Information Sheet 2.

1-2: Certification Programs in the Information Security Field

Site: ias101csiicollege.gnomio.com Printed by: Jess Deladia

Course: Information Assurance and Security Date: Tuesday, 26 October 2021, 6:19 PM
Information Sheet 2.1-2: Certification Programs in the Information
Book:
Security Field
 Description

At the end of the lesson, students shall be able to:

1. Demonstrate understanding of the different job responsibilities of an Information Security Professional;

2. Enumerate the different certifying bodies in the Information Security Field; and
3. Demonstrate understanding of the coverage of each certifications.
 Table of contents

Introduction

Certifications and Trainings

Vendor-Neutral Professional Certifications

Vendor-Specific Professional Certifications

 Introduction

Just like any other fields, one shall undergo a training and pass a series of assessments to be able to be certified in the profession. In information security,
there are also some evaluations that are conducted so that one can be expert in it. Mostly, this Certifications are given by a specialized agency either
through the government or by a private sector.

Information Security Professional

Information Security Professional refers to a title for an individual who possesses certification in the field of Information Security. Their primary function is to
secure the company’s properties from internal and external risks. There are in-charged in making sure that the organization’s asset is free from attacks.

Since we treat our assets as our crown jewels, we shall assign someone who will take care of it. That is the main reason why companies whether private or
public employs IS Professional.

Career Description, Duties and Common Tasks

The following are the main duties and tasks of an Information Security Professional;

Monitors the IT System and look for threats and vulnerabilities;

Creates protocols in identifying and eliminating threats;
Maintains updated anti-virus software that blocks the threats;
Facilitates trainings to support minimizing threats in the organization;
Identifies the software that are safe to use by the organization;
Investigates cases of asset leaks and exploitation;
Troubleshoots, maintains and manages IT security equipment;
Documents the reports of incidents and cases with relation to information;
Work hand-in-hand with the IT Manager.

The Department of Defense (DoD) is the one who certifies an individual to wish to get a license in the field. As an agency which primarily provides security
to the whole nation, it shall be also held liable if ever someone whom they certify carries out an attack to any entity. For this reason, the DoD is very strict
in implementing the series of directives.
 Certifications and Trainings

DoD Directive 8570.01

The DoD Directive 8570.01 is also known as Information Assurance Training Certification and Workforce Management. This directive mainly affects any DoD
Facility or Contractor Organization.

It is intended to ensure that all personnel directly involved with information protection are accredited with licenses.

DoD Directive 8140

The DoD Directive 8140 has replaced the 8570.01 directive. This was developed by the Defense Agency focusing on Information Systems known as DISA,
where roles of a certified individual have been identifies such as; providing protection, running and preserving, protecting and defending, researching,
managing, gathering, overseeing and developing and investigating. For someone who wishes to get a certification, it is very important for him/her to undergo
the prescribed trainings. The US DoD/ NSA set a standard in training listed below;

 Vendor-Neutral Professional Certifications

Information Security Assurance Certifications (ISC)2

Vendor-neutral certifications cover general ideas and subjects.

Basically, (ISC)2 or the Information Security Certifications certifies an individual that aspires to have greater information security skills. The following are the
certifications that (ISC)2 covers.

Global Information Assurance Certification (GIAC-SANS)

GIAC Certifications develops and implements certificate programs for information security. More than 30 certifications for cyber security correspond with
SANS training and guarantee mastery in vital, advanced InfoSec domains. GIAC Certifications include industry, state, and military clients worldwide with the
highest and most comprehensive confirmation of information security expertise and skills available. GIAC identifies several job disciplines in the information
security such as audit, forensics, legal, management, security administration and software security.

The following table shows the Job Discipline, Level and Credential for GIAC certifications.


Certified Internet Webmaster (CIW)

CIW is the world's leading vendor neutral training and certification system in IT and Internet technology. The CIW credentials concentrate on protection in
general as well as on the site. It basically needs to complete the requirement of the other vendor-neutral certifications. For CIW Web Security Associate,
one shall pass Web Security Associate Exam (1DO-571), for CIW Web Security Specialist, one shall pass Web Security Associate Exam (1DO-571) and earn
ONE credential from CIW- approved credential list, and CIW Web Security Professional, an applicant shall pass Web Security Associate Exam (1DO-571) and
earn TWO credential from CIW- approved credential list.

CompTIA Security+

CompTIA Security+ Is a global credential validating the basic skills you need to conduct core security functions and pursue a career in IT security. CompTIA
Security+ should be the first IT protection certification a specialist must win. This sets the core knowledge needed for any position in cybersecurity and
provides a springboard for cybersecurity employment at intermediate level.

Skills such as the following will be acquired in this certification:

Detect various types of compromise and understand penetration testing and vulnerability scanning concepts
Install, configure, and deploy network components while assessing and troubleshooting issues to support organizational security
Implement secure network architecture concepts and systems design
Install and configure identity and access services, as well as management controls
Implement and summarize risk management best practices and the business impact
Install and configure wireless security settings and implement public key infrastructure

ISACA

ISACA is an international professional association focused on IT (Information technology) governance. On its IRS filings, It is known as the Society for
Information Systems Audit and Control. ISACA offers four certifications for IT auditors, risk management and IT management professionals and managers.

ISACA offers;

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)
Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)
 Vendor-Specific Professional Certifications

Vendors of hardware and software products provide VENDOR-SPECIFIC Technical Certifications. A certificate signifies competence in the line of product of a
specific vendor. Vendors perform various types of tests and if an applicant satisfies qualification criteria, the applicant has a certain degree of competence
and competencies.

CISCO Systems

Cisco is one of the main producers of software and network protection tools.

They provide its networking products a variety of certifications. They also offer many different levels of qualification along various paths.

The following table shows the different levels and its corresponding CISCO Certifications.

Juniper Networks

Juniper Networks builds a combination of hardware and software for network security. Like CISCO, they also provide a wide set of certifications for their
product line. Basically, Juniper Networks offer Four levels from 11 different tracks.

The following table shows offered tracks.

RSA

RSA Global is a supplier of workplace health, risk and regulatory solutions. They offer innovative courses to help the safety of professional use of products
effectively. They also conduct licenses on RSA Archer and RSA SecrID.

Symantec

Symantec offers a wide range of product safety software.  They test applicants on its product lines for certifications, including:

Administration of Symantec NetBackup for UNIX

Administration of Symantec Enterprise Vault for Exchange
Administration of Symantec Endpoint Protection
Administration of Symantec NetBackup for Windows

Check Point

Check Point is a Global network and security system, and software producer.

We provide educational and qualification pathways for safety practitioners to promote awareness and skills. They require their applicants to pass an 80%
examination from study materials and 20% practical experience.

Check Point Certifications are shown in the table below;