THN Inviting ‘Link Exchange’ from Hacking, Technology, News, Programming and Various IT related websites, Please frwd request to thehackernews@gmail.com
Source: thehackernews.com
Top 5 #IT #Security #Certifications for #2011
Print
Email 
Save
Digg
Delicious
RedditPlease login or register to save this article.
Not having an IT security certification doesn’t disqualify you from getting that next job or promotion, but it could be a factor.
“A certification today is like a college degree,” says Grad Summers, Americas leader for information security program management services at Ernst & Young. “You may not hire a candidate just because they have one, but it is something that you come to expect in this field.”
As you mull whether to get that certification, we’ve compiled the top five security certifications for 2011. Here’s our list, based on review of job boards and interviews with IT security recruiters and employers:
- Vendor Certifications
- CISSP: Certified Information Systems Security Professional
- CEH: Certified Ethical Hacker
- CISM: Certified Information Security Manager
- GIAC: Global Information Assurance Certification
Vendor Certifications
A growing need for hands-on network engineers, along with social computing and Web 2.0 technology, has propelled network security even further. Vendor certifications including Cisco’s Certified Network Associate Certification (CCNA), Microsoft’s Certified Systems Engineer (MCSE) with focus on security and Check Point’s Certified Security Expert (CCSE) top the list as organizations within banking, government and healthcare that look to fill open positions including network, system administrators and architects. “We look for completion of these certificates in potential network security candidates,” Summers says, “as having those on their resume says a lot about someone’s depth of knowledge.”
CISSP
The popularity of the Certified Information Systems Security Professional is high within the IT security community, as it provides the basis of security knowledge. “We feel safe hiring candidates carrying this validation,” says Ellis Belvins, division director at Robert Half International, a professional staffing consultancy. The certification demonstrates the security professionals’ high proficiency, commitment and deeper understanding of security concepts, principles and methodologies.
CISSP is viewed as the baseline standard for information security professions in government and industry. Companies are beginning to require CISSP certification for their technical, mid-management and senior management IT security positions. This certification is offered through (ISC)2, the not-for-profit consortium that offers IT security certifications and training.
CEH
Certified Ethical Hacker is gaining popularity as organizations focus on securing their IT infrastructure and networks from internal and external attacks. CEH is offered by EC-Council, and its goal is to certify security practitioners in the methodology of ethical hacking. This vendor-neutral certification covers the standards and language involved in exploiting system vulnerabilities, weaknesses and countermeasures. CEH basically shows candidates how the attacks are committed. It also attempts to define the legal role of ethical hacking in enterprise organizations.
Some employers aggressively look to hire candidates with CEH validation for hands-on security operations and intelligence activities. “In 2011, we see the need for very specific skill sets, which can be obtained through training and certifications such as the CEH,” says Vernon Ross, director of learning and organizational capability at Lockheed Martin Information Systems and Global Solutions.
CISM
Certified Information Security Manager is significantly in demand as the profession focuses on the business side of security. CISM, offered by ISACA, addresses the connection between business needs and IT security by focusing on risk management and security organizational issues. “ISACA’s CISM are a few that are on our radar for 2011,” Summers says.
CISM is ideal for IT security professionals looking to grow and build their career into mid-level and senior management positions. In fact, the CISM earned a place on the list of highest paying IT security certification by the 2010 IT Skills and Certifications Pay Index from independent research firm Foote Partners.
GIAC
The demand is rising for Global Information Assurance Certification in specific disciplines such as digital forensics, intrusion detection, incident handling, security operations and application software security.
Employers and recruiters increasingly find the GIAC credential as a requirement for hands-on technical positions. “GIAC’s focus on open source tools and its aggressive in-depth training is very useful,” says Daryl Pfeil, CEO of Digital Forensics Solutions, a computer security and digital forensics firm. She finds GIAC certified candidates highly skilled and proficient to handle the dynamic demands of the real-world job environment.
Other Top Certifications
Other IT security certifications gaining importance include Certified Business Continuity Professional (CBCP), Cloud Security Alliance’s new Certificate of Cloud Security Knowledge (CCSK) and CyberSecurity Forensic Analyst (CSFA).“There is no replacement for real-world experience, Summers says. “However, certifications are important and have become de facto minimum criteria when screening resumes.”
Involving Non-Tech Agency Brass in Infosec #nist #nwo #security #systemsofcontrol #disinfo
NIST Guidance Developed with DoD, Intel Community
Print Email Save Digg Delicious RedditPlease login or register to save this article.
The National Institute of Standards and Technologies issued Tuesday the final public draft of new guidance that introduces a three-tiered risk-management approach to let organizations initially focus on establishing an enterprise-wide risk management strategy as part of a mature governance structure involving senior departmental and agency leaders.
NIST Special Publication 800-39: Integrated Enterprise-Wide Risk Management: Organization, Mission and Information Systems View is the fourth of a series of risk management and information security guidelines developed by NIST in collaboration with the Defense Department and intelligence community.
