One of the most dangerous threats in the modern world is cyber warfare – attacks by hackers on networks across the world. These attacks are often designed to break into commercial companies’ networks to steal confidential information. This information can be worth a lot of money to the right people. So, a large number of businesses have established teams of security staff to protect their networks. How could you get work in such a team? The answer is to gain certification in information security methodologies. These are a few of the entry-level certifications.
Security+ – CompTIA
CompTIA is an IT trade association that advances global IT professionals and the IT industry through vendor-neutral education and IT certification. On the lower end of security certifications, CompTIA offers the Security+ exam. It consists of one 90-minute exam with 100 questions. There is no experience requirement, although CompTIA recommends two or more years of security experience.
CASP – CompTIA Advanced Security Practitioner
The CASP is follow-on to Security+, and is intended to recognize IT professionals with three or more years of direct, day-to-day information security experience, with skills and knowledge to match. CASP requires continuing education for maintenance, or a re-take of the exam every three years.
EXIN – Information Security Foundation Certificate
EXIN aims to be the world’s leading provider of independent information management certification and accreditation. The international standard ISO/IEC 27001 provides the specification for an information security management system (ISMS) and ISO/IEC 27002 draws on the experience of practitioners from over 40 countries to establish best practice for information security.
The EXIN ISFC demonstrates that the holder has understanding of these areas: key roles and responsibilities of all staff responsible for information security; information and data relationships (security, governance, assurance); defining threats and vulnerabilities and understanding risk management; risk analysis with an understanding of impacts, likelihood and probability; required policies and information security plan; external relationships with 3rd party organisations and individuals; information architecture and data flows; protective marking and the relationship to impact (risk).
SSCP – Systems Security Certified Practitioner
This certification is managed by (ISC), the International Information Systems Security Certification Consortium. It is open to people with only one year’s experience, making it a good starting point if you are planning a new career in information security or if you want to add a level of enhanced security to your current IT career. The SSCP credential ensures that candidates can monitor systems continuously to safeguard against security threats, whilst having knowledge to apply security procedures, tools and concepts to react to security incidents
The SSCP credential shows competency in the following areas: access controls, cryptography, malicious code and activity, monitoring and analysis, networks and communications, risk, response and recovery, security operations and administration.
GISP – GIAC Information Security Professiona
GIAC (Global Information Assurance Certification) was founded in 1999 to validate the skills of information security professionals. The GISP certification is for anyone new to information security with some background in information systems and networking. No specific training is required for any GIAC certification. Of course, you will need to undertake SOME training before trying to pass the exam.
This certificate demonstrates competency in these areas: access controls; business continuity and disaster recovery planning; cryptography; information security governance and risk management; law, regulations, compliance and investigations, physical and environmental security, security architecture and design, security operations, software development security, telecommunications and network security.
Once you have qualified for one or more of these certifications, you are on the way to becoming an information security professional. There are many more advanced subjects to study and advanced certifications to aim for.