Nueva Ecija University of Science and Technology

college of Information and Communications Technology

Information
Assurance and
Security (IT-IAS 01)

Presented by

JOHN PHILLIP M. MEDINA

CICT
 Nueva Ecija University of Science and Technology
College of Information and Communications Technology

Information Assurance and Security (IT-IAS 01)

Lesson 2:
GOVERNANCE AND
RISK MANAGEMENT
2.2 CERTIFICATION PROGRAMS IN THE INFORMATION SECURITY FIELD

IT- IAS01 CICT

Learning
Objectives
1 Demonstrate understanding of the different job responsibilities
of an Information Security Professional;

Enumerate the different certifying bodies in the Information

2
Security Field; and

Demonstrate understanding of the coverage of each

3
certifications.
 INTRODUCTION

Just like in any other field, one must undergo training and pass
a series of assessments to become certified in the profession.
Information security is no exception.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Information Security Professional

• Refers to a title for an individual who possesses

certification in the field of Information
Security.

• Primary function is to secure the company’s

properties from internal and external risks.

• In-charged in making sure that the

organization’s asset is free from attacks.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Career Description, Duties
and Common Tasks
• Monitors the IT System and look for threats
and vulnerabilities;
• Creates protocols in identifying and
eliminating threats;
• Maintains updated anti-virus software that
blocks the threats;
• Facilitates trainings to support minimizing
threats in the organization;
• Identifies the software that are safe to use by
the organization;

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Career Description, Duties
and Common Tasks

• Investigates cases of asset leaks and

exploitation;
• Troubleshoots, maintains and manages IT
security equipment;
• Documents the reports of incidents and
cases with relation to information;
• Work hand-in-hand with the IT Manager.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Who do you think is the
organization who certifies
ISP?

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Department of Defense (DoD)

• Certifies individuals seeking a license in the

field.
• Provides national security and is responsible
if a certified individual conducts an attack.
• Strict in implementing directives.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Certifications and Trainings

1. DoD Directive 8570.01

2.DoD Directive 8140
3.Vendor-Neutral Professional Certifications
4.Vendor-Specific Professional Certifications

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Certifications and Trainings
DoD Directive 8570.01

• Known as Information Assurance Training Certification and

Workforce Management.

• It is intended to ensure that all personnel directly involved with

information protection are accredited with license.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
 Certifications and Trainings
DoD Directive 8140

•Replaced the 8570.01 directive.

•Developed by the Defense Information Systems Agency (DISA).
•Identifies roles for certified individuals, including:
✓ Protection and defense
✓ Operation and maintenance
✓ Research and management
✓ Data gathering and oversight
✓ Development and investigation
•Certification requires prescribed training.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
 WHAT IS VENDOR?
Refers to companies or organizations that
produce specific hardware, software, or
technology products or services.

These vendors are typically known for their

specialized technology solutions in various
domains of information technology and
cybersecurity.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
 VENDOR-NEUTRAL
PROFESSIONAL
CERTIFICATIONS

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Vendor- Neutral
Professional Certifications
• This certification will validate your competency in baseline skills in security and
network fundamentals.
• A certification is an official statement that validates the fact that a person has
satisfied specific job requirements, including:

• Possessing a certain level of experience

• Completing a course of study
• Passing an examination

• Deal with best practices and concepts in a particular area of development.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Vendor- Neutral
Professional Certification

1. Information Security Assurance Certifications (ISC)2

2. Global Information Assurance Certification (GIAC-SANS)
3. Certified Internet Webmaster (CIW)
4.CompTIA Security+
5. ISACA

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

1. Information Security Assurance Certifications (ISC)2

Basically, (ISC)2 or the Information

Security Certifications certifies an
individual that aspires to have greater
information security skills.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security
Assurance Certification (ISC)2

SSCP CCSP HCISPP CCFP CISSP CAP CSSLP

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security Assurance

Certification (ISC)2

1. SYSTEMS SECURITY CERTIFIED PRACTITIONER

An entry-level certification
ensuring skills in implementing,
monitoring, and administering IT
infrastructure using security
policies to safeguard data's
confidentiality, integrity, and
availability.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security Assurance

Certification (ISC)2

2. CERTIFIED CLOUD SECURITY PROFESSIONAL

Recognizes IT and information security

leaders proficient in cloud security
architecture, design, operations, and
service orchestration, demonstrating
forefront expertise in cloud security.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security Assurance

