INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC'

1
INTERNATIONAL INFORMATION SYSTEMS SECURITY
CERTIFICATION CONSORTIUM, INC.
Andreja Satran, (ISC)2 ITIL Manager qSTC -
(ISC)2 Certified Partner
2
(ISC)2, INTERNATIONAL INFORMATION SYSTEMS
SECURITY CERTIFICATION CONSORTIUM, INC.
ABOUT (ISC)2

• The International Standard for Information
  Security
• (INTERNATIONAL INFORMATION SYSTEMS SECURITY
  CERTIFICATION CONSORTIUM, INC.)
• Not-for-profit chartered in 1989 to provide an
  international standard for professional
  certification
• Established to aggregate a Common Body of
  Knowledge (CBK), train, test and certify
• Led by a Board of top IS professionals
  representing a broad cross-section of industries
• Professionally managed with offices in the United
  States, Europe and Asia

3
International Information Systems Security
Certification Consortium, Inc. Partnership
Relation

• QSTC Solutions Training Center
• Uradni Certified Partner for (ISC)2
• za drave Slovenija, Hrvaka, Srbija in Crno
  Gora in Turcija

Palsit d.o.o. Nova Gorica, Uradni Promotional
Partner for (ISC)2 v Sloveniji
4
International Information Systems Security
Certification Consortium, Inc. Partnership
Relation

• Background and Authorization
• Founded in 1998 as business unit of computer
  systems reseller as
• Compaq Authorized Training Center/ CTEC for
  EMEA region
• Hewlett-Packard Certified Training Center in EMEA
• Hewlett-Packard Education Services Training
  Partner in EEM
• Microsoft Certified Technical Education Centre
  MCT
• Veritas Authorized Training Center
• Authorized CAT Prometric Partner
• (ISC)2 Certified Partner

5
International Information Systems Security
Certification Consortium, Inc. Partnership
Relation
Location Belgrade, SerbiaMontenegro, Serving
Middle East 2 classrooms, Storage Lab
Location Istanbul, Turkey Serving Middle East
2 classrooms, Storage Lab
Location Ljubljana, Slovenia Serving Central and
Eastern Europe 2 classrooms, Storage Lab
Location Johannesburg, South Africa Serving Sub
Sahara 1classroom, Storage Lab
6
Why Get Certified?

• Professional certification is a symbol of status
  and credibility in any profession.
• The CISSP certification is a public
  acknowledgment that the professional has devoted
  himself or herself to the field of information
  security or a closely related field, and passed a
  rigorous examination that encompasses all major
  elements of the industrys accepted and
  recognized information system security Common
  Body of Knowledge (CBK).

7
Threats to Systems Today
Employee Error
New Technology - Wireless
New Regulations
Hackers
Vendors
Customer Expectations
Increased Complexity
8
IT Security Growth
9
Filling the Need for Security
What Is Needed?

• IT Security Professionals who Understand
  Vulnerabilities and Weaknesses
• IT Security Policy Makers Who Can Develop
  Strategies to Mitigate Risk
• Improved Security of IT Infrastructures through
  policies, standards, guidelines, and procedures

10
Certification Options
Vendor Neutral Certifications

• (ISC)2 CISSP, SSCP, ISSEP, ISSAP, ISSMP
• CPP American Society for Industrial Security
  (ASIS)
• CompTIA Security
• Certified Internal Auditor, Institute of Internal
  Auditors
• ISACA Certified Information Systems Auditor
• Certified Information Systems Manager (CISM)
• DRI Certified Business Continuity Planner
  (CBCP)

11
Certification Options
Vendor Specific Certifications

• SCSE Symantec Certified Security Practitioner
• CCSA Checkpoint Certified Security Professional
• CCIE Security Cisco Certified Internetworking
  Expert/Security
• RSA RSA Certified Security Systems Engineer

12
CERTIFICATION SELECTION

• What makes (ISC)² certifications valuable?
• Industry Recognition
• International Common Body of Knowledge Integrity
• Longevity
• Prestigious constituency
• Certification must be maintained via Continuing
  Professional Education (CPE)
• Not for profit

13
What is (ISC)2s CBK based on ?? Whos Standards
??

• Q Is (ISC)2s Common Body of Knowledge (CBK)
  based primarily on U.S. government standards?
• A Initially, a few components of the CBK, upon
  which both training and the CISSP exam are based,
  featured U.S. law and standards. Beginning in
  1998, (ISC)2 invested significant effort and
  resources to internationalize the CISSP
  certification by removing references to U.S. law
  and policy and incorporating international
  standards such as BS7799.
• This effort was implemented by the international
  committee led by Corey Schou of Idaho State
  University in conjunction with numerous
  international security professionals.

14
TYPES OF CERTIFICATION

• Professional (CISSP)

• Practitioner (SSCP)

15
(CISSP) CERTIFIED INFORMATION SYSTEMS SECURITY
PROFESSIONAL

• Tailored for experienced information security
  professionals
• Minimum three years cumulative experience in at
  least one of the 10 CBK domains
• Undergraduate degree or life experience
  required(effective Jan.1 2003)
• Subscribe to (ISC)2 Code of Ethics
• Certification maintained through continuing
  education (CPE)

16
CISSP Content

• Security Management
• Security Architecture
• Access Control
• Applications
• Cryptography
• Telecommunication Network Security

• Law Investigation Ethics
• Business Continuity Planning
• Operations
• Physical Security

17
CISSP Examination

• Format
• 250 multiple choice questions
• Up to 6 hours to complete
• Scheduling
• Major Information Security Conferences
• CBK Review Seminar Locations
• Hosted Events

18
(SSCP) SYSTEMS SECURITY CERTIFIED PRACTITIONER

• Tailored for systems security practitioners
• Minimum one year cumulative work experience in
  at least one of the CBK domains
• Subscribe to (ISC)2 Code of Ethics
• Certification maintained through continuing
  education

19
SSCP Content
Security Transcends Technology

• Access Control
• Administration
• Audit and Monitoring
• Risk, Response and Recovery
• Cryptography
• Data Communications
• Malicious Code/Malware

20
Benefits for the Professional and
Enterprise

21
IT Business Requirements
22
BENEFITS TO THE ENTERPRISE

• Knowledge of best practices
• Solutions-orientation, not specialization
• Broad understanding of the CBK
• The rigor and regimen adds to credibility
• A business and technology orientation to risk
  management
• Networking with global and domain experts
• (ISC)² certifications help reflect to your market
  that your organization takes info-security
  seriously and also a properly and consistently
  trained IT professional staff

23
Recent World-wide Statistics

• Individuals tested for the CISSP, year to date
  4,311
• 188 events in 21 countries this year
• Currently more than 15,000 CISSPs world-wide
• Projected end of year CISSPs world-wide will
  total 18,500
• We have certified more people in April of this
  year than all of 1999

24
International Information Systems Security
Certification Consortium, Inc. Partnership
Relation

• qSTC Partnership Suport
• (ISC)2 promotion activity and events
• Organization the Seminars and Exam event
• Provide suport to all Partners and Customers
• qSTC Registration suport sistem
• Invoicing
• Help and inform all candidates with certification
  
• Schedule for 2003
• 28.10.2003 Promotion Event One day CISSP revue
  seminar
• 24.11.-28.11.2003 CISSP CBK seminar
• 13.12.2003 Exam for CISSP and SSCP
• All information on www.qstc.com/isc2, tel. 01
  234 53 25

25
QUESTIONS AND ANSWERS
For More Information www.qstc.com www.isc2.org
Achieve the Highest Standard