Your SlideShare is downloading. ×
0
Security Certification David Cass, CISSP, NSA-IAM
Why Security Certification <ul><li>Professional validation of skills </li></ul><ul><li>exposure to industry standards </li...
Why Security Certification <ul><li>Internal & External Value </li></ul><ul><li>Credible advice & support </li></ul><ul><li...
Why Security Certification <ul><li>Certification: </li></ul><ul><li>Not a substitute for years of experience </li></ul>
Which certifications are right for my organization? <ul><li>Organizational Needs Assessment: </li></ul><ul><li>Roles & Res...
Security Certifications <ul><li>Classifications: </li></ul><ul><li>Benchmark </li></ul><ul><ul><ul><li>Wide recognition by...
Security Certifications <ul><li>Classifications: </li></ul><ul><ul><li>Intermediate </li></ul></ul><ul><ul><ul><li>3 to 4 ...
Security Certifications <ul><li>Vendor and Product Specific </li></ul><ul><ul><ul><li>Hardware/ software dependent </li></...
Security Certifications <ul><li>Benchmark certifications: </li></ul><ul><li>CISSP </li></ul><ul><ul><ul><li>isc2.org </li>...
Security Certifications <ul><li>Benchmark: </li></ul><ul><li>CISSP </li></ul><ul><ul><ul><li>Common Body of Knowledge </li...
Security Certifications <ul><li>Benchmark: </li></ul><ul><ul><li>Certified Information Systems Auditor (CISA) </li></ul></...
Security Certifications <ul><li>Benchmark: </li></ul><ul><ul><li>Certified Information Systems Auditor (CISA) </li></ul></...
Security Certifications <ul><li>Foundation level: </li></ul><ul><li>Security+ </li></ul><ul><ul><ul><li>CompTIA </li></ul>...
Security Certifications <ul><li>Foundation level: </li></ul><ul><li>TICSA Certified Security Associate by Trusecure </li><...
Security Certifications <ul><li>Foundation level: </li></ul><ul><li>TICSA Certified Security Associate by Trusecure </li><...
Security Certifications <ul><li>Foundation level: </li></ul><ul><li>SANS </li></ul><ul><li>GIAC Security Essentials (GSEC)...
Security Certifications <ul><li>Foundation level: </li></ul><ul><li>SSCP (Systems Security Certified Practitioner) </li></...
Security Certifications <ul><li>Intermediate level:  </li></ul><ul><li>National Security Agency Infosec Assessment Methodo...
Security Certifications <ul><li>Intermediate level:  </li></ul><ul><li>CIW Security Analyst Certification </li></ul><ul><u...
Security Certifications <ul><li>Intermediate level:  </li></ul><ul><li>GIAC Specializations </li></ul><ul><li>Firewall Ana...
Security Certifications <ul><li>Advanced level: </li></ul><ul><li>Certified Information Systems Security Professional (CIS...
Security Certifications <ul><li>Advanced level: </li></ul><ul><li>Certified Information Systems Auditor </li></ul><ul><ul>...
Security Certifications <ul><li>Vendor Specific: </li></ul><ul><li>Cisco: </li></ul><ul><li>Cisco Certified Security Profe...
References & Resources <ul><li>(isc) 2  = International Information Systems Security Certifications Consortium, Inc. </li>...
References & Resources <ul><li>CIW Certified </li></ul><ul><ul><ul><li>http://www.ciwcertified.com </li></ul></ul></ul><ul...
The End <ul><li>For Additional Information: </li></ul><ul><li>[email_address] </li></ul>
Upcoming SlideShare
Loading in...5
×

presentation

531

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
531
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "presentation"

  1. 1. Security Certification David Cass, CISSP, NSA-IAM
  2. 2. Why Security Certification <ul><li>Professional validation of skills </li></ul><ul><li>exposure to industry standards </li></ul><ul><li>best practices </li></ul><ul><li>baseline skills for a specific role </li></ul>
  3. 3. Why Security Certification <ul><li>Internal & External Value </li></ul><ul><li>Credible advice & support </li></ul><ul><li>Quality of work & productivity </li></ul><ul><li>Differentiation of your organization or group </li></ul><ul><li>Culture of excellence </li></ul>
  4. 4. Why Security Certification <ul><li>Certification: </li></ul><ul><li>Not a substitute for years of experience </li></ul>
  5. 5. Which certifications are right for my organization? <ul><li>Organizational Needs Assessment: </li></ul><ul><li>Roles & Responsibilities </li></ul><ul><li>Experience </li></ul><ul><li>Types of Infrastructure equipment supported </li></ul>
  6. 6. Security Certifications <ul><li>Classifications: </li></ul><ul><li>Benchmark </li></ul><ul><ul><ul><li>Wide recognition by professionals in all sectors </li></ul></ul></ul><ul><ul><ul><li>Advanced level </li></ul></ul></ul><ul><ul><ul><li>Prerequisite for many senior jobs </li></ul></ul></ul><ul><ul><li>Foundation </li></ul></ul><ul><ul><ul><li>Introductory certifications </li></ul></ul></ul><ul><ul><ul><li>One to four years of experience </li></ul></ul></ul>
