CSCE 727 Industry Certifications in IA. Global IA Workforce Trends A Frost & Sullivan Market Survey Sponsored by (ISC) 2® Prepared by Robert Ayoub, CISSP,

Slides:



Advertisements
Similar presentations
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Networking Academy Advanced Technology Update June 19, 2008.
Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Security and Personnel
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1 Interconnecting Cisco Networking Devices Part 1 (ICND1 v1.0)
INFORMATION SECURITY MANAGEMENT L ECTURE 10: P ERSONNEL & S ECURITY You got to be careful if you don’t know where you’re going, because you might not get.
Security Controls – What Works
Information Systems Security Officer
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Overview CSE 465 Information Assurance
Mohammad Alshayeb 19 May Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.
(c) 2004 Allan Berg Building the Security Workforce of Tomorrow Allan Berg University of Dallas Graduate School of Management.
Security Certification
What is CISSP Anyway? A Presentation by: George L. McMullin II, CISSP COO, CorpNet Security, Inc. Executive Director, NEbraskaCERT.
The National Institute for Certification in Engineering Technologies The “Hands-On” Partner of the Engineering Team.
Internal Auditing and Outsourcing
Certification and Training Presented by Sam Jeyandran.
W. Hord Tipton, CISSP- ISSEP, CAP, CISA (ISC)² Executive Director.
Cisco Networking Certifications & Career Paths Associate, Professional & Expert Main Paths Linked to Specialist.
SEC835 Database and Web application security Information Security Architecture.
Assured Information Solutions, LLC Securing the Life Blood of Business - INFORMATION Christopher D. Peele CISSP-ISSEP Chief IA Analyst.
Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas CISSP Certification and GIAC/GCFA.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire.
Certified Software Development Associate. Slide 2 What Is the IEEE Computer Society? l The IEEE CS was established in 1946, has nearly 100,000 members.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)
CSCE 727 Information Warfare
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Computer Science and Engineering 1 Future of Cyber Security.
CISSP Thomas Moore. Thomas Moore, Ph.D., EMBA BCSA BCSP LCNAD CISM CISSP LMNOP (Licensed Microsoft Network Operations Professional) B.S. No, really, in.
Information Security: A Growth Career Lynn McNulty, CISSP Director of Government Affairs (ISC) 2 September 27, 2007.
CISSP Best Practices Guide to the Basics of Certified Information Systems Security Professional 1 The Certified Information System Security Professional.
CSCE 548 Security Standards Awareness and Training.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Center for Cybersecurity Research and Education (CCRE)
Information Assurance – A Technology Transfer Success Story Deidre W. Evans, Edward L. Jones, Christy L. Chatmon Computer and Information Sciences Department.
E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA Concentrations June 24, 2008 Cisco Confidential.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 3: Certification Programs and the Common Body of Knowledge.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?
Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part II.
2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)
Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Cisco Professional Certifications Exam
CCSP Cisco Certified Security Professional Certification Exam Preparation Course in a Book for Passing the CCSP Exam - The How To Pass on Your First Try.
IS4680 Security Auditing for Compliance
CISSP-ISSEP® - Certified Information Systems Security Professional
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
ISSAP Class A. Padgett Peterson, P.E., CISSP 24 August, 2011
: CCNA Security Certification
CISSP TRAINING IN.
IT Technician Pathway - Cybersecurity
Building the Security Workforce of Tomorrow
Building the Security Workforce of Tomorrow
Cyber Security professions Overview
Security week 1 Introductions Class website Syllabus review
Information Services Security Management
Data and Applications Security Developments and Directions
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
OU BATTLECARD: Oracle Identity Management Training
Presentation transcript:

CSCE 727 Industry Certifications in IA

Global IA Workforce Trends A Frost & Sullivan Market Survey Sponsored by (ISC) 2® Prepared by Robert Ayoub, CISSP, Global Program Director, Information Security – CISSP® - Certified Information Systems Security Professional, Electronic survey, conducted through a Web-based portal Information Warfare - Farkas2

Summary of Findings Increased stress for IA service providers: extended context of protection (system, data, reputation, end-users, customers) Gap between needed skills and skills of workforce Ill-prepared workforce for future threats Growing area for workforce, need better training Information Warfare - Farkas3

Summary of Findings Number one threat: application vulnerability (secure software development) Number two threat: security for mobile devices (policies and tools) New threat: social media (lack of control) Skills gap between IA professionals, e.g., dealing with new technologies, such as cloud computing Information Warfare - Farkas4