Certification (ISC)2

3. CERTIFIED AUTHORIZATION PROFESSIONAL

Recognizes your ability to authorize

and maintain information systems
using the Risk Management
Framework (RMF), demonstrating
expertise in assessing risks and
establishing security documentation.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security Assurance

Certification (ISC)2

4. CERTIFIED SECURE SOFTWARE LIFECYCLE

PROFESSIONAL

Recognizes your expertise and ability

to incorporate security practices -
authentication, authorization and
auditing - into each phase of the
SDLC.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security Assurance

Certification (ISC)2

5. HEALTHCARE INFORMATION SECURITY AND

PRIVACY PRACTITIONER

Recognizes your expertise in implementing,

managing, and assessing security and
privacy controls for healthcare and patient
information, demonstrating a strong
foundation in healthcare risk, security,
privacy, and regulatory compliance.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security Assurance

Certification (ISC)2

6. CERTIFIED CYBER FORENSICS

PROFESSIONAL
Computer forensics specialists analyze
hardware and software to gather
evidence for criminal or private
investigations, employed by law
enforcement, corporate security, or
private consulting firms.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

7 Information Security Assurance

Certification (ISC)2

7. CERTIFIED INFORMATION SYSTEMS

SECURITY PROFESSIONAL

Have knowledge and experience to

design, develop and manage the
overall security posture of an
organization.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

Additional Professional
Certification under CISSP

Information Systems Architecture

Professional (CISSP-ISSAP)

• Prove your expertise developing, designing and

analyzing security solutions.
• Excel at giving risk-based guidance to senior
management in order to meet organizational
goals.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

Additional Professional
Certification under CISSP

Information Systems Security Engineering

Professional (CISSP-ISSEP)

• Show your keen ability to practically apply

systems engineering principles and processes
to develop secure systems.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

Additional Professional
Certification under CISSP

Information Systems Security Management

Professional (CISSP-ISSMP)

• Excel establishing, presenting and governing

information security programs.
• Demonstrate deep management and
leadership skills.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

2. Global Information Assurance Certification (GIAC) by

SANS

• Develops and implements certificate programs

for information security.
• More than 30 certifications for cyber security
correspond with SANS training and guarantee
mastery in vital, advanced InfoSec domains

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

2. Global Information Assurance Certification (GIAC) by

SANS

GIAC identifies several job disciplines in the

information security:

• Audit
• Forensics
• Legal
• Management
• Security administration
• Software security

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

Global Information
Assurance Certification
(GIAC by SANS)
Job Discipline, Level
and Credential

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

3. CompTIA Security+

• A global certification that validates the baseline

skills necessary to perform core security functions
and pursue an IT security career.
• Compliant with ISO 17024 standards and
approved by the DoD 8140/8570.01-M
requirements.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

4. Certified Internet Webmaster (CIW)

• CIW credentials concentrate on both general

and web security.
• It basically needs to complete the
requirement of the other vendor-neutral
certifications.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

4. Certified Internet Webmaster (CIW)

Credentials that satisfy CIW requirements include:

• (ISC)2 SCCP or CISSP
• Various GIAC credentials
• CompTIA Security+
• Several vendor-specific credentials

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

4. Certified Internet Webmaster (CIW)

• CIW Web Security Associate

Shall pass Web Security Associate Exam (1DO-571)

• CIW Web Security Specialist

Shall pass Web Security Associate Exam (1DO-571)
Earn ONE credential from CIW- approved credential list

• CIW Web Security Professional

Shall pass Web Security Associate Exam (1DO-571)
Earn TWO credentials from CIW- approved credential list

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

5. Information Systems Audit & Control Association

( ISACA)

• An international professional association focused

on IT (Information Technology) governance.

• Offers four certifications for IT security

professionals: CISA, CISM, CGEIT, and CRISC.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR-NEUTRAL PROFESSIONAL CERTIFICATIONS

ISACA offers the following:

CISA (Certified Information Systems Auditor):

CISA • CISA is primarily focused on information systems
auditing, control, and assurance.

CISM (Certified Information Security Manager):

CISM • CISM is about managing and leading teams that keep
computer systems secure.

CGEIT (Certified in the Governance of Enterprise IT):

CGEIT • CGEIT is about making sure that computer systems and
IT are helping a business achieve its goals.

