Technology Technology

The Most Important Certifications In The Information Assurance Training Industry

As business becomes more globalized and computers become more integral to every field and market, the necessity of protecting information flows and the processes that surround them are becoming an essential part of every successful business plan. Information assurance training is almost a necessity nowadays if you want to perform IT work for a large corporation. Information assurance covers a broad spectrum of fields, from standard information security to strategic risk management to systems engineering to criminology.

As companies begin to consolidate their IT departments, taking advantage of a variety of programs and outsourcing advantages, the job of the technical guy/gal will become far more generalized, encompassing a range of skills and fields.Currently, the best way to prove your chops in the field of information assurance training involves getting certain certifications. Obviously, some are more highly sought than others, and these four are among the most important for any IA professional to acquire.

CISSP - Certified Information Systems Security Professional

Provided by the International Information Systems Security Certification Consortium ((ISC)^2), the CISSP certification is highly sought by any company seeking to hire a mid- to high-level information security professional. It covers all the topics in information assurance that fall within what (ISC)^2 terms a Common Body of Knowledge (CBK). The CBK includes:

1. Access Control

2. Application Development Security

3. Business Continuity and Disaster Recovery Planning

4. Cryptography

5. Information Security Governance and Risk Management

6. Legal, Regulations, Investigations and Compliance

7. Operations Security

8. Physical Security

9. Security Architecture and Design

10. Telecommunications and Network Security

Anyone seeking this certification should be aware that it includes education and experience requirements. If you don't have five years experience in an Information Security field, you may apply to take the test anyway. Upon passing you will receive an Associate of ((ISC)^2) for CISSP designation, which will be valid for six years while you acquire the necessary experience. Upon gaining five years of experience, you will be eligible to become a CISSP.Finally, this certification expires after three years. You are required to earn credits toward retaining your certification within these three years by doing things like attending classes, going to professional development seminars or publishing papers in the field of Information Assurance.

CEH - Certified Ethical Hacker

Given by the International Council of E-commerce Consultants (EC-Council), the Certified Ethical Hacker distinction is a very specialized IA training certification in high demand if you plan on getting into certain areas of work. Certified ethical hackers complete their information assurance training by learning how information networks look from the outside, how to get in, then how to close the gaps that allowed them to get in.

This is known as penetration testing, and is a vital part of any information assurance training program. The CEH certification is specialized when it comes to information assurance training because it focuses more on the nuts and bolts of information security than on a broader knowledge of criminology, business continuity and risk management. Anyone seeking a CEH degree must receive a passing grade on an exam.

Certification seekers may opt either to attend training at an accredited center or study on their own. Self-study candidates must have at least two years of experience in the field of information security.The CEH title will expire after three years, so be sure to attend 120 credits worth of professional development workshops and classes per year in order to maintain your accreditation.

ECSA - EC-Council Certified Security Analyst

This certification is meant to complement the above CEH certification in that it provides a more well-rounded preparation for information assurance, while perhaps going light on the actual tactics of network security. Many IA professionals endeavor to complete both certification programs in order to show that they are capable of both focused security measures and penetration testing as well as broader strategic risk management procedures. A Certified Security Analyst (CSA) is able to analyze the data from penetration testing and develop a broad plan of action on the physical, operations, legal and other management levels to patch up any information security holes.

Similar to a CEH certification, ECSA seekers are required to pass a training course and take a test. However, unlike CEH, self-study is not an option for those with work experience. Like the CEH certification, you are required to attain 120 credits worth of professional development within three months in order to keep your ECSA title.

Security+

This basic level certification is a must-have for anyone wishing to hold a significant position in the Information Assurance world. Offered by CompTIA, it is on par with A+ certification for computer repair professionals or Network+ for network administrators. The topics covered are basically the same as those covered by the CISSP certification, except in less depth and with fewer requirements. Anyone can get a Security+ certification, though it is recommended that you have at least two years of experience. The six major topics on the Security+ exam are:

a. Systems Security

b. Network Infrastructure

c. Access Control

d. Assessments & Audits

e. Cryptography

f. Organizational Security

Additionally, a Security+ certification is one of the four certifications (others which are not listed here) that will get you a job with the U.S. Department of Defense or any military contractors, so if you're interested in that line of work, this certificate is doubly important.

Leave a reply