This document discusses the importance of information security certifications for professionals. It provides details on several popular certifications, including the CISSP, SSCP, CAP, CCFP, CSSLP, and EC-Council Certified Security Analyst (ECSA). For each certification, it lists the certifying body, typical cost, required exams, and topics covered. Overall, the document promotes certification as a way to prove expertise, command higher salaries, gain access to professional networks, and satisfy employer needs for verified skills in an increasingly threat-filled world.

1. Assignment 1
IS AUDIT
2/1/2015
Certifications on Security
SUBMITTED TO:
SIR WAQAS
MADE BY:
SHAHZEBPIRZADA (5701)

2. Why Certification Matters
In a world fraught with securitythreats, the need for skilled and knowledgeable information securityprofessionals has
never been greater. Your experience in the field is an importantcomponentofyour value to an employer,
but experience isn’tenough.Employers need something quantifiable and verifiable to show them you have the
expertise they need.
The Value of (ISC) ²® Certification
(ISC)² is acknowledged as the global,not-for-profitleader in educating and certifying information security
professionals throughouttheir careers.Our reputation has earned our information securitycertifications
and information securitytraining programs recognition as the Gold Standard of the industry.
When you become certified through (ISC)², you gain:
 Tested and verifiable proofof proficiency in your field.
 Higher salaryand promotion potential.
 Entry into one of the largestcommunities ofrecognized information securityprofessionals in the world.
 Access to unparalleled global resources,peer networking,mentoring,and a wealth of ongoing information security
opportunities.
Certificate About Vendor Cost Exams
CISSP - Certified
Information Systems
Security
Professional
CISSPs are information
assurance professionals
who define the
architecture, design,
management and/or
controls that assure the
security of business
environments. This was
the first certification in
the field of information
security to meet the
stringent requirements
of ISO/IEC Standard
17024.
(ISC)² $85
Per
year.
3 year
 Access Control
 Telecommunications and
Network Security
 Information Security
Governance and Risk
Management
 Software Development
Security
 Cryptography
 Security Architecture and
Design
 Operations Security
 Business Continuity and
Disaster Recovery Planning
 Legal,
Regulations, Investigations,
and Compliance
 Physical (Environmental)
Security

3. SSCP - Systems
Security Certified
Practitioner
The SSCP certification is
the ideal credential for
those with proven
technical skills and
practical security
knowledge in hands-on
operational IT roles. It
provides industry-
leading confirmation of
a practitioner’s ability
to implement, monitor
and administer IT
infrastructure in
accordance with
information security
policies and procedures
that ensure data
confidentiality, integrity
and availability.
(ISC)² $250  Access Controls
 Cryptography
 Malicious Code and Activity
 Monitoring and Analysis
 Networks and
Communications
 Risk, Response and
Recovery
 Security Operations and
Administration
CAP - Certified
Authorization
Professional
The Certified
Authorization
Professional (CAP)
certification is an
objective measure of the
knowledge, skills and
abilities required for
personnel involved in
the process of
authorizing and
maintaining information
systems. Specifically,
this credential applies
to those responsible for
formalizing processes
used to assess risk and
establish security
requirements and
documentation. Their
decisions will ensure
that information
systems possess
security commensurate
with the level of
exposure to potential
risk, as well as damage
(ISC)² $469  Risk Management
Framework (RMF)
 Categorization of
Information Systems
 Selection of Security
Controls
 Security Control
Implementation
 Security Control
Assessment
 Information System
Authorization
 Monitoring of Security
Controls

4. to assets or individuals.
CCFP- Certified
Cyber Forensics
Professional
The evolving field of
cyber forensics requires
professionals who
understand far more
than just hard drive or
intrusion analysis. The
field requires CCFP
professionals who
demonstrate
competence across a
globally recognized
common body of
knowledge that includes
established forensics
disciplines as well as
newer challenges, such
as mobile forensics,
cloud forensics, anti-
forensics, and more.
(ISC)² $549  Legal and Ethical Principles
 Investigations
 Forensic Science
 Digital Forensics
 Application Forensics
 Hybrid and Emerging
Technologies
CSSLP - Certified
Secure Software
Lifecycle
Professional
With the CSSLP®
certification from (ISC)²,
your application
security competency
within the software
development lifecycle
(SDLC) will be validated.
You'll not only be seen
as an industry leader in
application security, but
as a leader within your
organization as well. A
status you'll rightly
deserve because you'll
have proven your
proficiency in:
 Developing an
application security
program in your
organization
 Reducing production
$549 Secure Software
Concepts
Secure Software Design
Secure Software
Requirements
Secure Software
Implementation/Coding –
Secure Software Testing –
Software Acceptance –
Software Deployment,
Operations, Maintenance
and Disposal –
Supply Chain and
Software Acquisition

5. costs, application
vulnerabilities and
delivery delays
 Enhancing the
credibility of your
organization and its
development team
 Reducing loss of
revenue and reputation
due to a breach
resulting from insecure
software
EC–Council Certified
Security Analyst
(ECSA)
This program is a
comprehensive,
standards-based,
methodology intensive
training program which
teaches information
security professionals to
conduct real life
penetration tests by
utilizing EC-Council’s
published penetration
testing methodology.
Neutral $100
 Need for Security Analysis
 TCP IP Packet Analysis
 Penetration Testing
Methodologies
 Customers and Legal
Agreements
 Rules of Engagement
 Penetration Testing
Planning and Scheduling
 Pre-penetration Testing
Steps
 Information Gathering
 Vulnerability Analysis
 External Penetration
Testing
 Internal Network
Penetration Testing
 Firewall Penetration
Testing
 IDS Penetration Testing
 Password Cracking
Penetration Testing
 Social Engineering
Penetration Testing
 Web Application

6. Penetration Testing
 SQL Penetration Testing
 Penetration Testing
Reports and Post Testing
Actions