Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 727 Industry Certifications in IA. Global IA Workforce Trends A Frost & Sullivan Market Survey Sponsored by (ISC) 2® Prepared by Robert Ayoub, CISSP,

Published byElaine Reed Modified over 9 years ago

Similar presentations

Presentation on theme: "CSCE 727 Industry Certifications in IA. Global IA Workforce Trends A Frost & Sullivan Market Survey Sponsored by (ISC) 2® Prepared by Robert Ayoub, CISSP,"— Presentation transcript:

1 CSCE 727 Industry Certifications in IA

2 Global IA Workforce Trends A Frost & Sullivan Market Survey Sponsored by (ISC) 2® Prepared by Robert Ayoub, CISSP, Global Program Director, Information Security – CISSP® - Certified Information Systems Security Professional, https://www.isc2.org/CISSP/Default.aspx https://www.isc2.org/CISSP/Default.aspx Electronic survey, conducted through a Web-based portal Information Warfare - Farkas2

3 Summary of Findings Increased stress for IA service providers: extended context of protection (system, data, reputation, end-users, customers) Gap between needed skills and skills of workforce Ill-prepared workforce for future threats Growing area for workforce, need better training Information Warfare - Farkas3

4 Summary of Findings Number one threat: application vulnerability (secure software development) Number two threat: security for mobile devices (policies and tools) New threat: social media (lack of control) Skills gap between IA professionals, e.g., dealing with new technologies, such as cloud computing Information Warfare - Farkas4

5 Good News for IA Professionals IA professionals weathered economic recession well IA workforce is forecasted to show strong growth Good salary Information Warfare - Farkas5

6 Back to the IA workforce survey Role of IA professionals: – Changing from technology oriented to a multi- faceted job – Must address: regulatory compliance, human resource, legal compliance, data security, threats via new technologies, loss of control (e.g., cloud environment) Information Warfare - Farkas6

7 Demand for IA Workforce Worldwide: – 2010: 2.28 million – 2015: 4.24 (projected) – Compound Annual Growth Rate: 13.2% Americas: – 2010: 920,845 – 2015: 1,785, – Compound Annual Growth Rate: 14.2% Information Warfare - Farkas7

8 New Technologies Major impact on IA: – Mobile devices – Cloud computing – Social media Information Warfare - Farkas8

9 IA Spending Trend Chances since 2007: Increase/same/decrease WorldwideAmericas Personnel:34/57/933/58/9 HW & SW:37/55/836/56/8 Professional services:25/66/923/68/9 Outsource:28/63/925/66/9 Information Warfare - Farkas9

10 IA Training and Certification WorldwideAmericas Training and Education:33/57/1031/59/10 Certification: 28/62/1027/63/10 Education level (current): Worldwide/Americas High school: 11/12 B.S.: 48/50 M.S.: 38/36 Ph.D.:3/3 Information Warfare - Farkas10

11 Salary 2011 Annual salary(ISC) 2® Member/non-member Worldwide: $98,600/$78,500 Americas: $106,900/$92,900 Information Warfare - Farkas11

12 Security Certification Hiring criteria by organizations – Worldwide: 44% very important, 45% important – Americas: 45% very important, 44% important Top reasons for requiring certification: – Employee competence, quality of work, regulatory requirements, company image and reputation, etc. Information Warfare - Farkas12

13 Growing Need for Training Information risk management 47% Application and system development security 41% Forensics 39% End-user security awareness 39% Security architecture and models 38% Access control systems and methodology 38% Security management practices 37% Business continuity and disaster recovery planning 34% Information Warfare - Farkas13

14 What kind of certifications to get? Where to get it? How much is it going to cost? Etc. Information Warfare - Farkas14

15 Information Assurance Certifications National Training Standards Industry certification Information Warfare - Farkas15

16 Information Warfare - Farkas16 National Training Standards Committee on National Security Systems (CNSS) and the National Security Agency (NSA)  National Training Standards – CNSS-4011, National Training Standard for Information Systems Security (INFOSEC) Professionals CNSS-4011 – CNSS-4012, National Information Assurance Training Standard for Senior Systems Managers (SSM) CNSS-4012 – CNSS-4013, National Information Assurance Training Standard For System Administrators (SA) CNSS-4013 – CNSS-4014, Information Assurance Training Standard for Information Systems Security Officers (ISSO) CNSS-4014 – CNSS-4015, National Training Standard for Systems Certifiers (SC) CNSS-4015 – CNSS-4016, National Information Assurance Training Standard For Risk Analysts (RA) CNSS-4016   

17 USC Courses and CNSS Certifications NSTISSI-4011, National Training Standard for Information Systems Security (INFOSEC) Professionals NSTISSI-4011 – CSCE 522 NSTISSI-4013, National Information Assurance Training Standard For System Administrators (SA) NSTISSI-4013 – CSCE 522, CSCE 715 NSTISSI-4014, Information Assurance Training Standard for Information Systems Security Officers (ISSO) NSTISSI-4014 – CSCE 522, CSCE 715, CSCE 727 Information Warfare - Farkas17

18 Information Warfare - Farkas18 CNSS-4011 National Training Standard for Information Systems Security (INFOSEC) Professionals Base-level of training Provides the minimum course content for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications security and automated information systems (AIS) security.

