Fundamentals of Information

Systems Security

Lesson 14
Information Security Professional
Certifications
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
 Learning Objective(s)
 Describe information systems security
educational opportunities and professional
certifications.

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 2
All rights reserved.
 Key Concepts
 U.S. DoD/Military Directive 8570.01 and DoDD
8140.01
 Popular vendor-neutral professional certifications
 Popular vendor-specific professional certifications

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 3
All rights reserved.
 DoD Directive 8570.01
“Information Assurance Training,
Certification and Workforce Management”

Affects any DoD facility or contractor

organization

Ensures that all personnel who are directly

involved with information security possess
security certifications
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 4
All rights reserved.
 DoD Directive 8140
 A new, operationally focused cybersecurity
training framework
 Will replace the 8570.01 directive
 Developed by the Defense Information Systems
Agency (DISA)

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 5
All rights reserved.
 DoD Directive 8140 (cont.)
 Roles identified by the 8140 directive include:
• Security provision
• Operate and maintain
• Protect and defend
• Analyze
• Operate and collect
• Oversight and development
• Investigate

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 6
All rights reserved.
 Joint Cyberspace Training and
Certification Standards

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 7
All rights reserved.
 U.S. DoD/NSA Training Standards

Are actually training requirements for specific job

responsibilities

Developed by the CNSS and NSTISS committees

Provide guidance for course and professional

certification vendors to develop curriculum and
materials that meet DoD/NSA requirements

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 8
All rights reserved.
 U.S. DoD/NSA Training Standards
Training Standard Description
NSTISS- National Training Standard for Information
4011 Systems Security (InfoSec) Professionals
CNSS-4012 National Information Assurance Training
Standard for Senior System Managers
CNSS-4013 National Information Assurance Training
Standard for System Administrators (SA)
CNSS-4014 Information Assurance Officer (IAO) Training
NSTISSC-4015 National Training Standard
for System Certifiers
CNSS-4016 National Information Assurance Training
Standard for Risk Analysts
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 9
All rights reserved.
 Vendor-Neutral Professional
Certifications
A certification is an official statement that validates the fact that a
person has satisfied specific job requirements, including:
• Possessing a certain level of experience
• Completing a course of study
• Passing an examination

Certifications target specific areas of knowledge and expertise

Vendor-neutral certifications cover concepts and topics that are

general in nature

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 10
All rights reserved.
 Seven Main (ISC)2 Certifications
SSCP

CCSP CISSP

HCISPP CAP

CCFP CSSLP
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 11
All rights reserved.
 Seven Main (ISC)2 Certifications
(cont.)
SSCP
• Covers the seven domains of best practices for information
security
CISSP
• Demonstrates competence in the eight domains of the (ISC)2
CISSP Common Body of Knowledge (CBK)
CAP
• Provides a method to measure the knowledge and skills of
professionals involved in authorizing and maintaining
information systems
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 12
All rights reserved.
 Seven Main (ISC)2 Certifications
(cont.)
CSSLP
• Evaluates professionals for the knowledge and skills
necessary to develop and deploy secure applications

CCFP
• Tests and evaluates professionals for the knowledge and
skills necessary to perform and conduct a digital forensics
investigation

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 13
All rights reserved.
 Seven Main (ISC)2 Certifications
(cont.)

HCISPP
• Tests and evaluates professionals for the knowledge and
skills necessary to perform and conduct security and privacy
work for health care organizations

CCSP
• Tests and evaluates professionals for the knowledge and
skills necessary to secure and manage cloud computing
environments

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 14
All rights reserved.
 Additional (ISC)2 Professional
Certifications
Architecture (CISSP-ISSAP)
• Two years of professional experience in the area of
architecture; appropriate for chief security architects and
analysts

Engineering (CISSP-ISSEP)
• Road map for incorporating security into projects,
applications, business processes, and all information systems

Management (CISSP-ISSMP)
• Two years enterprise-wide security operations and
management; contains deeper managerial elements

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 15
All rights reserved.
 Global Information Assurance
Certification (GIAC)/SANS Institute

Offers approximately 30 individual credentials

Spans several information security job disciplines:

• Audit
• Forensics
• Legal
• Management
• Security administration
• Software security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 16
All rights reserved.
 GIAC Credentials

