Certification and Training in Information Security

Slide Note
Embed
Share

This content covers various aspects of certification and training in the field of information security, including organizational information security outlines, positions in information security personnel, and professional certifications from renowned organizations. It also provides insights into different certifying organizations relevant to system administration, networking, and security, along with popular certifications offered by vendors and neutral bodies. The content further includes an organizational chart depicting information security personnel at OSU.

buck
buck Follow

Uploaded on Jul 25, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Certification and Training

  2. Outline Organizational information security In general At OSU Professional information security certification personnel

  3. Information Security Personnel (1) Figure 11.2. Positions in Information Security (redrawn)

  4. Information Security Personnel (2) Chief security officer (CSO): Head of security, CIO and execs Manages org s info. sec. program and policies Works on strategic, tactical, operational plans Handles security budgeting, personnel Usually needs college degree and CISSP Security manager: handles org s info. sec. program on a daily basis Develops/implements policies under CSO s guidance Monitors progress of organization s info. sec. program Handles incident response, disaster recovery, risk assessment Usually needs college degree, CISSP Security technician: deploys/manages firewalls, IDSs, etc. under security manager s guidance reports to

  5. OSU Information Personnel Security Chart Org Michael Drake osu President I I Board of Trustees Michael Hofherr VP, CIO I I I I I I I I I Kristina Davis Interim Director, Finance Helen Patton Assoc. VP, Chief Info. Sec. Officer I Katherine Keune Chief Commun. Officer Liv Robert Griffiths Assoc. VP, Online Edu. Leslie Wei bush Special Asst. to VP, CIO David Kieffer Assoc. VP, Admin. Syst. Gjestvang Assoc. VP, Learning Tech. Diane Susan Hatfield Exec. Asst. Laura Palko HR Director Dagefoerde Deputy CIO l I l I I I Steve Romig Director, Security; Advisor Ryan Traptow Assoc. Director, Security Diana Morawetz Office Admin. Associate Gary Clark Director Information Risk Mgmt. Rich Nagle Deputy Chief Info. Sec. Officer Holly Drake Chief Privacy Officer Security managers; technicians below Source: https://orgchart.osu.edu/organization/ocioodee

  6. Professional Certifications Information System Audit and Control Association (ISACA) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Int l. Information Systems Security Certification Consortium (ISC) Certified Information System Security Professional (CISSP) System Security Certified Practitioner (SSCP) Int l. Information System Forensics Association (IISFA) Certified Information Forensics Investigator (CIFI) Many require candidates have professional security experience/college degree, no criminal record

  7. Other Certifying Organizations System Administration, Networking, and Security Institute (SANS) Global Information Assurance Certification (GIAC) Information System Security Association (ISSA) American National Standards Institute (ANSI) Computer Professional for Social Responsibility (CPSR) Companies: Microsoft, Cisco, etc. (vendor-specific) Int l. Society of Forensic Computer Examiners (ISFCE) CompTIA: A+ certs (vendor-neutral)

  8. CISSP Concentrations Information Professional Architecture Information Professional Engineering Information Professional Management System Security Architecture (ISSAP): Concentration in System Security Engineering (ISSEP): Concentration in System Security Architecture (ISSMP): Concentration in

  9. CISA Exam Content Areas CISA Exam (Six Domains) IS Audit Process (10%) IT Governance (15%) Systems and Infrastructure LifeCycle (16%) IT Service Delivery and Support (14%) Protection of Information Assets (31%) Business Continuity and Disaster Recovery (14%)

  10. CISM Exam Content Area CISM Exam (Five Domains) Information Security Governance Risk Management (21%) Information Security Program Management (21%) Information Security Management (24%) Response Management (13%) (21%)

  11. CISSP Exam Content Area (1) CISSP Exam (10 Domains) Access Control Systems and Methodology Business Continuity Planning (BCP), Disaster Recovery Planning (DRP) Cryptography Law, Investigation and Ethics Operations Security Telecommunications and Network Security Applications and Systems Development Security Physical Security Security Security Architecture and Models Management Practices

  12. SSCP Exam Content Area SSCP Exam (7 Domains) Access Control Administration Audit and Monitoring Cryptography Data Communications Malicious Code/Malware Risk, Response and Recovery

  13. CIFI Exam Content Area CIFI Exam (6 Domains) Auditing Incident Response Law and Investigation Tools and Techniques Traceback Countermeasures

  14. Training, Seminars and Conferences http://www.issa.org/ http://www.isaca.org/ https://www.isc2.org http://www.ansi.org/ http://www.sans.org/ http://www.giac.org/ http://www.infoforensics.org

  15. Professional Publications ISACA: Information Systems Control Journal (ISC)2: The (ISC)2Journal (Information Systems Security) ISSA: The ISSA Journal

  16. Chapters and Membership Chapters: local and worldwide Membership ISACA is a leading information technology organization representing more than 50,000 individual members in more than 140 countries. ISSA has over 13,000 members worldwide