A risk management framework is a tool to get non-IT and non-IT security departmental and agency leaders involved in IT risk management, something many have avoided because it’s often seen as being too technical. Yet, senior leaders address risk constantly in other aspects of their jobs, and guidance on IT security risk management encourages their participation in key decision making to secure their organizations’ digital assets.
“Managing risk with regards to information systems and security sometimes doesn’t go to the highest levels; that’s why the risk framework is a way to get senior leaders involved early in the process,” Ron Ross, a NIST senior computer scientists and risk management framework principal architect, says in an interview Monday on the risk management framework with GovInfoSecurity.com.
Most IT security initiatives require organizations to wisely invest dollars, so it’s imperative the business leaders be part of the risk management process. “It really does take the involvement of everyone up the chain in command, especially with today’s advanced persistent threats that have the through some well placed malware to really bring down an entire organization’s operations,” Ross says. “The realization of this by senior leaders now has energized them and has gotten them involved in the process of managing risk.”
Risk-Aware Missions, Business Processes
According to NIST, a risk management strategy addresses some of the fundamental issues that organizations face in how risk is assessed, responded to, and monitored over time in the context of critical missions and business functions. The strategic focus of the risk management strategy allows organizations to influence the design of key mission and business processes, making these processes risk aware. Risk-aware mission and business processes drive enterprise architecture decisions and prompt the development and implementation of effective information security architectures that provide roadmaps for allocating safeguards and countermeasures to information systems and the environments in which those systems operate.
SP 800-39 is the fourth in the series of risk management and information security guidelines being developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, the Intelligence Community, NIST and the Committee on National Security Systems. The partnership, under the leadership of the secretaries of Defense and Commerce - NIST is part of the Commerce Department - and director of national intelligence, continues to collaborate on the development of a unified information security framework for the federal government to address the challenges of protecting federal information and information systems as well as the nation’s critical IT infrastructure.
The latest publication details the multi-tiered risk management approach (moving from organization to missions to systems) to ensure that strategic considerations (including top-level organizational goals and objectives), drive investment and operational decisions with regard to managing risk to organizational operations and assets, individuals, other organizations, and the Nation. This type of risk-based decision making is especially important with respect to how organizations address advanced persistent threats which have the potential through sophisticated cyber attacks, to degrade or debilitate federal information systems supporting the critical applications and operations of the federal government, NIST says.
Comments Sought
Individuals who want to comment on SP 800-39 should do so by sending an e-mail to sec-cert@nist.gov by Jan. 25.
Most IT security initiatives require organizations to wisely invest dollars, so it’s imperative the business leaders be part of the risk management process. “It really does take the involvement of everyone up the chain in command, especially with today’s advanced persistent threats that have the through some well placed malware to really bring down an entire organization’s operations,” Ross says. “The realization of this by senior leaders now has energized them and has gotten them involved in the process of managing risk.”
Risk-Aware Missions, Business Processes
According to NIST, a risk management strategy addresses some of the fundamental issues that organizations face in how risk is assessed, responded to, and monitored over time in the context of critical missions and business functions. The strategic focus of the risk management strategy allows organizations to influence the design of key mission and business processes, making these processes risk aware. Risk-aware mission and business processes drive enterprise architecture decisions and prompt the development and implementation of effective information security architectures that provide roadmaps for allocating safeguards and countermeasures to information systems and the environments in which those systems operate.
SP 800-39 is the fourth in the series of risk management and information security guidelines being developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, the Intelligence Community, NIST and the Committee on National Security Systems. The partnership, under the leadership of the secretaries of Defense and Commerce - NIST is part of the Commerce Department - and director of national intelligence, continues to collaborate on the development of a unified information security framework for the federal government to address the challenges of protecting federal information and information systems as well as the nation’s critical IT infrastructure.
The latest publication details the multi-tiered risk management approach (moving from organization to missions to systems) to ensure that strategic considerations (including top-level organizational goals and objectives), drive investment and operational decisions with regard to managing risk to organizational operations and assets, individuals, other organizations, and the Nation. This type of risk-based decision making is especially important with respect to how organizations address advanced persistent threats which have the potential through sophisticated cyber attacks, to degrade or debilitate federal information systems supporting the critical applications and operations of the federal government, NIST says.
Comments Sought
Individuals who want to comment on SP 800-39 should do so by sending an e-mail to sec-cert@nist.gov by Jan. 25.
According to NIST, the risk management approach described in this publication is supported by a series of security standards and guidelines necessary for managing information security risk. In particular, NIST says, the special publications developed by the Joint Task Force Transformation Initiative supporting the unified information security framework for the federal government include:
- SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach;
- SP 800-53, Recommended Security Controls for Federal Information Systems and Organizations;
- SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations; and
- SP 800-30, Guide for Conducting Risk Assessments. SP 800-39 supersedes the original SP 800-30 as the source for guidance on risk management. SP 800-30 is being revised to provide guidance on risk assessment as a supporting document to SP 800-39 and is projected for final publication in 2011.