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 17
All rights reserved.
 Certified Internet Webmaster (CIW)
 Credentials focus on both general and web-
related security
 Credentials that satisfy CIW requirements
include:
• (ISC)2 SCCP or CISSP
• Various GIAC credentials
• CompTIA Security+
• Several vendor-specific credentials

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 18
All rights reserved.
 CIW Credentials

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 19
All rights reserved.
 CompTIA
 Security+
• Globally recognized
• Entry-level information security certification of
choice for IT professionals
• Meets the ISO 17024 standard and is
approved by the DoD 8570.01-M requirements
• Is industry supported
 CompTIA Advanced Security Practitioner
(CASP)
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 20
All rights reserved.
 ISACA
 Is a nonprofit global organization that promotes
“the development, adoption, and use of globally
accepted, industry leading knowledge and
practices for information systems”
 Provides security training at conferences and
training events
 Offers four certifications for IT security
professionals: CISM, CISA, CGEIT, and CRISC

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 21
All rights reserved.
 ISACA Certifications

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 22
All rights reserved.
 Other Information Systems
Security Certifications
• CEH, CHFI, EC-Council Certified
EC-Council
Security Analyst, and more

Software Engineering • CERT—Certified Computer Security

Institute (Carnegie Incident Handler, SEI—Authorized
Mellon University CERT Instructor

Mile2 • Multiple security certifications

Certified Wireless • Multiple wireless security

Security Professional certifications

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 23
All rights reserved.
 Other Information Systems
Security Certifications (cont.)
• Certified Computer Crime
High Tech Crime
Investigator, Certified Computer
Network
Forensic Technician

International Society of
• Certified Computer Examiner
Forensic Computer
(CCE)
Examiners

CyberSecurity Institute • CyberSecurity Forensic Analyst

(CSFA)

Offensive Security
• Multiple certifications

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 24
All rights reserved.
 Vendor-Specific Professional
Certifications
 Certifications offered by vendors of
hardware and software products
 Holding a certification for a specific vendor
implies competence
 If an applicant meets requirements for a
certification, applicant has a certain level of
knowledge and skills

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 25
All rights reserved.
 Cisco Systems
 One of the largest manufacturers of
network security devices and software
 Offers a range of certifications for its
networking products
 Offers several different certification levels
along different tracks that enable security
professionals to focus efforts on specific
knowledge and skills they need to get the
most out of Cisco equipment
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 26
All rights reserved.
 Cisco Systems (cont.)
Levels Paths
Entry Design

Associate Security

Professional Voice

Expert Wireless

Architect Routing and Switching

Service Provider

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 27
All rights reserved.
Cisco
Certifications

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 28
All rights reserved.
 Juniper Networks
 Manufactures a variety of network security
hardware and software
 Offers a varied range of certifications for its
networking product line
 Four levels from 11 different tracks
 Does not offer certifications at all levels for
every track

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 29
All rights reserved.
 Juniper Networks Certification
Levels and Tracks

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 30
All rights reserved.
 RSA
Global provider of security, risk, and
compliance solutions for enterprise
environments
Provides specific training and certifications to
help security professionals use RSA products
effectively
Offers certifications for RSA Archer and RSA
SecurID

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 31
All rights reserved.
 Symantec
Provides a wide range of security software
products

Offers certifications for its product lines,

including:
• Administration of Symantec NetBackup for UNIX
• Administration of Symantec Enterprise Vault for
Exchange
• Administration of Symantec Endpoint Protection
• Administration of Symantec NetBackup for Windows

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 32
All rights reserved.
 Check Point
 Global manufacturer of network and
security devices and software
 Provides training and certification paths for
security professionals to encourage highest
level of knowledge and skills in the use of
Check Point products
 Requires that applicants pass an exam that
involves 80 percent study materials and 20
percent hands-on experience
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Fundamentals of Information Systems Security www.jblearning.com Page 33
All rights reserved.
 Check Point Certifications

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 34
All rights reserved.
 Summary
 U.S. DoD/Military Directive 8570.01
and DoDD 8140.01
 Popular vendor-neutral professional
certifications
 Popular vendor-specific professional
certifications

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Fundamentals of Information Systems Security www.jblearning.com Page 35
All rights reserved.