Industry specific qualifications are becoming more important in the information security world. Previously, the rapid growth in demand for staff meant that practical experience was a sufficient basis on which to employ someone. However, the tide has been changing, particularly for those working in entry up to mid-level positions.
As has happened in other areas of corporate governance, there is now a need for employers to be able to differentiate between different levels of experience, which has led to qualifications rising in importance. Consequently, for those pursuing a career in information security, a relevant professional or academic qualification can be a real advantage.
The range of qualifications available to security consultants has increased over recent years. Here are some of the most popular qualifications offered by the different examination boards, government bodies and universities.
International Information Systems Security Certification Consortium (ISC)²
(ISC)² was established in 1989 as a not-for-profit organisation to develop a common body of knowledge (“CBK”) and certification programme for information systems security professionals. The qualifications offered by (ISC)² are among the most popular in the security industry today. There are prerequisites with regard to level of professional experience as to who can actually become qualified. However the exams are open for people who do not meet the requirements of CISSP or SSCP, and they can become Associates of (ISC)²
(ISC)² offers the following qualifications:
Certified Information Systems Security Professional (CISSP)
The CISSP certification provides information security professionals with not only an objective measure of competence but a globally recognised standard of achievement. The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.
Systems Security Certified Practitioner (SSCP)
The SSCP certification offers information security technicians, with implementation experience, the opportunity to demonstrate their level of competence. The SSCP credential is ideal for those working toward or who have already attained positions as Senior Network Security Engineers, Senior Security Systems Analysts or Senior Security Administrators.
Certification and Accreditation Professional (CAP)
The CAP credential is specifically designed for security professionals involved in the Certification and Accreditation process. The credential is suited to those responsible for formalising processes used to assess risk and establish security requirements, as well as ensuring information systems possess security commensurate with the level of exposure to potential risk.
CISSP Concentrations
- ISSAP Concentration in Architecture
- ISSEP Concentration in Engineering
- ISSMP Concentration in Management
For experienced information security professionals with an (ISC)² credential in good standing, (ISC)² Concentrations demonstrate in-depth knowledge of their subject area.
More information about the qualifications offered by (ISC)² can be found at www.isc2.org
Back to top
British Computer Society (BCS) / Information Systems Examination Board (ISEB)
The British Computer Society (BCS) is the only Chartered Engineering Institution for Information Systems Engineering. Through the Information Systems Examinations Board (ISEB), the BCS provides industry-recognised qualifications that measure competence, ability and performance in many areas of information security.
Certificate in Information Security Management Principles (CISMP)
This qualification is designed to provide a base level of knowledge for individuals who are thinking of moving into a security or security-related function. It also offers the opportunity to those for whom security responsibility is already part of their day-to-day role, to enhance or refresh their knowledge.
More information about the CISMP can be found at www.bcs.org
Back to top
Information Systems Audit and Control Association (ISACA)
The Information Systems Audit and Control Association (ISACA) was founded in the United States in 1969 as the EDP Auditors Association. It is an international association of professionals involved in information systems audit, control, quality assurance and security, is well known for the computer audit qualification CISA and has chapters all round the globe.
Certified Information Security Manager (CISM)
The CISM certification program is developed for experienced information security managers and those who have information security management responsibilities. It is for security professionals who manage, design, oversee and/or assess an enterprise’s information security. The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services.
More information about the CISM qualification can be found at www.isaca.org
Back to top
SANS Institute
The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organisation. It enables more than 165,000 security professionals, auditors, system administrators, and network administrators to share the lessons they are learning and find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.
Global Information Assurance Certification (GIAC)
The SANS Institute founded GIAC in 1999 in response to the need to validate the skills of security professionals. SANS training and GIAC certifications address a range of skill sets including entry level Information Security Officer and broad based Security Essentials, as well as advanced subject areas like Audit, Intrusion Detection, Incident Handling, Firewalls and Perimeter Protection, Forensics, Hacker Techniques, Windows and Unix Operating System Security. GIAC is unique in measuring specific skill knowledge areas instead of general purpose security knowledge.
More information about SANS and GIAC can be found at www.sans.org and www.giac.org
Back to top
International Register of Certificated Auditors (IRCA)
IRCA was formed in 1984 as part of the UK government's enterprise initiative, designed to make industry and business more competitive, through the implementation of quality principles and practices. This structure included IRCA, an accreditation body (now UKAS), a national standards making body (BSI Standards) and a number of commercial certification bodies. The IRCA is the world's original and largest international certification body for auditors of management systems.
Information Security Management Systems (ISMS) Auditor
IRCA offers five grades of certification, and most auditors progress from provisional auditor to the auditor grade and then to either lead or principal grades (these last two are considered the most advanced grades).
More information about the IRCA Auditor certifications can be found at www.irca.org
Back to top
British Standards Institute (BSI)
Founded in 1901, BSI Group is a leading business services provider to organisations worldwide. They provide independent certification of management systems and products; product testing services; the development of private, national and international standards; performance management software solutions; management systems training and information on standards and international trade.