  7. 7. Security Certifications <ul><li>Classifications: </li></ul><ul><ul><li>Intermediate </li></ul></ul><ul><ul><ul><li>3 to 4 years of networking experience </li></ul></ul></ul><ul><ul><ul><li>2 years of IT Security experience </li></ul></ul></ul><ul><ul><li>Advanced </li></ul></ul><ul><ul><ul><li>Expert level </li></ul></ul></ul><ul><ul><ul><li>Minimum of 4 years of IT Security experience </li></ul></ul></ul>
  8. 8. Security Certifications <ul><li>Vendor and Product Specific </li></ul><ul><ul><ul><li>Hardware/ software dependent </li></ul></ul></ul><ul><ul><ul><li>Range from intro to expert or advanced levels </li></ul></ul></ul><ul><ul><ul><li>Examples include: Cisco, Check Point, Symantec, Tivoli, Microsoft, and others </li></ul></ul></ul>
  9. 9. Security Certifications <ul><li>Benchmark certifications: </li></ul><ul><li>CISSP </li></ul><ul><ul><ul><li>isc2.org </li></ul></ul></ul><ul><ul><ul><li>Common Body of Knowledge </li></ul></ul></ul><ul><ul><ul><ul><li>Access Control Systems and Methodology </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Applications & Systems Development </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Business Continuity Planning </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Cryptography </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Law, Investigation & Ethics </li></ul></ul></ul></ul>
  10. 10. Security Certifications <ul><li>Benchmark: </li></ul><ul><li>CISSP </li></ul><ul><ul><ul><li>Common Body of Knowledge </li></ul></ul></ul><ul><ul><ul><ul><li>Operations Security </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Physical Security </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Security Architecture & Models </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Security Management Practices </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Telecommunications, Network & Internet Security </li></ul></ul></ul></ul>
  11. 11. Security Certifications <ul><li>Benchmark: </li></ul><ul><ul><li>Certified Information Systems Auditor (CISA) </li></ul></ul><ul><ul><ul><li>isaca.org </li></ul></ul></ul><ul><ul><ul><li>IT audit community </li></ul></ul></ul><ul><ul><ul><li>Covers: </li></ul></ul></ul><ul><ul><ul><ul><li>Management, planning and organization of IS </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Technical infrastructure and operational practices </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Protection of Information Assets </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Disaster Recovery and Business Continuity </li></ul></ul></ul></ul>
  12. 12. Security Certifications <ul><li>Benchmark: </li></ul><ul><ul><li>Certified Information Systems Auditor (CISA) </li></ul></ul><ul><ul><ul><li>Covers: </li></ul></ul></ul><ul><ul><ul><ul><li>Business Application Systems Development, Acquisition, Implementation and Maintenance </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Business Process Evaluation and Risk Management </li></ul></ul></ul></ul><ul><ul><ul><ul><li>IS Audit Process </li></ul></ul></ul></ul>
  13. 13. Security Certifications <ul><li>Foundation level: </li></ul><ul><li>Security+ </li></ul><ul><ul><ul><li>CompTIA </li></ul></ul></ul><ul><ul><ul><li>Focus on basic architecture, business, and products </li></ul></ul></ul><ul><ul><ul><li>Covers: </li></ul></ul></ul><ul><ul><ul><ul><li>General Security Concepts </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Communications Security </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Infrastructure Security </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Basics of Cryptography </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Operational/Organizational Security </li></ul></ul></ul></ul>
  14. 14. Security Certifications <ul><li>Foundation level: </li></ul><ul><li>TICSA Certified Security Associate by Trusecure </li></ul><ul><ul><ul><li>Network admins, and entry level audit personnel </li></ul></ul></ul><ul><ul><ul><li>Focus on architecture and products </li></ul></ul></ul><ul><ul><ul><li>Covers: </li></ul></ul></ul><ul><ul><ul><ul><li>Security Practices and Procedures </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Security Fundamentals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>TCP/IP Networking Fundamentals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Firewall Management Fundamentals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Detection, Response & Recovery </li></ul></ul></ul></ul>
  15. 15. Security Certifications <ul><li>Foundation level: </li></ul><ul><li>TICSA Certified Security Associate by Trusecure </li></ul><ul><ul><ul><li>Covers: </li></ul></ul></ul><ul><ul><ul><ul><li>Administration & Maintenance Fundamentals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Design & Configuration Basics </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Malicious Code Fundamentals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Law, Ethics, and Policy </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Authentication Fundamentals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Cryptography Basics </li></ul></ul></ul></ul>