CRISC (Certified in Risk and Information Systems Control):

CRISC • CRISC is about managing and reducing the risks that
computer systems can have.

IT- IAS01
Lesson 2: GOVERNANCE
Lesson 2: GOVERNANCEAND
ANDRISK
RISK MANAGEMENT
MANAGEMENT
 VENDOR-SPECIFIC
PROFESSIONAL
CERTIFICATIONS

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Vendor- Specific Professional
Certifications

• Vendors of hardware and software products provide Technical

Certifications.
• A certificate signifies competence in the line of product of a specific
vendor.
• Perform various types of tests and if an applicant satisfies qualification
criteria, the applicant has a certain degree of competence and
competencies.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS

1. CISCO SYSTEMS

• One of the main producers of software and network protection tools.

• They provide its networking products a variety of certifications.
• They also offer many different levels of qualification along various paths.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
Vendor- Specific Professional Certifications

CERTIFICATIONS

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS

2. JUNIPER NETWORK

• Juniper Networks builds a combination of hardware and software for network

security.
• Like CISCO, they also provide a wide set of certifications for their product line.
• Basically, Juniper Networks offer Four levels from 11 different tracks.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS
Lesson 2: GOVERNANCE AND RISK MANAGEMENT

JUNIPER
NETWORKS

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS

3. RSA

• RSA Global is a supplier of workplace health, risk and

regulatory solutions. They offer innovative courses to help
the safety of professional use of products effectively. They
also conduct licenses on RSA Archer and RSA SecrID

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS

4. SYMANTEC

Symantec a cybersecurity company offers a wide range of product safety

software. They test applicants on its product lines for certifications, including:

• Administration of Symantec NetBackup for UNIX

• Administration of Symantec Enterprise Vault for Exchange
• Administration of Symantec Endpoint Protection
• Administration of Symantec NetBackup for Windows

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS

5. CHECK POINT

• Check Point is a Global network and security system, and

software producer.

• They provide educational and qualification pathways for safety

practitioners to promote awareness and skills. They require their
applicants to pass an 80% examination from study materials
and 20% practical experience.

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
VENDOR- SPECIFIC PROFESSIONAL CERTIFICATIONS

CHECK POINT CERTIFICATIONS

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 Summary of Professional Certifications
Vendor- Specific
Vendor-Neutral

• (ISC)2 • CISCO Systems

• Global Information Assurance • Juniper Networks
Certification (GIAC-SANS) • RSA Global
• Certified Internet Webmaster • Symantec
(CIW) • Check Point
• CompTIA Security+
• ISACA

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 QUESTION AND
ANSWER

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

Which certifications for individuals aspiring to

have greater information security skills, and is
known for certifications like CISSP and HCISPP?

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

What is the primary focus of CIW certifications?

a) General and web security.
b) Database management
c) IT and Internet technology
d) Cloud computing

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

The highest rank on CISCO certification is,

a. Engineer
b. Architect
c. Associate
d. Expert

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

GIAC certifications correspond with which

organization's training programs?
a) ISACA
b) (ISC)2
c) SANS
d) CompTIA+

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
Question anD answer
Lesson 2: GOVERNANCE AND RISK MANAGEMENT

A supplier of workplace health, risk and

regulatory solutions

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

Which ISACA certification is specifically

designed for IT auditors?
a) CISM
b) CISSP
c) CGEIT
d) CISA

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

What exam must an applicant pass to become

a CIW Web Security Professional?
a) CIW Web Security Associate Exam
b) CIW Web Development Expert Exam
c) CIW Web Security Specialist Exam
d) CompTIA Security+ Exam

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

How many levels of qualification does Juniper Networks

offer in their certification program?
a) Two
b) Three
c) Four
d) Five

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

Enumerate the 5 Vendor Neutral Professional

Certifications

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
QUESTION AND ANSWER

Enumerate the Vendor SPECIFIC

Professional Certifications

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
 SEATWORK #3

Vendor-Specific and Vendor-Neutral are two

different approaches to certifications and
technology training in the IT and
cybersecurity industry. How do they differ?
When to pick Vendor Neutral and when to pick Vendor Specific?

IT- IAS01
Lesson 2: GOVERNANCE AND RISK MANAGEMENT
References Lesson 2: Governance anD Risk
Management

2018 Jones and Bartlett

Learning, LLC; An Ascend
Learning Company

Nueva Ecija University of Science and Technology

college of information and communications technology