Internal auditor 27001
This certification is aimed at personnel who already have an understanding of ISO/IEC 27001:2005. It is suited to managers who are co-ordinating audit activities and individuals who have been given the responsibility to audit an Information Security Management System.
Lead auditor 27001
This is the ideal certification for those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2005, as well as existing security auditors who wish to expand their auditing skills and for consultants who wish to provide advice on ISO 27001:2005 systems certification.
More information about the BSI certifications can be found at www.bsigroup.co.uk
Back to top
Cabinet Office - Central Sponsor for Information Assurance (CSIA)
The CSIA is a unit of the UK Government's Cabinet Office and works with partners in the public and private sectors, as well as its international counterparts, to help safeguard the nation's IT and telecommunications services. The CSIA provides a central focus for information assurance in promoting the understanding that it is essential for government and business alike to maintain reliable, secure and resilient national information systems.
Infosec Training Paths and Competencies (ITPC)
ITPC qualifications offer recognised formal training and development for IT security professionals working for the UK government and related organisations. The scheme develops and supports Infosec core competency profiles for key security roles within UK government and related sectors. ITPC is the ‘recommended qualification’ for CESG Listed Adviser Scheme (CLAS) consultants undertaking work for government clients.
More information about the ITPC qualification can be found at www.cabinetoffice.gov.uk
Back to top
Communications-Electronics Security Group (CESG)
CESG is the Information Assurance (IA) arm of GCHQ. CESG offers a range of products and services including technical consultancy and advice, policy documentation, product evaluation and training, primarily to UK government and the armed forces, the wider public sector, and industries forming part of the Critical National Infrastructure.
CESG Listed Adviser Scheme (CLAS)
CLAS is a partnership linking the unique Information Assurance knowledge of the CESG with the expertise and resources of the private sector. CLAS consultants are approved to provide Information Assurance advice on systems processing protectively marked information up to, and including, SECRET. The Scheme offers a marketing edge for consultants in their dealings with both Government and non-Government clients.
CHECK - IT Health Check
To become a CHECK Team Leader you will need to pass the CHECK Service Assault Course (CSAC) which is a rigorous assessment designed to assess IT security consultants against a skill set baseline of practical penetration testing. The CSAC can only be taken by security professionals working for a CHECK approved service provider.
More information about CLAS and CHECK can be found at www.cesg.gov.uk/clas and www.cesg.gov.uk/check
Back to top
International Council of Electronic Commerce Consultants (EC-Council)
The EC-Council is a member supported professional organisation. The purpose of the EC-Council is to support and enhance the role of individuals and organisations who design, create, manage or market e-Business solutions.
Certified Ethical Hacker (CEH)
The CEH program certifies individuals in the specific discipline of ethical hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
More information about the CEH and other qualifications offered by the EC-Council can be found at www.eccouncil.org
Back to top
CompTIA Certification UK
CompTIA certification programs are the recognised industry standards for foundation-level information technology IT skills. Best known for the A+ certification, CompTIA offers many certifications in key technology areas. Many of the certifications are electives or prerequisites toward advanced certifications, such as Microsoft's MCSA and Novell's CNE.
CompTIA Security+
The CompTIA Security+ certification tests for security knowledge mastery of an individual with two years on-the-job networking experience, with emphasis on security. The exam covers industry-wide topics, including communication security, infrastructure security, cryptography, access control, authentication, external attack and operational and organisation security.
More information about the CompTIA Security+ qualification can be found at www.comptia-certification.co.uk
Back to top
Postgraduate Degree Courses in Information Security
There are now more academic courses in information security than ever before. A broad selection is listed below.
Royal Holloway, University of London - MSc in Information Security
www.isg.rhul.ac.uk
Royal Holloway, University of London - PhD in Security
www.isg.rhul.ac.uk
Westminster University - MSc in IT Security
www.wmin.ac.uk
Loughborough University - Postgraduate Programme in Security Management (Certificate, Diploma and MSc)
www.lboro.ac.uk
UCL, Adastral Park – MSc in Information Security
www.mscinfosec.adastral.ucl.ac.uk
University of Salford - MSc in Information Security
www.isi.salford.ac.uk
University of Glamorgan - MSc in Computer Systems Security
www.glam.ac.uk/courses/685/532
Sheffield Hallam University - MSc/PgDip/PgCert Information Systems Security
www.shu.ac.uk
Southampton University - MSc in Corporate Risk & Security Management
www.management.soton.ac.uk/StudyOpportunities/pg-pt/corporate-risk-sec-management.php
Back to top
Security Associations
There are various security associations. Barclay Simpson’s Information Risk & Security Recruitment Consultants are all members of the Information Systems Security Association (ISSA) www.issa.org. This is a popular association and those holding (ISC)² certifications can gain CPE credits by attending their meetings. Other bodies include: Information Systems Audit and Control Association (ISACA) www.isaca.org; the Business Continuity Institute (BCI) www.thebci.org; the newly formed Institute for Information Security Professionals (IISP) www.instisp.com; and specialist sub-groups of the British Computer Society, such as the Information Security Specialist Group (BCS-ISSG) www.bcs-issg.org.uk and the Information Risk Management & Audit Group (IRMA) www.bcs.org/groups/irma. |
|
|