19 Information Warfare - Farkas19 CNSS-4011 National Security Telecommunications and Information Systems Security Directive No. 501 establishes the requirement for federal departments and agencies to implement training programs for INFOSEC professionals. INFOSEC professionals: responsible for the security oversight or management of national security systems during phases of the life cycle.

20 Information Warfare - Farkas20 CNSS-4011 Training Standards: two levels – “Awareness Level: Creates a sensitivity to the threats and vulnerabilities of national security information systems, and a recognition of the need to protect data, information and the means of processing them; and builds a working knowledge of principles and practices in INFOSEC.”

21 Information Warfare - Farkas21 CNSS-4011 “Performance Level: Provides the employee with the skill or ability to design, execute, or evaluate agency INFOSEC security procedures and practices. This level of understanding will ensure that employees are able to apply security concepts while performing their tasks.”

22 Information Warfare - Farkas22 Awareness-level Instructional Content Behavioral Outcomes Topical Content

23 Information Warfare - Farkas23 Information Systems Security Model “…acknowledges information, not technology, as the basis for our security efforts. The actual medium is transparent in the model. This eliminates unnecessary distinctions between Communications Security (COMSEC), Computer Security (COMPUSEC), Technical Security (TECHSEC), and other technology-defined security sciences. As a result, we can model the security relevant processes of information throughout an entire information system automated or not.“

24 Information Warfare - Farkas24 Security Model Confidentiality Integrity Availability Characteristics Transmission StorageProcessing State Third Dimension Technology Policy Education, training, awareness

25 Industry Certifications Information security certification governed by the International Information Systems Security Certification Consortium (ISC)² Cisco Many more… Information Warfare - Farkas25

26 International Information Systems Security Certification Consortium, Inc., (ISC)²® Internationally accepted Good reputation Membership Information Warfare - Farkas26

27 Certifications Associate of (ISC)² SSCP® - Systems Security Certified Practitioner CAP® - Certified Authorization Professional CSSLP® - Certified Secure Software Lifecycle Professional CISSP® - Certified Information Systems Security Professional CISSP® - concentrations, architecture, engineering, management Information Warfare - Farkas27

28 Certification Process Required Experience Study Application Examination (ISC)² Code of Ethics Endorsement Process Information Warfare - Farkas28

29 Years of Experience Associate of (ISC)² - none SSCP® - 1 year CAP® - 2 years CSSLP® - min. 4 years in SDLC CISSP® - min. 5 years full time Information Warfare - Farkas29

30 Seminar Cost # of days/cost Associate of (ISC)² - 5/$2,695 SSCP® - 5/$2,695 CAP® - 2/$1,095 CSSLP® - 5/$2,695 CISSP® - 5/$2,695 Information Warfare - Farkas30

31 Exam Cost Hours of exam/cost Associate of (ISC)² - 6/$599 SSCP® - 3/$300 CAP® - 3/$469 CSSLP® - 4/$599 CISSP® - 6/$599 Information Warfare - Farkas31

32 Information Warfare - Farkas32 Certified Information Systems Security Professional (CISSP) Information security certification governed by the International Information Systems Security Certification Consortium (ISC)², http://www.isc2.org/ http://www.isc2.org/ June, 2004, the CISSP program earned the ANSI ISO/IEC Standard 17024:2003 accreditation Formally approved by DoD in categories: Information Assurance Technical (IAT) and Managerial (IAM) categories Has been adopted as a baseline for the U.S. National Security Agency's ISSEP program

33 Information Warfare - Farkas33 CISSP – Common Body of Knowledge Based on the CIA triad Ten areas of interest (domains): 1. Access Control 2. Application Security 3. Business Continuity and Disaster Recovery Planning 4. Cryptography 5. Information Security and Risk Management 6. Legal, Regulations, Compliance and Investigations 7. Operations Security 8. Physical (Environmental) Security 9. Security Architecture and Design 10. Telecommunications and Network Security

