Why so much hype? Security professional?
Computer security is one of the most fascinating & interesting technology fields currently in existence. Now that computers are used in every area in our life and will presumably become a necessity in almost all things, formidable protection of private data requires educated experts. Information Security Professionals and related career specialties are considered one of the fastest growing and highest paid technology occupations according to a number of sources.
The salary ranges herein are the United States national averages for May 2008 courtesy of Salary.com. These figures are climbing rapidly as the demand for Infosec professionals rise. Also note that the sector of industry has a major impact on IT salaries.
Below is some of the certification that you have to look out for if you would like to pursue your career in this field.
- CISSP
- CISM
- CISA
- Other Certifications
CISSP® – Certified Information Systems Security Professional – The Certification That Inspires Utmost Confidence
If you plan to build a career in information security – one of today’s most visible professions – and if you have at least five full years of experience in information security, then the CISSP® credential should be your next career goal.The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Standards Organization) Standard 17024:2003. CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement.
For your CISSP credential, your professional experience has to be in two or more of these 10 (ISC)² CISSP domains:
- Access Control
- Application Development Security
- Business Continuity and Disaster Recovery Planning
- Cryptography
- Information Security Governance and Risk Management
- Legal, Regulations, Investigations and Compliance
- Operations Security
- Physical (Environmental) Security
- Security Architecture and Design
- Telecommunications and Network Security
Whatever you want to know about CISSP – Follow this link – http://www.cccure.org/flash/intro/player.html
What the papers say?
“The CISSP certification long ago made the gold standard, but infosec execs are now wisely adding the new CISM certification. Why the push? The advanced-level CISM better addresses the interdependency between business needs and IT security by focusing on risk management and security organizational issues.”
– David Foote, Foote Partners, LLC, SC Magazine, July 2005
CISM:
Source: www.isaca.org
Certified Information Security Manager (CISM) is a certification for information security managers awarded by the Information Systems Audit and Control Association (ISACA). To gain the certifications, individuals must pass a written examination and have at least five years of information security experience with a minimum three years of information security management work experience in particular fields.
The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.
The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance.
The CISM certification tends to be sought after by both CISA and CISSP certification communities. ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives.
In principle, the CISM certification is related in nature to the Information Systems Security Management Professional certification from the International Information Systems Security Certification Consortium.
Links to explore:
- http://www.isc2.org/cissp/default.aspx
- http://www.isaca.org/template.cfm?section=home
- http://www.isaca.org/Template.cfm?Section=CISM_Certification&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=16&ContentID=7513
CISA:
The CISA designation is awarded to those individuals with an interest in Information Systems auditing, control, and security who have met and continue to meet the following requirements regarding:
- Successful completion of the CISA examination
- Information systems auditing, control or security experience
- Adherence to the Code of Professional Ethics
- Adherence to the continuing professional education program
- Compliance with the Information Systems Auditing Standards
Prologue by the providers –
“The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it. Since 1978, the Certified Information Systems Auditor (CISA) program, sponsored by ISACA® has been the globally accepted standard of achievement among information systems (IS) audit, control and security professionals.”
External Link:
http://www.isaca.org/Template.cfm?Section=CISA_Certification&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=16&ContentID=4526
How to become a CISA
ISACA has stipulated the following guidelines for getting the CISA designation. Remember, passing the examination is just the first step.
1. Successful completion of the CISA examination.
The CISA exam is offered annually during the months of June and December.. So the next examination is scheduled for 12 December 2009.The examination consists of 200 multiple choice questions to be answered within four hours. The passing score is 75 percent, which means that if you pass the exam, you have scored marks, which put you in the top 25%.
2. Information systems auditing, control or security experience.
You need to have five years of IS audit experience, with waivers of up to two years given, based on auditing experience, graduate degree or teaching experience in a related field. This experience could even be gained after passing the examination.
3. Adherence to the Code of Professional Ethics.
ISACA has formulated the Code of Professional Ethics. You must read and abide by the same.
4. Adherence to the continuing professional education program.
You have to ensure that you are keeping your knowledge up-to-date by clocking 120 hours in three years in acquiring the knowledge by means of attending lectures, giving lectures or doing work for the ISACA local chapter.
5. Compliance with the Information Systems Auditing Standards.
You have to adhere to the IS Audit Standards as promulgated by ISACA.
Apart from these, you have also to pay various fees like membership fees, certification fees, local chapter fees and the examination fees. All these details are available on the website, www.isaca.org.
