Assignment 1

IS AUDIT

2/1/2015

Certifications on Security

SUBMITTED TO:

SIR WAQAS

MADE BY:

SHAHZEB PIRZADA (5701)

Why Certification MattersIn a world fraught with security threats, the need for skilled and knowledgeable information security professionals has never been greater. Your experience in the field is an important component of your value to an employer, but experience isn’t enough. Employers need something quantifiable and verifiable to show them you have the expertise they need. 

The Value of (ISC) ²® Certification(ISC)² is acknowledged as the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. Our reputation has earned our information security certifications and information security training programs recognition as the Gold Standard of the industry.

When you become certified through (ISC)², you gain:

Tested and verifiable proof of proficiency in your field. Higher salary and promotion potential. Entry into one of the largest communities of recognized information security professionals in the world. Access to unparalleled global resources, peer networking, mentoring, and a wealth of ongoing information security

opportunities.

Certificate About Vendor Cost Exams

CISSP - Certified

Information Systems

Security

Professional

CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. This was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.

(ISC)² $85 Per year.3 year

Access ControlTelecommunications and Network Security Information Security Governance and Risk ManagementSoftware Development SecurityCryptographySecurity Architecture and DesignOperations SecurityBusiness Continuity and Disaster Recovery PlanningLegal, Regulations, Investigations, and CompliancePhysical (Environmental) Security

SSCP - Systems Security Certified Practitioner

The SSCP certification is the ideal credential for those with proven

(ISC)² $250 Access ControlsCryptographyMalicious Code and Activity

technical skills and practical security knowledge in hands-on operational IT roles. It provides industry-leading confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability. 

Monitoring and AnalysisNetworks and CommunicationsRisk, Response and RecoverySecurity Operations and Administration

CAP - Certified Authorization Professional

The Certified Authorization Professional (CAP) certification is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.

(ISC)² $469 Risk Management Framework (RMF)Categorization of Information SystemsSelection of Security ControlsSecurity Control ImplementationSecurity Control AssessmentInformation System AuthorizationMonitoring of Security Controls

CCFP- Certified Cyber Forensics

The evolving field of cyber forensics requires

(ISC)² $549 Legal and Ethical PrinciplesInvestigations

Professional professionals who understand far more than just hard drive or intrusion analysis. The field requires CCFP professionals who demonstrate competence across a globally recognized common body of knowledge that includes established forensics disciplines as well as newer challenges, such as mobile forensics, cloud forensics, anti-forensics, and more.

Forensic ScienceDigital ForensicsApplication ForensicsHybrid and Emerging Technologies

CSSLP - Certified Secure Software Lifecycle Professional

With the CSSLP® certification from (ISC)², your application security competency within the software development lifecycle (SDLC) will be validated. You'll not only be seen as an industry leader in application security, but as a leader within your organization as well. A status you'll rightly deserve because you'll have proven your proficiency in:

Developing an application security program in your organizationReducing production costs, application vulnerabilities and delivery delaysEnhancing the credibility of your

$549 Secure Software Concepts Secure Software DesignSecure Software RequirementsSecure Software Implementation/Coding – Secure Software Testing –Software Acceptance –Software Deployment, Operations, Maintenance and Disposal –Supply Chain and Software Acquisition

organization and its development teamReducing loss of revenue and reputation due to a breach resulting from insecure software

EC–Council Certified Security Analyst (ECSA)

This program is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council’s published penetration testing methodology.

Neutral $100 Need for Security Analysis

TCP IP Packet Analysis

Penetration Testing Methodologies

Customers and Legal Agreements

Rules of Engagement

Penetration Testing Planning and Scheduling

Pre-penetration Testing Steps

Information Gathering

Vulnerability Analysis

External Penetration Testing

Internal Network Penetration Testing

Firewall Penetration Testing

IDS Penetration Testing  

Password Cracking Penetration Testing

Social Engineering Penetration Testing

Web Application Penetration Testing

SQL Penetration Testing

Penetration Testing Reports and Post Testing Actions