Good News for IA Professionals IA professionals weathered economic recession well IA workforce is forecasted to show strong growth Good salary Information Warfare - Farkas5

Back to the IA workforce survey Role of IA professionals: – Changing from technology oriented to a multi- faceted job – Must address: regulatory compliance, human resource, legal compliance, data security, threats via new technologies, loss of control (e.g., cloud environment) Information Warfare - Farkas6

Demand for IA Workforce Worldwide: – 2010: 2.28 million – 2015: 4.24 (projected) – Compound Annual Growth Rate: 13.2% Americas: – 2010: 920,845 – 2015: 1,785, – Compound Annual Growth Rate: 14.2% Information Warfare - Farkas7

New Technologies Major impact on IA: – Mobile devices – Cloud computing – Social media Information Warfare - Farkas8

IA Spending Trend Chances since 2007: Increase/same/decrease WorldwideAmericas Personnel:34/57/933/58/9 HW & SW:37/55/836/56/8 Professional services:25/66/923/68/9 Outsource:28/63/925/66/9 Information Warfare - Farkas9

IA Training and Certification WorldwideAmericas Training and Education:33/57/1031/59/10 Certification: 28/62/1027/63/10 Education level (current): Worldwide/Americas High school: 11/12 B.S.: 48/50 M.S.: 38/36 Ph.D.:3/3 Information Warfare - Farkas10

Salary 2011 Annual salary(ISC) 2® Member/non-member Worldwide: $98,600/$78,500 Americas: $106,900/$92,900 Information Warfare - Farkas11

Security Certification Hiring criteria by organizations – Worldwide: 44% very important, 45% important – Americas: 45% very important, 44% important Top reasons for requiring certification: – Employee competence, quality of work, regulatory requirements, company image and reputation, etc. Information Warfare - Farkas12

Growing Need for Training Information risk management 47% Application and system development security 41% Forensics 39% End-user security awareness 39% Security architecture and models 38% Access control systems and methodology 38% Security management practices 37% Business continuity and disaster recovery planning 34% Information Warfare - Farkas13

What kind of certifications to get? Where to get it? How much is it going to cost? Etc. Information Warfare - Farkas14

Information Assurance Certifications National Training Standards Industry certification Information Warfare - Farkas15

Information Warfare - Farkas16 National Training Standards Committee on National Security Systems (CNSS) and the National Security Agency (NSA)  National Training Standards – CNSS-4011, National Training Standard for Information Systems Security (INFOSEC) Professionals CNSS-4011 – CNSS-4012, National Information Assurance Training Standard for Senior Systems Managers (SSM) CNSS-4012 – CNSS-4013, National Information Assurance Training Standard For System Administrators (SA) CNSS-4013 – CNSS-4014, Information Assurance Training Standard for Information Systems Security Officers (ISSO) CNSS-4014 – CNSS-4015, National Training Standard for Systems Certifiers (SC) CNSS-4015 – CNSS-4016, National Information Assurance Training Standard For Risk Analysts (RA) CNSS-4016   

USC Courses and CNSS Certifications NSTISSI-4011, National Training Standard for Information Systems Security (INFOSEC) Professionals NSTISSI-4011 – CSCE 522 NSTISSI-4013, National Information Assurance Training Standard For System Administrators (SA) NSTISSI-4013 – CSCE 522, CSCE 715 NSTISSI-4014, Information Assurance Training Standard for Information Systems Security Officers (ISSO) NSTISSI-4014 – CSCE 522, CSCE 715, CSCE 727 Information Warfare - Farkas17

Information Warfare - Farkas18 CNSS-4011 National Training Standard for Information Systems Security (INFOSEC) Professionals Base-level of training Provides the minimum course content for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications security and automated information systems (AIS) security.

Information Warfare - Farkas19 CNSS-4011 National Security Telecommunications and Information Systems Security Directive No. 501 establishes the requirement for federal departments and agencies to implement training programs for INFOSEC professionals. INFOSEC professionals: responsible for the security oversight or management of national security systems during phases of the life cycle.

Information Warfare - Farkas20 CNSS-4011 Training Standards: two levels – “Awareness Level: Creates a sensitivity to the threats and vulnerabilities of national security information systems, and a recognition of the need to protect data, information and the means of processing them; and builds a working knowledge of principles and practices in INFOSEC.”

Information Warfare - Farkas21 CNSS-4011 “Performance Level: Provides the employee with the skill or ability to design, execute, or evaluate agency INFOSEC security procedures and practices. This level of understanding will ensure that employees are able to apply security concepts while performing their tasks.”