  16. 16. Security Certifications <ul><li>Foundation level: </li></ul><ul><li>SANS </li></ul><ul><li>GIAC Security Essentials (GSEC) </li></ul><ul><ul><ul><li>Basic understanding of the CBK </li></ul></ul></ul><ul><ul><ul><li>Basic skills to incorporate good infosec practices </li></ul></ul></ul><ul><ul><li>GIAC IT Security Audit Essentials </li></ul></ul><ul><ul><ul><li>Developing audit checklists </li></ul></ul></ul><ul><ul><ul><li>Perform limited risk assessment </li></ul></ul></ul>
  17. 17. Security Certifications <ul><li>Foundation level: </li></ul><ul><li>SSCP (Systems Security Certified Practitioner) </li></ul><ul><ul><ul><li>isc2 </li></ul></ul></ul><ul><ul><ul><li>Covers: </li></ul></ul></ul><ul><ul><ul><ul><li>Access Controls </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Administration </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Audit and Monitoring </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Risk, Response, and Recovery </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Cryptography </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Data Communications </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Malicious Code/Malware </li></ul></ul></ul></ul>
  18. 18. Security Certifications <ul><li>Intermediate level: </li></ul><ul><li>National Security Agency Infosec Assessment Methodology </li></ul><ul><ul><ul><li>NSA-IAM </li></ul></ul></ul><ul><ul><ul><li>NSA process for identifying and correcting security weaknesses in information systems and networks </li></ul></ul></ul><ul><ul><li>GIAC Systems and Network Auditor (GSNA) </li></ul></ul><ul><ul><ul><li>Apply risk analysis techniques </li></ul></ul></ul><ul><ul><ul><li>Conduct technical audits </li></ul></ul></ul>
  19. 19. Security Certifications <ul><li>Intermediate level: </li></ul><ul><li>CIW Security Analyst Certification </li></ul><ul><ul><ul><li>Deployment of e-business transaction and payment security solutions </li></ul></ul></ul><ul><ul><ul><li>Implementing e-business security policies </li></ul></ul></ul><ul><ul><li>GIAC Certified Windows Security Administrator (GCWN) </li></ul></ul><ul><ul><ul><li>Secure and audit Windows systems </li></ul></ul></ul><ul><ul><li>GIAC Certified UNIX Security Administrator (GCUX) </li></ul></ul><ul><ul><ul><li>Secure and audit UNIX and Linux systems </li></ul></ul></ul>
  20. 20. Security Certifications <ul><li>Intermediate level: </li></ul><ul><li>GIAC Specializations </li></ul><ul><li>Firewall Analyst </li></ul><ul><li>Forensic Analyst </li></ul><ul><li>Incident Handler </li></ul>
  21. 21. Security Certifications <ul><li>Advanced level: </li></ul><ul><li>Certified Information Systems Security Professional (CISSP) </li></ul><ul><ul><ul><li>isc2: CBK </li></ul></ul></ul><ul><ul><ul><li>Additional concentrations: </li></ul></ul></ul><ul><ul><ul><ul><li>Information Systems Security Engineering Professional </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Information Systems Security Management Professional </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Information Systems Security Architecture Professional </li></ul></ul></ul></ul>
  22. 22. Security Certifications <ul><li>Advanced level: </li></ul><ul><li>Certified Information Systems Auditor </li></ul><ul><ul><ul><li>Information Systems Audit and Control Association </li></ul></ul></ul><ul><ul><ul><li>Globally accepted standard IS Audit and Control </li></ul></ul></ul>
  23. 23. Security Certifications <ul><li>Vendor Specific: </li></ul><ul><li>Cisco: </li></ul><ul><li>Cisco Certified Security Professional (Intermediate) </li></ul><ul><li>Cisco Certified Internetwork Expert Security (Advanced) </li></ul><ul><li>Check Point: </li></ul><ul><li>Check Point Certified Security Administrator (Foundation) </li></ul><ul><li>Check Point Certified Security Expert (Advanced) </li></ul>
  24. 24. References & Resources <ul><li>(isc) 2 = International Information Systems Security Certifications Consortium, Inc. </li></ul><ul><ul><ul><li>https://www.isc2.org </li></ul></ul></ul><ul><ul><li>Information Systems Audit and Control Association </li></ul></ul><ul><ul><ul><li>http://www.isaca.org </li></ul></ul></ul><ul><ul><li>SANS & Global Information Assurance Certification </li></ul></ul><ul><ul><ul><li>http://www.giac.org/subject_certs.php </li></ul></ul></ul><ul><ul><li>Certification Magazine </li></ul></ul><ul><ul><ul><li>http://certmag.com </li></ul></ul></ul>
  25. 25. References & Resources <ul><li>CIW Certified </li></ul><ul><ul><ul><li>http://www.ciwcertified.com </li></ul></ul></ul><ul><ul><li>Cisco </li></ul></ul><ul><ul><ul><li>http://cisco.com </li></ul></ul></ul><ul><ul><li>Check Point </li></ul></ul><ul><ul><ul><li>http://checkpoint.com </li></ul></ul></ul><ul><ul><li>CSO Magazine </li></ul></ul><ul><ul><ul><li>http://csoonline.com </li></ul></ul></ul>
  26. 26. The End <ul><li>For Additional Information: </li></ul><ul><li>[email_address] </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×