34 Information Warfare - Farkas34 Specialized Concentrations Information Systems Security Architecture Professional (ISSAP), Concentration in Architecture Information Systems Security Engineering Professional (ISSEP), Concentration in Engineering Information Systems Security Management Professional (ISSMP), Concentration in Management

35 Cisco Levels of certification Network security: – Entry-level: CCENT – Associate: CCNA Security (CNSS 4013) – Professional: CCSP, CCNP Security (CNSS 4011) – Expert: CCIE Service Provider Information Warfare - Farkas35

36 Cisco: Entry, and Associate- level CCENT: Cisco Certified Entry Networking Technician, http://www.cisco.com/web/learning/le3/le2/le45/learning_ certification_level_home.html http://www.cisco.com/web/learning/le3/le2/le45/learning_ certification_level_home.html CCNA: Cisco Certified Network Associate, CCNA Security: http://www.cisco.com/web/learning/le3/le2/le0/le1/learnin g_certification_type_home.html http://www.cisco.com/web/learning/le3/le2/le0/le1/learnin g_certification_type_home.html – develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threat Information Warfare - Farkas36

37 Cisco – Professional level Old: CCSP: Cisco Certified Security Professional, http://www.cisco.com/web/learning/le3/le2/le37/le54/learning_cer tification_type_home.html http://www.cisco.com/web/learning/le3/le2/le37/le54/learning_cer tification_type_home.html – advanced knowledge and skills required to secure Cisco networks New: CCNP Security: Cisco Certified Network Professional Security, http://www.cisco.com/web/learning/le3/le2/le37/le9/learning_certi fication_type_home.html http://www.cisco.com/web/learning/le3/le2/le37/le9/learning_certi fication_type_home.html – Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions Information Warfare - Farkas37

38 Cisco – Expert level CCIE: Cisco Certified Internetwork Expert CCIE Security, http://www.cisco.com/web/learning/le3/ccie/security/index.html http://www.cisco.com/web/learning/le3/ccie/security/index.html – No formal prerequisites – 2-hour written exam – 8-hour hands-on Cost: – CCIE written exam: $350 – CCIE lab exam: $1,400 Information Warfare - Farkas38

Download ppt "CSCE 727 Industry Certifications in IA. Global IA Workforce Trends A Frost & Sullivan Market Survey Sponsored by (ISC) 2® Prepared by Robert Ayoub, CISSP,"

Similar presentations

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Networking Academy Advanced Technology Update June 19, 2008.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Networking Academy Advanced Technology Update June 19, 2008.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Security and Personnel

Security and Personnel
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1 Interconnecting Cisco Networking Devices Part 1 (ICND1 v1.0)

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1 Interconnecting Cisco Networking Devices Part 1 (ICND1 v1.0)
INFORMATION SECURITY MANAGEMENT L ECTURE 10: P ERSONNEL & S ECURITY You got to be careful if you don’t know where you’re going, because you might not get.

INFORMATION SECURITY MANAGEMENT L ECTURE 10: P ERSONNEL & S ECURITY You got to be careful if you don’t know where you’re going, because you might not get.
Security Controls – What Works

Security Controls – What Works
Information Systems Security Officer

Information Systems Security Officer
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Overview CSE 465 Information Assurance

Overview CSE 465 Information Assurance
Mohammad Alshayeb 19 May 2009. Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.

Mohammad Alshayeb 19 May Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.
(c) 2004 Allan Berg Building the Security Workforce of Tomorrow Allan Berg University of Dallas Graduate School of Management.

(c) 2004 Allan Berg Building the Security Workforce of Tomorrow Allan Berg University of Dallas Graduate School of Management.
Security Certification

Security Certification
What is CISSP Anyway? A Presentation by: George L. McMullin II, CISSP COO, CorpNet Security, Inc. Executive Director, NEbraskaCERT.

What is CISSP Anyway? A Presentation by: George L. McMullin II, CISSP COO, CorpNet Security, Inc. Executive Director, NEbraskaCERT.
The National Institute for Certification in Engineering Technologies The “Hands-On” Partner of the Engineering Team.

The National Institute for Certification in Engineering Technologies The “Hands-On” Partner of the Engineering Team.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Certification and Training Presented by Sam Jeyandran.

Certification and Training Presented by Sam Jeyandran.
W. Hord Tipton, CISSP- ISSEP, CAP, CISA (ISC)² Executive Director.

W. Hord Tipton, CISSP- ISSEP, CAP, CISA (ISC)² Executive Director.
Cisco Networking Certifications & Career Paths Associate, Professional & Expert Main Paths Linked to Specialist.

Cisco Networking Certifications & Career Paths Associate, Professional & Expert Main Paths Linked to Specialist.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google