Other certifications involve like CISCO CCSP which is also an advanced level certification.
CCSP – The Golden Egg of CISCO
SYNOPSIS
Cisco’s CCSP (Cisco Certified Security Professional) is an advanced-level certification for IT professionals who are actively involved in developing business solutions and designing and delivering multiple levels of security departments. These individuals typically are responsible for designing and implementing Cisco secure networks. Either the CCNA (Cisco Certified Network Associate) or CCIP (Cisco Certified Internetwork Specialist) is a prerequisite for the CCSP.
The CCSP was established in 2002 and has been most recently changed in the spring of 2003 when its underlying required exams were updated. A candidate must pass five exams in order to achieve the CCSP designation. The CCSP is valid for three years. To recertify, take and pass the current version of appropriate security exams.
Why, the Golden egg?
Until recently I found that the CCSP is the golden egg when it comes to all CISCO certifications. Now days the need for security professional are many fold the actual need a year before. A Cisco Certified Security Professional (CCSP) is required by an organisation, which is in the process of expanding its computer network and thus, require adding enhanced security parameters to the network. This will help the organisation to tackle different types of security threats. And as I mentioned before with most of the businesses adopting high-end technology the demand for CCSP professionals has increased many folds. Also since the supply is lesser than the demand, a CCSP pro is getting an average salary around 50,000$ per month.
The Institutes
With increasing demand of these professionals, the institutes providing CCSP training courses have also increased in number. The growing numbers has no doubt provided a freedom of choice but has also led to confusion among aspirants. Here are important points you must learn about these courses.
The CCSP training curriculum emphasizes:
- Cisco Router IOS (ISR) and Catalyst Switch security features
- Adaptive Security Appliance (ASA)
- secure VPN connectivity
- Intrusion Prevention Systems (IPS)
- Cisco Security Agent (CSA)
- Security Enterprise and Device Management
- Network Admission Control (NAC)
Techniques to optimize these technologies in a single, integrated network security solution are also included. In addition, CCSP leverages the new CCNA Security certification as a prerequisite.
Advantages of CCSP Training Courses
There are many advantages of getting enrolled with CCSP training courses, rather than buying self-study materials. The lab activities, query solving, assessments, hand-on knowledge gaining and many other benefits are associated with these courses. One can get familiar with techniques of maintaining network security by joining these Cisco security training courses.
What do you learn
By participating in CCSP training courses, you can learn various aspects of network security and at the same time learn the tips and tracks of passing the exam with good grades. You can get familiar with various security aspects like control of intrusions, installation of secure virtual private networks and similar components, required for making the organization functioning smoother than before. These courses teach the individuals to detect security threats and handle them with perfection, without letting them harm the network integrity in any way.
CCSP training courses are helpful in many ways, provided you join the best destination for these courses. You can easily assess an institute on the basis of lab equipments, proficiency of instructors, prices offered and its reputation.
CISCO’s definition of CCSP: CCSP Certification
Cisco Certified Security Professional (CCSP®) validates advanced knowledge and skills required to secure Cisco networks. With a CCSP certification, a network professional demonstrates the skills required to secure and manage network infrastructures to protect productivity, mitigate threats, and reduce costs. The CCSP curriculum emphasizes Cisco Router IOS (ISR) and Catalyst Switch security features, Adaptive Security Appliance (ASA), secure VPN connectivity, Intrusion Prevention Systems (IPS), Cisco Security Agent (CSA), Security Enterprise and Device Management, Network Admission Control (NAC) as well as techniques to optimize these technologies in a single, integrated network security solution. In addition, CCSP leverages the new CCNA Security certification as a prerequisite.
CCSP VS CISSP –
Somewhere I found people confusing with these both certifications. Firstly CCSP is Cisco Certified Security Professional conducted by Cisco and CISSP is Certified Internet Security Specialist conducted by IC2. Both CCSP and CISSP are not for beginner level. You need to have industry experience in Networking Security to write those exams. CCSP (consists of 5 papers) need 2 years experience and CISSP (1 paper) needs 4 years of exp.
One common thing they are both Advanced Level Examinations.
Conclusion: These certifications are an indicative list only; apart from this for getting a good job you need good perseverance, hard work, smart personality and several other factors. Remember that a certification is not a substitute for Higher education, you can always do your masters in information Security from Indian and foreign university.
Wish you all the best in your career in information security!!
External Sources: www.cisco.com
Compiled by ,
Gobind.V
Business Development Manager
Tête à Tête