Professional development in information security
And again an article on Infosecurity, more precisely on how to become a certified specialist in information security: How and where does he study? What to focus on to become an expert in the field of information security? How to get certificates for information security recognized worldwide? Answers to all these questions in the review of the instructor of our TC - Kuzma Pashkov
In connection with the rapid development of information technologies in general and information security (IS), as a science, in particular, an information security specialist must solve the problem of maintaining his qualifications. This statement is true for more than a dozen years, but nowadays the following conclusions from it about solving this problem are significantly different from those that were relevant 10 years ago. One of the main reasons for these differences is the completed transition from a risk-based approach to building automated systems in a protected version to a standard one. There are two approaches:
')
• Risk-based approach
• Regulatory approach
In the era of risk-based approach, the focus was on building a business model and determining the necessary and sufficient conditions for meeting the security policy requirements.
Created protection systems were piece goods, demanded mainly by government agencies and major commercial organizations. For full-fledged work in the field of information security, it was enough for a specialist to have a developed mathematical apparatus, which students of leading technical universities receive as part of higher professional education.
With all the variety of created business models and requirements of security policies, the conditions for their implementation in the overwhelming majority of cases are the same. This fact resulted in a transition to a regulatory approach to building protection systems, when the main focus of the information security specialist is to search, analyze and adapt a suitable family of open security standards. Also, the protected execution of automated systems becomes a widely demanded service for all spheres of human activity.
IB training
Thus, an IS specialist must necessarily specialize in one of the following areas:
• implementation of requirements of national laws and / or regulators (for example, access to state or commercial secrets)
• use of certified information security tools for specific vendors / manufacturers (design, commissioning, etc.)
• internationally recognized vendor-independent certification
The training of specialists in the first two areas is carried out by a multitude of educational institutions, both within the framework of higher and further professional education. But we must understand that these areas bind the specialist to employers in a particular country, or rather, allow him to conduct his activities practically only within the framework of national laws and standards.
Advantages of international certifications
The third area initially focuses on international open standards and methodologies for information security in the hope that developed / developing countries seek to harmonize their national laws and standards with international ones in connection with the fundamental advantages of the latter. A specialist with internationally recognized certifications in the field of information security is ready to adapt his experience to work in any country, and most importantly, to confirm his qualifications to any employer, which, all other things being equal, gives him an advantage over other job seekers.
Due to a variety of reasons, primarily historical and political, in our country international information standards are being adopted with considerable delay, and national legislation in this area is harmonized with international one more slowly. But the acceleration of globalization processes inevitably leads us to a natural result, therefore, an increasing number of information security specialists are looking for evidence of their experience in internationally recognized certifications.
Benefits of vendor-independent certifications
The wide distribution of vendor-dependent international certifications (Microsoft, Cisco, Hewlett-Packard, etc.) in our country is primarily associated with the requirements of manufacturers to ensure a guaranteed level of quality of service in the sale, design, commissioning and maintenance of solutions created using their technology. The experience of passing several dozens of certification exams leads the author to the idea that the preparation for these exams consists more in memorizing a lot of technology-specific facts of a particular manufacturer and less so in memorizing the specific principles of their use. Universal principles that allow you to create effective protection systems without reference to the technologies of specific manufacturers, remain in such certifications "behind the scenes", which does not suit those who claim to be an expert of information security in their specialization. It is precisely these principles that make it possible to reveal the preparation for vendor-independent certifications, and their successful acquisition and maintenance - to confirm the current experience as an information security expert.
Features of the curriculum
We offer a unified training program for employees of automation / information security departments, unique in that it:
• developed in accordance with the newest family of open standards of training and ISO / IEC Standart 17024 ;
• examines the practical aspects of the application of the dominant international information security standards ( ISO \ IEC 27000-series ) and information system survey methodologies ( COBIT );
• prepares to receive recognized worldwide vendor-independent certifications from leading operators (CompTIA, ISACA, ISC2)
• uses modern adult education techniques from State University of New York
• supports the concept of continuous learning ( Continuous Professional Education )
The composition of the program
For all IT professionals, we offer an intensive course that meets the requirements of the American National Standards Institute for a minimum set of knowledge and skills in the basics of information security. The course is preparing for the exam for international certification status of Security + from the leading provider of vendor-independent IT certifications Computing Technology Industry Association (CompTIA) . CompTIA certifications are counted in undergraduate / graduate and professional retraining programs in most higher education institutions in developed countries.
Information systems auditors and we are preparing for certification status Certified Information Systems Auditor (CISA) from the largest international professional association of auditors Information Systems Audit and Control Association (ISACA) .
We are preparing middle and top managers and experts to obtain certifications that are the Gold Standard in the field of information security Certified Information Systems Security Professional (CISSP) from the ISC2 consortium and Certified Information Systems Manager (CISM) from the largest international professional association of auditors Information Systems Audit and Control Association (ISACA) .
| The target audience | Training courses with certification | Level of difficulty |
| Managers / Experts / IB Managers | cissp from isc2 (5 days workshop) | expert |
| Auditors | cisa from isaca (5 days workshop) | advanced |
| All IT specialists | security + from comptia (training 5 days) | elementary |
A growing number of universities in developed countries include CISSP, CISM and CISA certifications from ISC2 and ISACA operators, for example, Capella University or Vanguard Institute of Technology, in their graduate programs.
All courses of the program are updated in accordance with the concepts of continuous learning of the listed ISC2 , ISACA and CompTIA operators. This means that passing these courses is also relevant for current holders of these certifications as a measure to obtain status maintenance points.
Future of the program
These requirements are met not only by the certification program, but also by many others. In the event that a steady demand is revealed for the training services on this topic, the authors of the program plan to include training courses for ethical hacking certifications from the EC-Council , computer incidents investigation from GIAC, and business continuity from the British Standarts Institute .
The author: Kuzma Pashkov
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Source: https://habr.com/ru/post/249609/
All Articles