  17. Summary CSO, Infosec personnel generally include security manager, and technicians Real-world org charts may vary Professional organizations Recommendations: CIS/CSE Majors: CISSP (most prestigious) SSCP MIS (College of Business) CISA CISM offer infosec certs

  18. Reference [1] Class note by Adam C. Champion, Ph.D.

Related


Initial Teacher Certification Webinar Overview

Initial Teacher Certification Webinar Overview

minerva
MTM Certification Process

MTM Certification Process

keziah
ACSI Certification Process for Early Education: Strengthening Christian Schools

ACSI Certification Process for Early Education: Strengthening Christian Schools

ssaj
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
New York Peer Specialist Certification Board Updates and Certification Levels

New York Peer Specialist Certification Board Updates and Certification Levels

zuzanna
TSA Updates on Security Training Rule for OTRB Companies

TSA Updates on Security Training Rule for OTRB Companies

aziza
Cash Handling Training Certification Overview

Cash Handling Training Certification Overview

sylas
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING

CAMPUS SECURITY AUTHORITY (CSA) TRAINING CAMPUS SECURITY AUTHORITY (CSA) TRAINING

croix
Understanding U Visa Certification Law Training for Certifiers

Understanding U Visa Certification Law Training for Certifiers

keanu
Transforming Buildings with EDGE Certification

Transforming Buildings with EDGE Certification

franz
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
New Jersey Educator Certification System Training Overview

New Jersey Educator Certification System Training Overview

dhruv
Understanding Computer Security Principles and Practices

Understanding Computer Security Principles and Practices

jos_o
Understanding Information Security Policies for Effective Cybersecurity

Understanding Information Security Policies for Effective Cybersecurity

ritenour_s
WISEstaff Data Collection and Certification Process Overview

WISEstaff Data Collection and Certification Process Overview

katrina
Understanding Information Security Basics

Understanding Information Security Basics

ryley
International Approaches to Enhance Nuclear Safety and Security

International Approaches to Enhance Nuclear Safety and Security

mazarine
Overview of Social Security and Health Care System in Turkey

Overview of Social Security and Health Care System in Turkey

violeta
Understanding Provable Security Models in Cryptography

Understanding Provable Security Models in Cryptography

donoghue_e
Evolving Security Practices in DevOps: A Holistic Approach

Evolving Security Practices in DevOps: A Holistic Approach

madisyn
BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna
Enhancing Security Definitions for Functional Encryption

Enhancing Security Definitions for Functional Encryption

kalila
AEP Enterprise Security Program Overview - June 2021 Update

AEP Enterprise Security Program Overview - June 2021 Update

aubriella

More Related Content

Understanding Transport Layer Security (TLS)
Understanding Transport Layer Security (TLS)
Understanding ISO/IEC 27001:2013 Information Security Management System
Understanding ISO/IEC 27001:2013 Information Security Management System
Opportunities for Small Businesses through PWSBE Certification
Opportunities for Small Businesses through PWSBE Certification
Understanding Security Onion: Network Security Monitoring Tools
Understanding Security Onion: Network Security Monitoring Tools
CNA Gerontological Nursing Certification
CNA Gerontological Nursing Certification
Teacher Certification and Evaluation Program Phases Overview
Teacher Certification and Evaluation Program Phases Overview
Understanding OMWBE Certification and Business Directory
Understanding OMWBE Certification and Business Directory
Understanding SFO Certification and Its Benefits
Understanding SFO Certification and Its Benefits
National Board Certification Overview & Process Updates
National Board Certification Overview & Process Updates
Teacher Certification Procedures in Different Canadian Provinces
Teacher Certification Procedures in Different Canadian Provinces
ePollbook & Voting System Certification
ePollbook & Voting System Certification
ISO Certification Services for Quality and Environmental Management
ISO Certification Services for Quality and Environmental Management
Certification of Core Flight Software (cFS) for NASA's Gateway Program
Certification of Core Flight Software (cFS) for NASA's Gateway Program
Information Security Management System (ISMS)
Information Security Management System (ISMS)
Understanding Security Categorization of Information Systems
Understanding Security Categorization of Information Systems
Understanding Security Management in an ICT Environment
Understanding Security Management in an ICT Environment
Understanding PeopleSoft Security: A Comprehensive Guide
Understanding PeopleSoft Security: A Comprehensive Guide
Mandatory Testing & Certification of Telecom Equipment (MTCTE) - ISO 9001:2015 Brief
Mandatory Testing & Certification of Telecom Equipment (MTCTE) - ISO 9001:2015 Brief
Overview of VA Research Support Division Program
Overview of VA Research Support Division Program
Efficient Skills Gap Analysis with AWS Training and Certification
Efficient Skills Gap Analysis with AWS Training and Certification
Information Security and Machine-Level Security Concepts
Information Security and Machine-Level Security Concepts
Private Security Training: Law, Regulations, and Civil Liability
Private Security Training: Law, Regulations, and Civil Liability
Understanding Postdoctoral Training in Psychology
Understanding Postdoctoral Training in Psychology
IQCS and Incident Qualifications: Enhancing Certification Systems
IQCS and Incident Qualifications: Enhancing Certification Systems