CEH–Certified Ethical Hacker

What is an Ethical Hacker?
To beat a hacker, you need to think like one!
Ethical Hacking is often referred to as the process of penetrating one’s own computer/s or computers to which one has official permission to do so as to determine if vulnerabilities exist and to undertake preventive, corrective, and protective countermeasures before an actual compromise to the system takes place.

Become a Certified Ethical Hacker

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.

The purpose of the CEH credential is to:

• Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
• Inform the public that credentialed individuals meet or exceed the minimum standards.
• Reinforce ethical hacking as a unique and self-regulating profession.

Certification Target Audience

The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Exam Information

The CEH exam (312-50) is available at the ECC Exam Centre and Pearson Vue testing centers.
For VUE, please visit http://www.vue.com/eccouncil. EC-Council reserves the right to revoke the certification status of candidates that do not comply to all EC-Council examination policies found here.

asit2014 October 14, 2014
Comments are off

CISSP

CISSP® is the term used for the (Certified Information System Security Professional). An information systems security certification reflecting the qualification of information systems security practitioners. The CISSP® examination is a six (6) hours exam that consists of 250 multiple choice questions, covering topics such as Access Control Systems, Cryptography, and Security Management Practices, and is administered by the International Information Systems Security Certification Consortium or (ISC)².

(ISC)² is a not for profit organization that creates the CISSP® exam and manages the certification. As of december 2014, (ISC)² reports over 100,135 members hold the CISSP® certification world wide, in 143 countries. The CISSP® certification has become a standard in information security certifications. (ISC)² promotes the CISSP® exam as an aid to evaluating personnel performing information security functions. While there are other information systems security certifications available, the CISSP® certification is well respected within the information technology field.

In June 2004, the CISSP has obtained accreditation by ANSI ISO/IEC Standard 17024:2003 accreditation. It is also formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement. The CISSP has been adopted as a baseline for the U.S. National Security Agency’s ISSEP program.

The CISSP Certification History:

In the mid-1980s a need arose for a standardized, vendor-neutral, certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this. The International Information Systems Security Certification Consortium or “(ISC)²” formed in mid-1989 as a non-profit organization with this goal.

By 1990, first working committee to establish Common Body of Knowledge (CBK) has been formed. Work of the working committee has resulted in first version of CBK being finalized by 1992, with CISSP credential launched by 1994.

The CISSP Certification Value:

CertMag surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led the list of Information security certifications ranked by salary. A Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best paid credentials in IT.

In 2008, another study has came to conclusion that IT professionals with CISSP tend to have salaries which are $30,000 higher than IT professionals without such certificate.

It is certified by ANSI that CISSP meets requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.

The Certification and Examination subject matter:

The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², “the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding.

Currently, the CISSP certification covers the following ten domains:

Access control
Telecommunications and network security
Information security governance and risk management
Software development security
Cryptography
Security architecture and design
Operations security
Business continuity and disaster recovery planning
Legal, regulations, investigations and compliance
Physical (environmental) security
Certification Requirement:

Candidates for the CISSP must meet several requirements:

Possess a minimum of five years of direct full-time security work experience in two or more of the ten (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a Master’s degree in Information Security, or for possessing one of a number of other certifications from other organizations. A candidate not possessing the necessary five years of experience may earn the Associate of (ISC)² designation by passing the required CISSP examination. The Associate of (ISC)² for CISSP designation is valid for a maximum of six years from the date (ISC)² notifies the candidate of having passed the exam. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.
Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.
Answer four questions regarding criminal history and related background.
Pass the CISSP exam with a scaled score of 700 points or greater out of 1000 possible points. The exam is multiple choice, consisting of 250 questions with four options each, to be answered over a period of six hours. 25 of the questions are experimental questions which are not graded.
Have their qualifications endorsed by another CISSP in good standing. The endorser attests that the candidate’s assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.
Ongoing Certification Requirements:

The CISSP credential is valid for only three years, after which it must be renewed. The credential can be renewed by re-taking the exam; however, the more common method is to report at least 120 Continuing Professional Education (CPE) credits since the previous renewal. Currently, to maintain the CISSP certification, a member is required to earn and submit a total of 120 CPEs by the end of their three-year certification cycle and pay the Annual Membership Fee of US$85 during each year of the  three-year certification cycle before the annual anniversary date. With the new changes effective 30 April 2008, CISSPs are required to earn and post a minimum of 20 CPEs (of the 120 CPE certification cycle total requirement) and pay the AMF of US$85 during each year of the three-year certification cycle before the member’s certification or recertification annual anniversary date. For CISSPs who hold one or more concentrations, CPEs submitted for the CISSP concentration(s) will be counted toward the annual minimum CPEs required for the CISSP.

CPEs can be earned through several paths, including taking classes, attending (web)conferences and seminars, teaching others, undertaking volunteer work, professional writing, etc.., all in areas covered by the CBK. Most activities earn 1 CPE for each hour of time spent, however preparing (but not delivering) training for others is weighted at 4 CPEs/hour, published articles are worth 10 CPEs, and published books 40 CPEs.

 

asit2014 October 14, 2014
Comments are off