999. The programme operates in conjunction with training
courses from the SANS institute. It addresses the skills required by technical
specialists. The programme includes Intrusion Detection, Incident Handling,
Firewalls and Perimeter Protection, Forensics and Hacker Techniques.
The exams have to be re-taken every two to four years,
depending upon the type of certification. More information can be found
at www.giac.org.
|
