Professional development in information security
And again, an article on Infosafety, more precisely on how to become a certified specialist in information security: How and where does it study? What to focus on to become an information security specialist? How to get IB certificates recognized all over the world? The answers to all these questions in the review of the instructor of our training center - Kuzma Pashkov
In connection with the rapid development of information technologies in general and information security (IS), as a science, in particular, an information security specialist needs to solve the problem of maintaining his qualifications. This statement has been true for more than a dozen years, but in our time the following conclusions from it on the solution to this problem differ significantly from those that were relevant 10 years ago. One of the main reasons for these differences is the completed transition from a risk-based approach to the construction of automated systems in a secure execution to a normative one. There are two options for approaches:
• Risk-based approach
• Regulatory approach
In the era of the risk-based approach, the main focus was on building a business model and determining the necessary and sufficient conditions for fulfilling the requirements of a security policy.
The created security systems were piece goods, demanded mainly by government agencies and major commercial organizations. For a full-fledged work in the field of information security, it was enough for a specialist to have a developed mathematical apparatus, which is received in the framework of higher professional education by students of leading technical universities.
With all the variety of business models being created and the requirements of security policies, the conditions for their implementation are overwhelmingly the same. This fact, as a result, allowed us to switch to the normative approach to building security systems, when the information security specialist focuses on the search, analysis, and adaptation of a suitable family of open security standards. Also, the secure execution of automated systems is becoming a widely demanded service for all spheres of human activity.
Therefore, an IS specialist must necessarily specialize in one of the following areas:
• implementation of the requirements of national laws and / or regulators (for example, admission to state or commercial secrets)
• use of certified information protection tools of specific vendors / manufacturers (design, commissioning, etc.)
• internationally recognized vendor-independent certification.
Training of specialists in the first two areas is carried out by many educational institutions, both within the framework of higher and additional professional education. But one must understand that these areas bind a specialist to employers in a particular country, or rather, allow him to conduct his activities almost exclusively within the framework of national legislation and standards.
Benefits of International Certifications
The third area is initially oriented towards international open standards and IS support methodologies, based on the assumption that developed / developing countries seek to harmonize their national laws and standards with international ones in connection with the fundamental advantages of the latter. A specialist with internationally recognized certifications in the field of information security is ready to adapt his experience to work in any country, and most importantly, to confirm his qualifications to any employer, which, all other things being equal, gives him an advantage over other job seekers.
Due to a number of reasons, primarily historical and political, in our country, international security standards are being adopted with a considerable delay, and national legislation in this area is harmonizing with international even slower. But the acceleration of globalization processes inevitably leads us to a logical result, therefore, an increasing number of information security experts are looking for confirmation of their experience in internationally recognized certifications.
Benefits of Vendor Independent Certifications
The wide distribution of vendor-dependent international certifications (Microsoft, Cisco, Hewlett-Packard, etc.) in our country is primarily associated with the requirements of manufacturers to ensure a guaranteed level of quality of service in the sale, design, commissioning and maintenance of solutions created using their technology. The experience of passing several dozens of certification exams makes the author of the article think that preparing for these exams is more about remembering a lot of facts specific to the technology of a particular manufacturer, and less about remembering again specific principles of their use. Universal principles that allow creating effective protection systems without being tied to the technologies of specific manufacturers remain in such certifications “behind the scenes”, which does not suit those who claims to be the IB expert in their specialization. It is precisely these principles that make it possible to identify preparations for vendor-independent certifications, and their successful receipt and maintenance can confirm current experience as an IS expert.
Features of the curriculum
We offer a unified training program for employees of automation / information security departments, unique in that it:
• is developed in accordance with the latest family of open standards for training and certification ISO / IEC Standart 17024 ;
• considers practical aspects of applying the dominant international information security standards ( ISO \ IEC 27000-series ) and information system survey methodologies ( COBIT );
• prepares to receive globally recognized vendor-independent certifications from leading operators (CompTIA, ISACA, ISC2)
• uses modern methods of adult education from State University of New York
• supports the concept of continuous education ( Continuous Professional Education )
Composition of the program
For all IT professionals, we offer an intensive course that meets the requirements of the American National Standards Institute for a minimum set of knowledge and skills on the basics of information security. The course prepares for passing the exam for obtaining Security + international certification status from the leading provider of vendor-independent IT certifications Computing Technology Industry Association (CompTIA) . CompTIA certifications are counted in undergraduate / graduate programs and professional retraining programs in most universities in developed countries.
We are preparing information system auditors for certification status as Certified Information Systems Auditor (CISA) from the largest international professional association of auditors, Information Systems Audit and Control Association (ISACA) . We are preparing
middle and senior managers, as well as experts, to receive certifications, which are the Gold Standard in the field of IS Certified Information Systems Security Professional (CISSP) from the ISC2 consortium and Certified Information Systems Manager (CISM) from the largest international professional association of auditors, Information Systems Audit and Control Association (ISACA) .
|The target audience|
Certification Training Courses
|Level of difficulty|
|Managers / experts / IB managers||cissp from isc2 (5 days workshop)||expert|
|Auditors||cisa from isaca (5 days workshop)||advanced|
|All IT Specialists||security + by comptia (5 days training)||elementary|
An increasing number of universities in developed countries include professional certifications CISSP, CISM and CISA from ISC2 and ISACA operators, for example, Capella University or Vanguard Institute of Technology, in their master's programs .
All courses of the program are updated in accordance with the concepts of continuous training of the listed ISC2 , ISACA and CompTIA operators . This means that passing these courses is also relevant for current holders of these certifications as a measure to obtain status maintenance points.
These requirements are satisfied not only included in the certification program, but also many others. If there is a steady demand for training services on this topic, the authors of the program plan to include training courses for certification on ethical hacking from the EC-Council , on investigating computer incidents from GIAC and on ensuring business continuity from the British Standarts Institute .
Author: Kuzma Pashkov
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service