Information Warfare - Farkas22 Awareness-level Instructional Content Behavioral Outcomes Topical Content

Information Warfare - Farkas23 Information Systems Security Model “…acknowledges information, not technology, as the basis for our security efforts. The actual medium is transparent in the model. This eliminates unnecessary distinctions between Communications Security (COMSEC), Computer Security (COMPUSEC), Technical Security (TECHSEC), and other technology-defined security sciences. As a result, we can model the security relevant processes of information throughout an entire information system automated or not.“

Information Warfare - Farkas24 Security Model Confidentiality Integrity Availability Characteristics Transmission StorageProcessing State Third Dimension Technology Policy Education, training, awareness

Industry Certifications Information security certification governed by the International Information Systems Security Certification Consortium (ISC)² Cisco Many more… Information Warfare - Farkas25

International Information Systems Security Certification Consortium, Inc., (ISC)²® Internationally accepted Good reputation Membership Information Warfare - Farkas26

Certifications Associate of (ISC)² SSCP® - Systems Security Certified Practitioner CAP® - Certified Authorization Professional CSSLP® - Certified Secure Software Lifecycle Professional CISSP® - Certified Information Systems Security Professional CISSP® - concentrations, architecture, engineering, management Information Warfare - Farkas27

Certification Process Required Experience Study Application Examination (ISC)² Code of Ethics Endorsement Process Information Warfare - Farkas28

Years of Experience Associate of (ISC)² - none SSCP® - 1 year CAP® - 2 years CSSLP® - min. 4 years in SDLC CISSP® - min. 5 years full time Information Warfare - Farkas29

Seminar Cost # of days/cost Associate of (ISC)² - 5/$2,695 SSCP® - 5/$2,695 CAP® - 2/$1,095 CSSLP® - 5/$2,695 CISSP® - 5/$2,695 Information Warfare - Farkas30

Exam Cost Hours of exam/cost Associate of (ISC)² - 6/$599 SSCP® - 3/$300 CAP® - 3/$469 CSSLP® - 4/$599 CISSP® - 6/$599 Information Warfare - Farkas31

Information Warfare - Farkas32 Certified Information Systems Security Professional (CISSP) Information security certification governed by the International Information Systems Security Certification Consortium (ISC)², June, 2004, the CISSP program earned the ANSI ISO/IEC Standard 17024:2003 accreditation Formally approved by DoD in categories: Information Assurance Technical (IAT) and Managerial (IAM) categories Has been adopted as a baseline for the U.S. National Security Agency's ISSEP program

Information Warfare - Farkas33 CISSP – Common Body of Knowledge Based on the CIA triad Ten areas of interest (domains): 1. Access Control 2. Application Security 3. Business Continuity and Disaster Recovery Planning 4. Cryptography 5. Information Security and Risk Management 6. Legal, Regulations, Compliance and Investigations 7. Operations Security 8. Physical (Environmental) Security 9. Security Architecture and Design 10. Telecommunications and Network Security

Information Warfare - Farkas34 Specialized Concentrations Information Systems Security Architecture Professional (ISSAP), Concentration in Architecture Information Systems Security Engineering Professional (ISSEP), Concentration in Engineering Information Systems Security Management Professional (ISSMP), Concentration in Management

Cisco Levels of certification Network security: – Entry-level: CCENT – Associate: CCNA Security (CNSS 4013) – Professional: CCSP, CCNP Security (CNSS 4011) – Expert: CCIE Service Provider Information Warfare - Farkas35

Cisco: Entry, and Associate- level CCENT: Cisco Certified Entry Networking Technician, certification_level_home.html certification_level_home.html CCNA: Cisco Certified Network Associate, CCNA Security: g_certification_type_home.html g_certification_type_home.html – develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threat Information Warfare - Farkas36

Cisco – Professional level Old: CCSP: Cisco Certified Security Professional, tification_type_home.html tification_type_home.html – advanced knowledge and skills required to secure Cisco networks New: CCNP Security: Cisco Certified Network Professional Security, fication_type_home.html fication_type_home.html – Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions Information Warfare - Farkas37

Cisco – Expert level CCIE: Cisco Certified Internetwork Expert CCIE Security, – No formal prerequisites – 2-hour written exam – 8-hour hands-on Cost: – CCIE written exam: $350 – CCIE lab exam: $1,400 Information Warfare - Farkas38

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.