Three major information security certification programs are:-
1. (ISC)2 International Information Systems Security Certification Consortium, Inc certifications. These include
a. Certified Information Systems Security Professional (CISSP),
b. Systems Security Certified Practitioner (SSCP) and
c. Certification and Accreditation Professional (CAP)
2. Global Information Assurance Certification (GIAC) , a series of technical security certifications offered by SANS. These certificates have three levels, silver, gold and platinum. Platinum are combined certificated with an additional exam
3. Information Systems Audit and Control Association certifications: Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM)
Similarities between SSCP, GIAC and CISA
1. All three are for auditing, networking and security professionals dealing with auditing and security planning and implementations.
2. All three are certifications that combine technical knowledge with understanding of vulnerabilities, risks and business best practices.
3. They all are widely acceptable certifications in the IS industry and command respect and are recognized widely within the organizations and businesses.
4. They all require successful completion of an exam to be awarded and adherence to code of ethics and security standards.
5. They all require recertification or Continuing Professional Education (CPE) to maintain the certification
Difference between SSCP, GIAC and CISA
1. Experience Level
a. SSCP Must have at least 1 year of cumulative work experience in one or more of the seven test domains (CBK) in information systems security.
b. GIAC requires no verifiable work experience
c. CISA requires five years of verifiable experience in IS auditing, control or obtained in the 10 years preceding taking of the exam.
2. Recertification period and process
a. SSCP: Recertification required every 3 years by earning 60 CPE and an annual maintenance fee.
b. GIAC: Requires recertification every 2 to 4 years on interval determined by the certification.
c. CISA: No exam required but to maintain certification pay annual maintenance fee and complete 20 CPE annually.
3. Pattern of Examination
a. SSCP: 125 multiple choice questions in 3 hours covering seven test domains described below in common body of knowledge
i. Access Controls
ii. Administration
iii. Audit and Monitoring
iv. Risk, Response and Recovery
v. Cryptography
vi. Data Communications
vii. Malicious Code/Malware
b. GIAC: To obtain GIAC certification candidates must complete a practical, hands-on exam in addition to one or more technical exams.
c. CISA: Exam offered only twice a year and required completion of 200 multiple choice question in 4 hours.
References and More Information:
CISA - Certified Information Systems Auditor. Retrieved December 10, 2009 from the World Wide Web: http://certification.about.com/od/certifications/p/CISA.htm
Systems Security Certified Practitioner (SSCP). Retrieved December 10, 2009 from the World Wide Web http://certification.about.com/od/certifications/p/sscp.htm
GIAC Certifications Retrieved December 10, 2009 from the World Wide Web http://certification.about.com/cs/profiles/p/sansgiac.htm
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment