Information security professionalism

Information security professionalism

Information security professionalism is the set of knowledge that people working in Information security and similar fields (Information Assurance and Computer security) should have and eventually demonstrate through certifications from well respected organizations. It also encompasses the education process required to accomplish different tasks in these fields.


Educational organizations

In 1989, Carnegie Mellon University established the Information Networking Institute, the United States' first research and education center devoted to information networking. The academic disciplines of computer security, information security and information assurance emerged along with numerous professional organizations during the later years of the 20th century and early years of the 21st century.

Entry into the field can be accomplished through self-study, college or university schooling in the field, or through week long focused training camps. Many colleges, universities and training companies offer many of their programs on-line.

In the United States, the National Security Agency (NSA) has partnered with other organizations to designate a number of colleges and universities as Centers of Academic Excellence in Information Assurance Education, CAE/IAE and Research, CAE/IAE-R. These institutions offer a wide range of undergraduate and graduate-level degree programs, both masters level and doctoral, in IA-related studies and discipline. The current list of designated centers is maintained by NSA.

The Master of Science in Information Assurance (MSIA) and Master of Science in Information Security and Assurance (MSISA) degrees are multidisciplinary degree programs offered by many leading institutions which combine theory with applied learning in order to prepare security practitioners to work in the field of information security.

There is a current and future need for information assurance professionals to support the security needs of the world's information infrastructure. Information Assurance has become a critical issue for businesses in the current era as they wrestle with the problems of external and internal network attack, cyberterrorism, access control systems and regulatory compliance requirements.

National Information Assurance Training and Education Center (NIATEC) is an American consortium of academic, industry, and government organizations to improve the literacy, awareness, training and education standards in Information assurance.

Organization certifications

NIATEC states:[1]

ISO/IEC 17799
Comprises ten prime sections - Security Policy, System Access Control, Computer & Operations Management, System Development and Maintenance, Physical and Environmental Security, Compliance, Personnel Security, Security Organization, Asset Classification and Control, and Business Continuity Management (BCM)
BS 7799
BS 7799 (ISO/IEC 17799) is comprehensive in its coverage of security issues, containing a significant number of control requirements

Professional association and certification

In addition to traditional university degrees, the Information security (IS) and Information assurance (IA) fields boast an extensive set of technical and professional certifications, used to indicate specific training or experience in detailed IA or IS practices, at both the technical implementation and management level. An important aspect of these certifications is that, unlike university degrees, they are not lifetime credentials. Rather, each certification authority mandates recurring continuing education or re-testing in order to retain the credential. Further, the certification knowledge base is usually updated and renewed on a much faster schedule than is possible with university curricula. The IA and IS certification marketplace is crowded and rapidly changing.

NIATEC lists some prominent professional certifications:[1]

International Information Systems Security Certification Consortium - The premier organization dedicated to providing information security professionals and practitioners worldwide with the standard for professional certification. Among its certifications there are:
  • Certified Information Systems Security Professional (CISSP) - Designed to recognize mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK). It is a mid- to senior-level information security certification.
  • Information Systems Security Architecture Professional (ISSAP) advanced certification in information-security architecture,
  • Information Systems Security Engineering Professional (ISSEP) advanced certification in information-security engineering,
  • Information Systems Security Management Professional (ISSMP) advanced certification in information-security management,
  • Systems Security Certified Practitioner (SSCP) - The seven domain covered by examination include - Access Controls, Administration, Audit and Monitoring, Risk, Response and Recovery, Cryptography, Data Communications, and Malicious Code/Malware
Computer Technology Industry Association - CompTIA certification programs are the recognized industry standards for foundation-level information technology (IT) skills. Security+ certification is an entry level security certification
GIAC (Global Information Assurance Certification) administered by the SANS Institute.- Certification address's a range of skill sets including entry level Information Security Officer and broad based Security Essentials, as well as advanced subject areas like Audit, Intrusion Detection, Incident Handling, Firewalls and Perimeter Protection, Forensics, Hacker Techniques, Windows and Unix Operating System Security. The GIAC-GSEC certification is an entry level security certification.

Other well known organizations dealing with security awareness and training are:[2]

Information Assurance practitioners supporting the US Department of Defense are required to hold selected security certifications in accordance with DoD Directive 8570.01-M.

EC-Council offers some certifications: among them Certified Ethical Hacker (CEH)

Membership of the Institute of Information Security Professionals (IISP) is gaining traction in the U.K. as the professional standard for Information Security Professionals.

Within the UK a recognised senior level information security certification is provided by CESG.

CLAS is the CESG Listed Advisor Scheme - a partnership linking the unique Information Assurance knowledge of CESG with the expertise and resources of the private sector.

CESG recognises that there is an increasing demand for authoritative Information assurance advice and guidance. This demand has come as a result of an increasing awareness of the threats and vulnerabilities that information systems are likely to face in an ever-changing world.

The Scheme aims to satisfy this demand by creating a pool of high quality consultants approved by CESG to provide Information Assurance advice to government departments and other organisations who provide vital services for the United Kingdom.

CLAS consultants are approved to provide Information Assurance advice on systems processing protectively marked information up to, and including, SECRET. Potential customers of the CLAS Scheme should also note that if the information is not protectively marked then they do not need to specify membership of CLAS in their invitations to tender, and may be challenged if equally competent non-scheme members are prevented from bidding.

The profession of information security has seen an increased demand for security professionals who are experienced in network security auditing, penetration testing, and digital forensics investigation. In addition, many smaller companies have cropped up as the result of this increased demand in information security training and consulting.

See also


  1. ^ a b National Information Assurance Training and Education Center Professional Certifications Summary
  2. ^ Mallery, John. (2009) "1" Computer and Information Security Handbook Morgan Kaufmann Pubblications Elsevier Inc p. 9 ISBN 978-0-12-374354-1 
  3. ^ "Infragard, Official Site". Infragard. Retrieved 10 September 2010. 

External links

Related information

Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… …   Wikipedia

  • Information forensics — is the science of investigation into systemic processes that produce information. Systemic processes utilize primarily computing and communication technologies to capture, treat, store and transmit data. Manual processes complement technology… …   Wikipedia

  • Information technology audit — An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization s… …   Wikipedia

  • Information Systems Examination Board — Infobox Non profit Non profit name = ISEB Non profit Non profit type = location = area served = UK and worldwide focus = homepage = [] ISEB ( [ Information… …   Wikipedia

  • Confidence and security-building measures — Confidence building measures (CBMs) or confidence and security building measures are actions taken to reduce fear of attack by both (or more) parties in a situation of tension with or without physical conflict. The term is most often used in the… …   Wikipedia

  • United States security assistance to the Palestinian Authority — (PA) has been provided since the Palestinian Authority was established by the Oslo Accords in the mid 1990s. The security assistance was given on an ad hoc basis and often covert at the outset. Since 2005 the U.S. State Department has… …   Wikipedia

  • Centre for Defence and International Security Studies — The Centre for Defence and International Security Studies (or CDiSS) is a British defence and security think tank. CDiSS is a wholly independent organisation engaging in research, analysis, commentary and discussion on issues of significance… …   Wikipedia

  • Multi-National Security Transition Command - Iraq — (MNSTC I) is the branch of the Multi National Force Iraq that is responsible for developing, organizing, training, equipping, and sustaining the Iraqi Security Ministries (Ministry of Defence (MoD) and Ministry of Interior (MoI)) and their… …   Wikipedia

  • Russia — /rush euh/, n. 1. Also called Russian Empire. Russian, Rossiya. a former empire in E Europe and N and W Asia: overthrown by the Russian Revolution 1917. Cap.: St. Petersburg (1703 1917). 2. See Union of Soviet Socialist Republics. 3. See Russian… …   Universalium

  • Network Professional Association — Type Professional Organization Area served Worldwide Website Network Professional Association Established 1991, the non profit Network Professional Associatio …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”